A majority of the most popular websites may be using browser fingerprinting to track users without their knowledge, raising concerns for their privacy and security, according to a new study by researchers at two British universities.
Browser fingerprinting is a relatively new tracking method which identifies a user based on a combination of factors such as their screen resolution, operating system, the fonts they have installed, Wi-Fi settings and other information that can be combined into a unique identifier.
Web users have been tracked for years by cookies, small pieces of software placed on their computers by websites, but this can be consented to and controlled by the user. Because browser fingerprinting does not involve any software being installed, the study reports that “users have virtually no control” over it, and it will continue to track users who have explicitly stated, through the use of a “Do Not Track” option or “Private Browser” mode, that they do not want to be identified.
The researchers at Royal Holloway and Manchester Metropolitan universities wrote software to crawl the homepages of the 10,000 most popular websites on the internet, recording whether these websites collected information from users in a manner that suggested fingerprinting. More than 68 per cent of the websites did so.
Sign up to Emerging Threats, our weekly cyber security newsletter
In some cases, the researchers found that some trackers shared the user fingerprints they created, “allowing them to compile extensive profiles of users”. This might mean that some websites have detailed knowledge of users who were visiting them for the first time, the study warned.
Other studies have reported that 80-90 per cent of web users have an identifiable fingerprint. The four browsers used by 90 per cent of internet users do not protect against browser fingerprinting. Extensions such as Ghostery and Privacy Badger do offer fingerprinting protection, as does FingerprintAlert, a new extension developed by the researchers as part of the study.