Opinion, advice, and analysis by the TNW community

Digital fingerprints are the new cookies — and advertisers want yours

Digital fingerprinting: Advertisers’ best kept secret

digital-fingerprint
Peter Dolanjski
Story by
Peter Dolanjski

Director, Security and Privacy Products, MozillaPeter leads the Firefox "core" Desktop product management team Peter leads the Firefox "core" Desktop product management team

pdolanjski

Ever wondered why the same ads seem to follow you everywhere you go online and why they look awfully related to that article you just read or that item you just bought? 

Some companies and organizations use a series of tools to track you online in order to place advertisements and measure their effectiveness. Some of these tools, like third-party tracking cookies, have been around for over a decade. They include cross-site tracking cookies, tracking pixels, social trackers, content trackers, among others. There is another, less known but more invasive form of cross-site tracking: browser fingerprinting, and it’s gaining traction among advertisers.  

What is digital fingerprinting and how widespread is it?

While cookie tracking works by placing a unique identifier on a person’s web browser, fingerprinting takes place when a company creates a profile of your device’s unique characteristics. This might include the hardware, software and add-ons you use. It may also include how you’ve configured that hardware and software, such as what fonts are installed or what your screen settings are.

It’s a bit like a barcode, and while the barcode cannot match each individual’s browser history to their name, the data they collect is used to create distinct profiles that can enable advertisers to target people on a granular level. 

Historically, fingerprinting has been used by banking websites to help fight fraud: if someone tries to access your bank account from a computer that you have never connected from before, the bank will know that something off-pattern is happening and that there may be a risk of illegitimate access to your account. 

Fingerprinting continues to gain traction among advertisers. Researchers first started closely examining fingerprinting in the early 2010s, but it was likely in use before then. In 2014, fingerprinting was found on 5% of the top 100,000 websites. In measurements we ran here at Mozilla in 2019, we observed it on 12% of the top 1,000 websites.

Not all website owners know that their sites have fingerprinters on them. In many cases, fingerprinters come as part of a package provided by ad tech vendors who don’t disclose that their solution includes fingerprinters.

If this all sounds a bit unsettling to you, the good news is you can take back control of who’s using a digital fingerprint to track you for advertising purposes.

Can I get control over this? Yes, you can

If you’ve read so far, you may feel that it’s time to go off-the-grid and opt out of technology altogether, or just give up and let them take all the data they want. These are not the only options available. Here are a few simple steps and things to know.

A lot of the tracking, whether through cookies or fingerprinters, happens while you browse the web, so it’s important to look at the browser you use. Pick one that has tracking protection activated by default and one with anti-fingerprinting protection included, so that you don’t need to dive into buried privacy settings. In Firefox, for instance, we made Enhanced Tracking Protection a default since June 2019, now available on Android and iOS too, and we have since blocked over a trillion trackers. Since January 2020, we’ve also made fingerprinting protection a default.

Some misconceptions about fingerprinting protection

While “incognito mode” prevents your browser history from being recorded on your computer and prevents your spouse to spy on you, it does not prevent websites that you visit from collecting data about you and it does nothing to block fingerprinting. Similarly, clearing your browsing history on a regular basis, while a healthy thing to do, does not address fingerprinting either.

While ad blockers block ads from loading, not all ad blockers also block trackers, even less fingerprinters. Trackers can come attached to ads, but quite often they are not part of the ad delivery process itself. Social trackers, tracking pixels and fingerprinters for instance don’t need to piggyback on an ad to track your data.

Published April 2, 2020 — 09:00 UTC