Man
Professional
- Messages
- 3,222
- Reaction score
- 810
- Points
- 113
Fingerprint is the digital fingerprint of a device, fingerprinting is the process of collecting this unique information. The technology can identify private browsing mode (incognito), changing browsers on one PC, and even prohibiting the collection of cookies.
This technology is questionable, as it ethically violates the user's privacy and collects data about his preferences so that advertising platforms can show him the information that is beneficial to advertisers.
► List of possible sources for which a unique fingerprint can be assigned to the user:
All this information goes into the general piggy bank of big data, giving advertising platforms carte blanche to display ads for your interests and needs. It is also a way to identify ad fraud.
Table of Contents
1. The most popular methods of collecting digital fingerprints
1.1. Browser Version
1.2. Browser Language Settings
1.3. Screen Resolution
1.4. Time zone
1.5. localStorage
1.6. Do Not Track
1.7. The Canvas Element
1.8. WebGL
1.9. Browser Extensions
1.10. Ad blockers
1.11. Cross-Browser Fingerprinting
1.12. Font Metrics
1.13. How to check your digital footprint
2. Difference from cookies
3. Fingerprint in Online Marketing
4. How to Track Click Using Fingerprinting Technology
4.1. Combine digital fingerprint traffic analysis with other anti-fraud tools
A striking example of fingerprinting is the buttons on social networks, which we thoughtfully and thoughtlessly click on under posts. and is our history, a digital footprint of life and leisure on the Internet, which are further used by marketing resources to show us advertisements at the right time and in the right place.
Mobile devices collect more data about users' digital footprints than PCs. However, the information on the former is more monotonous, so it is more difficult to identify them.
Does it violate ethical standards and confidentiality? Definitely, yes. But it is used for harmless, let's say, purposes - to show ads, and that's all. At the same time, this technology can be used to expose cybercriminals.
Browsers do this both explicitly (for example, by using the Accept-Language HTTP header and navigator.language/navigator.languages requests in Web APIs) and implicitly (for example, by using fonts installed on the device's operating system).
However, this feature, which is supposed to improve the quality of content delivery to the user, cannot be compared to the risk to which he is exposed. The thing is that trackers can use the language preferences of a site visitor, explicit and implicit, to take digital fingerprints.
Brave, for example, has a farbling feature to protect the user from fingerprinting. Farbling is a term that refers to a technology for protecting privacy by randomizing data obtained from the browser's semi-identifying functions without free access to them and without disrupting the useful functionality of the site.
Note: Brave is an open source browser based on the Blink (Chromium) engine.
When using a proxy server, the local time of the server may not be the same as the local time on the user's computer. In this case, sites may question the validity of the session.
To hide the true time zone, there are special applications for browsers that replace it with a random value or a value set by the user in the settings.
From a security perspective, localStorage is protected within the domain. Any page within that domain has access to the data in the storage. The only problem is that they are independent between different browsers, that is, for example, if the user is working with Firefox, then his data from localStorage will not be available to any Chrome.
Ad blockers leave a trail that can be used by the sites you visit to identify them. Resources create a profile by testing, depending on the elements on the page blocked by the extension. All received values and signals combine to create a unique user profile.
The same cannot be said about digital fingerprints, the collection of which does not require the permission of the resource visitor. And, unfortunately, browser fingerprinting scenarios do not differ from all other scenarios necessary for the site to work.
Cookies can be deleted, but fingerprints cannot. Fingerprint allows you to identify the visitor when visiting the resource again and for better and more convenient content delivery. Information about a user's online activity from digital fingerprints gives a clear picture of their browsing history, preferences, hobbies, and even life circumstances.
As in the police station, fingerprinting is carried out, so here - unique prints are collected, only in the context of digital technologies.
It is used when tracking the device ID is impractical or the user has forbidden to keep a search history, for example, and has set a ban on cookies.
In what cases this technology is used in online marketing:
Click clicking is expensive for advertisers. Cybercriminals operate on any advertising platforms, on social networks and all over the Internet. To stop the spread of fraud, or at least its impact on your budget, it is necessary to conduct a comprehensive analysis of fraudulent behavior. They use all kinds of methods, manual and machine (automatic), but there is a way to recognize them. One of these is fingerprinting.
► Here's how you can use it to track the signs of fraud:
The power of user data analytics, such as behavioral maps, device configuration information, and more, allows you to more accurately identify the signs of fraud.
Source
This technology is questionable, as it ethically violates the user's privacy and collects data about his preferences so that advertising platforms can show him the information that is beneficial to advertisers.
► List of possible sources for which a unique fingerprint can be assigned to the user:
- User-agent.
- Language.
- Color bit depth.
- Screen resolution.
