Privacy advocates have expressed concern about device fingerprinting, an emerging technology that allows advertisers to uniquely and persistently identify connected devices such as computers, smartphones, and tablets.
When sending or receiving data, connected devices transmit pieces of information about their properties and settings, which can be collected and pieced together to form a unique, persistent “fingerprint” for that specific device.
Once a device has been assigned a fingerprint, advertisers can use that ID to track its behavior as it moves across the web, providing similar functionality to a cookie. The strength of a fingerprint, however, is that it tracks the device itself rather than the cookie placed on it, meaning it cannot be deleted or lost, and can – in theory – remain consistent for the life of a device.
This characteristic has led some to deem the technology a more significant threat to user privacy than cookie-based tracking, since a user cannot choose to delete their fingerprint as they can with cookies.
“You don’t have any control over them, or at least not the same kind of control you do over cookies… That makes fingerprinting a serious privacy threat,” said Peter Eckersley, senior staff technologist for the Electronic Frontier Foundation.
Eckersley said the persistence of fingerprints could lead to more detailed behavioral profiles being tied to a device over time. “If it becomes standard practice for sites to use fingerprints, a universal record of everything you look at could be created. It’s really important to prevent that from happening.”
But the providers of fingerprint technology – most prominently BlueCava and Ringleader Digital – claim it improves on cookies in one crucial area: keeping users opted out. Cookie-based opt-outs are fundamentally flawed because when a user deletes her cookies or switches to another browser, she is effectively opted back in to ad tracking.
BlueCava CEO David Norris said his company allows users to opt out of fingerprint tracking and targeting for the life of a device with a single action. Once a user decides to opt a device out, BlueCava says it will simply ignore its unique fingerprint every time the company comes into contact with it.
Meanwhile Ringleader Digital CEO Bob Walczak said his company has gone a step further – assigning a dedicated opt-out fingerprint to devices through which that preference has been expressed. In theory therefore, the company cannot extract information from that device other than the fact that it has opted out.
As FTC and congressional scrutiny of online tracking continues, device fingerprinting looks set to become a more prominent issue.
Late last year the FTC issued a report calling for a “do-not-track” mechanism for digital devices. Although the majority of discussion around the issue has centered on tracking through desktop browsers, the FTC stressed its concerns apply equally to mobile.
“The FTC invited comment on how [do-not-track] could be implemented in the mobile context and we expect to address these issues in the final report,” a spokesperson told ClickZ.
BlueCava’s Norris said his firm’s technology is do-not-track ready. All that’s required is for browser manufacturers to implement solutions through which users can demonstrate their preference.
“As soon as browsers support do-not-track we will honor that choice,” he said. “Cookies are old, our ability to offer opt-out is superior.”
The EFF’s Eckersley believes do-not-track is a less-than-ideal way to accommodate user choice but acknowledged its expediency from a policy standpoint.
“We’re going to need a combination of technology and policy for it to succeed. From the policy side, do-not-track is the best option,” he said.
He argued regulatory intervention is necessary to halt an “arms race” between users and ad trackers. “The trackers are always going to win. They have many more engineers working on these technologies,” he said.
New Top-Level Domains (TLDs) have become more popular in the last couple of years, so here’s everything you need to know about them.
Amazon Prime was launched in 2005 as an express shipping membership program and more than a decade later it has tens of millions of subscribers who enjoy a lot more than just free, fast shipping on millions of products Amazon sells.
Sure, some apps are doing personalized push notifications, but what happens when your users are in the app?
Since cloud computing first gained mainstream attention around 2009, its popularity has exploded. Promising increased efficiency, flexibility and cost-effectiveness, it was hailed as the ultimate business solution. But are users seeing the benefits?