- Time zone.
- localStorage
- CPU class.
- Platform.
- Whether the DoNotTrack feature is enabled or not.
- A list of installed fonts rendered via Flash or JS/CSS.
- Canvas.
- WebGL.
- Plugins and extensions.
- Whether AdBlock is installed or not.
- Manual configuration of language, screen extension, OS, browser.
- Pixel Ratio
All this information goes into the general piggy bank of big data, giving advertising platforms carte blanche to display ads for your interests and needs. It is also a way to identify ad fraud.
Table of Contents
1. The most popular methods of collecting digital fingerprints
1.1. Browser Version
1.2. Browser Language Settings
1.3. Screen Resolution
1.4. Time zone
1.5. localStorage
1.6. Do Not Track
1.7. The Canvas Element
1.8. WebGL
1.9. Browser Extensions
1.10. Ad blockers
1.11. Cross-Browser Fingerprinting
1.12. Font Metrics
1.13. How to check your digital footprint
2. Difference from cookies
3. Fingerprint in Online Marketing
4. How to Track Click Using Fingerprinting Technology
4.1. Combine digital fingerprint traffic analysis with other anti-fraud tools
The most popular methods of collecting digital fingerprints
There are different levels and methods of collecting digital fingerprints: browser version, search history, device parameters, etc.A striking example of fingerprinting is the buttons on social networks, which we thoughtfully and thoughtlessly click on under posts. and is our history, a digital footprint of life and leisure on the Internet, which are further used by marketing resources to show us advertisements at the right time and in the right place.
Mobile devices collect more data about users' digital footprints than PCs. However, the information on the former is more monotonous, so it is more difficult to identify them.
Does it violate ethical standards and confidentiality? Definitely, yes. But it is used for harmless, let's say, purposes - to show ads, and that's all. At the same time, this technology can be used to expose cybercriminals.
Browser version
All browsers have their own name and version, as well as other information related to their compatibility and displayed in the request header. The type and version can be determined by the peculiarities of its interaction with the web resource. For example, each browser family has a unique number of HTTP header fields in a specific order.Browser language settings
Language is one of the basic digital fingerprints of a user's browser. When a site is visited, its browser must tell the resource the default language or languages. This information helps the site to display content in the language preferred by the user.Browsers do this both explicitly (for example, by using the Accept-Language HTTP header and navigator.language/navigator.languages requests in Web APIs) and implicitly (for example, by using fonts installed on the device's operating system).
However, this feature, which is supposed to improve the quality of content delivery to the user, cannot be compared to the risk to which he is exposed. The thing is that trackers can use the language preferences of a site visitor, explicit and implicit, to take digital fingerprints.
Brave, for example, has a farbling feature to protect the user from fingerprinting. Farbling is a term that refers to a technology for protecting privacy by randomizing data obtained from the browser's semi-identifying functions without free access to them and without disrupting the useful functionality of the site.
Note: Brave is an open source browser based on the Blink (Chromium) engine.
Screen Resolution
Screen resolution communicates information about the clarity of text and images displayed on the user's screen. The larger the monitor, the higher the resolution is usually supported. The ability to increase the screen resolution depends on the size and capabilities of the monitor, as well as the type of graphics card you are using.Time zone
This is one of the oldest ways to take a user's digital fingerprints. Sites can determine the time zone in two ways: by the time zone set on the computer or by the IP address.When using a proxy server, the local time of the server may not be the same as the local time on the user's computer. In this case, sites may question the validity of the session.
To hide the true time zone, there are special applications for browsers that replace it with a random value or a value set by the user in the settings.
localStorage
Data in localStorage is typically stored there forever. This means that they will be stored in the tenant for as long as they are stored in localstorage. Even if the user closes the browser and interrupts the current session, and then reopens it, no data will be lost. Their lifecycle will only end when the user or program intentionally deletes them.From a security perspective, localStorage is protected within the domain. Any page within that domain has access to the data in the storage. The only problem is that they are independent between different browsers, that is, for example, if the user is working with Firefox, then his data from localStorage will not be available to any Chrome.
Do Not Track
Do Not Track (DNT) is an HTTP header. If the user activates this function, then the value of dnt will be added to the corresponding field in the browser: 1. Then the site will be notified that the visitor does not want information about him to be stored on the server. If the property complies with privacy rules, it will not collect data for ad targeting.Canvas element
Canvas is an HTML5 element (or layer) that is designed to render graphics and animations on a web page using JavaScript scripts. Therefore, it is used as one of the methods to collect user information. The principle of its operation is based on the fact that images on the canvas can be displayed differently on different computers.
WebGL
Pretty similar to Canvas-based fingerprinting, as both use a browser to render off-screen images. In WebGL, image data differentiates users based on the installed graphics drivers and device hardware.Browser Extensions
We all use extensions for the convenience of working on the Internet. And each of us has our own set of such tools. They can change the behavior of some attributes by adding their own fingerprints.Ad blockers
There are dozens of ad blockers, such as AdBlock, uBlock Origin, AdGuard, 1Blocker X, that apply different sets of default filters. In addition, users themselves can configure extensions and change system settings to individual ones. This variety creates a personal digital fingerprint of the site visitor.Ad blockers leave a trail that can be used by the sites you visit to identify them. Resources create a profile by testing, depending on the elements on the page blocked by the extension. All received values and signals combine to create a unique user profile.
Cross-Browser Fingerprinting
To collect a user's fingerprint, it was previously enough to know the version of the browser used. Now the binding is no longer to a specific User-Agent, but to a PC or mobile device as a whole.The technology takes into account the characteristics of a particular system.
Font metrics
Each browser renders the bounding box parameter on text in its own way using anti-aliasing technology and screen optimization configuration. The method of such fingerprinting is based on measuring the size of HTML elements filled with text objects drawn on the screen or Unicode.
How to check your digital footprint
You can check your digital fingerprint on this website https://amiunique.org/. Be prepared for the fact that after clicking on the View my browser fingerprint button, the service will place cookies in your browser for as long as 4 months and collect data.Difference from cookies
Cookies and digital fingerprints are completely different things, despite the fact that in both cases it is about collecting information about the user. One difference is that the collection of cookies is regulated by law, which means that sites must notify the user that they are collecting this data and obtain permission from them to use it.The same cannot be said about digital fingerprints, the collection of which does not require the permission of the resource visitor. And, unfortunately, browser fingerprinting scenarios do not differ from all other scenarios necessary for the site to work.
Cookies can be deleted, but fingerprints cannot. Fingerprint allows you to identify the visitor when visiting the resource again and for better and more convenient content delivery. Information about a user's online activity from digital fingerprints gives a clear picture of their browsing history, preferences, hobbies, and even life circumstances.
Fingerprint in Online Marketing
Catching up with your potential buyer in the right place and at the right time is not an easy task. How to understand whether he is now looking for your product, what his interests and needs are. Therefore, fingerprint is used to anticipate targeted advertising by marketing systems, sites and sites.As in the police station, fingerprinting is carried out, so here - unique prints are collected, only in the context of digital technologies.
It is used when tracking the device ID is impractical or the user has forbidden to keep a search history, for example, and has set a ban on cookies.
In what cases this technology is used in online marketing:
- Behavioral analytics. In addition to fighting digital fraud, fingerprint devices undoubtedly help analyze user behavior. With its help, you can identify unique visitors to the site.
- Ad fraud. Also, the analysis and tracking of digital fingerprints helps to combat advertising and search clicking.
How to Track Click Motion Using Fingerprinting Technology
Online marketers weren't the first to use fingerprints against fraud. It was once a tool in the fight against software piracy and bank fraud. Companies fighting cybercrime have identified devices suspected of suspicious transactions in this way.Click clicking is expensive for advertisers. Cybercriminals operate on any advertising platforms, on social networks and all over the Internet. To stop the spread of fraud, or at least its impact on your budget, it is necessary to conduct a comprehensive analysis of fraudulent behavior. They use all kinds of methods, manual and machine (automatic), but there is a way to recognize them. One of these is fingerprinting.
► Here's how you can use it to track the signs of fraud:
- Using a 32-bit OS on a 64-bit processor. Most likely, this is non-targeted traffic, since cybercriminals most often use PCs running on an old cracked version of Windows to click.
- Fresh cookies. In 90% of cases, scammers constantly clean browser logs, while ordinary users do this in only 10%. Thus, the age of cookies is one of the main signs of fraud detection.
- Empty values in the Do Not Track parameter. Correct: This parameter must be set to either YES, NO, or NOT DEFINED. Most often, the default value is NO (70%). And scammers have a different value - they have a null value, which is unnatural.
- Clean search history (HTTP referer header reset). Pseudo-users also carefully monitor their search history, which they constantly clean. Less than 5% of users filter their search history using third-party plugins and extensions. Criminals do it 5 times more often.
- A lot of extensions and plugins are not about them: 1-5, no more. Real users install more different extensions, and 1 out of 20 people has more than 25 plugins.
The power of user data analytics, such as behavioral maps, device configuration information, and more, allows you to more accurately identify the signs of fraud.
Combine digital fingerprint traffic analysis with other anti-fraud tools
Yes, the technology of analyzing the fingerprint of the user's device works for you in many ways. But still, this is not enough to fully protect against fraud.Source
