A new study by KU Leuven–iMinds researchers has uncovered that 145 of the Internet’s 10,000 top websites track users without their knowledge or consent.
The websites use hidden scripts to extract a device fingerprint from users’ browsers. Device fingerprinting circumvents legal restrictions imposed on the use of cookies and ignores the Do Not Track HTTP header. The findings suggest that secret tracking is more widespread than previously thought.
Device fingerprinting, also known as browser fingerprinting, is the practice of collecting properties of PCs, smartphones and tablets to identify and track users. These properties include the screen size, the versions of installed software and plugins, and the list of installed fonts. A 2010 study by the Electronic Frontier Foundation (EFF) showed that, for the vast majority of browsers, the combination of these properties is unique, and thus functions as a ‘fingerprint’ that can be used to track users without relying on cookies. Device fingerprinting targets either Flash, the ubiquitous browser plugin for playing animations, videos and sound files, or JavaScript, a common programming language for web applications.
This is the first comprehensive effort to measure the prevalence of device fingerprinting on the Internet. The team of KU Leuven-iMinds researchers analysed the Internet’s top 10,000 websites and discovered that 145 of them (almost 1.5%) use Flash-based fingerprinting. Some Flash objects included questionable techniques such as revealing a user’s original IP address when visiting a website through a third party (a so-called proxy).
The study also found that 404 of the top 1 million sites use JavaScript-based fingerprinting, which allows sites to track non-Flash mobile phones and devices. The fingerprinting scripts were found to be probing a long list of fonts – sometimes up to 500 – by measuring the width and the height of secretly-printed strings on the page.
Do Not Track
The researchers identified a total of 16 new providers of device fingerprinting, only one of which had been identified in prior research. In another surprising finding, the researchers found that users are tracked by these device fingerprinting technologies even if they explicitly request not to be tracked by enabling the Do Not Track (DNT) HTTP header.
The researchers also evaluated Tor Browser and Firegloves, two privacy-enhancing tools offering fingerprinting resistance. New vulnerabilities – some of which give access to users’ identity – were identified.
Device fingerprinting can be used for various security-related tasks, including fraud detection, protection against account hijacking and anti-bot and anti-scraping services. But it is also being used for analytics and marketing purposes via fingerprinting scripts hidden in advertising banners and web widgets.
Go deeper with Bing News on:
Device fingerprinting
- Android malware posing as a fake Chrome update is stealing banking app logins
New Android malware that steals banking logins and gives hackers access to your phone is disguising itself as a fake Chrome update.
- Stop! Don’t buy this iPad at Best Buy today
Fi, 64GB model of the ninth-generation Apple iPad is pretty cheap from Best Buy, but you can get it for an even lower price if you buy it from Walmart.
- Get the ASUS ROG Ally for as Little as $399.99
The ASUS ROG Ally gaming handheld is now available in two models, with the non-Extreme model priced at $399.99 and the ...
- Yale Assure Lock 2 Touch picks up new features with the Z-Wave Smart Module
The Yale Assure Lock 2 Touch now comes bundled with the Z-Wave Smart Module, allowing you to sync the smart lock with products beyond the Yale catalog.
- What is MFA and Why You Should Use It
When it comes to information and services you use that are exposed to the internet, keeping them as secure as possible is important. The first step is to have a secure, unique password. After that, ...
Go deeper with Google Headlines on:
Device fingerprinting
[google_news title=”” keyword=”Device fingerprinting” num_posts=”5″ blurb_length=”0″ show_thumb=”left”]
Go deeper with Bing News on:
Tracking website users
- Social media platform X down for thousands of users, Downdetector shows
Social media platform X suffered outages early on Monday, according to outage tracking website Downdetector.com.Downdetector, which tracks outages by collating status reports from several sources ...
- How To Design a Website
Curious about how to design a website? Our experts are here to help. Read on to learn more about website design and best practices to consider when you design a website.
- Track & field: 10 things we learned in the first month of the season
Billie Frazier of Timber Creek waits at the starting block for the High School Girls' 4x100 Northeast event to begin at the Penn Relays, Friday, April 26, 2024, in Philadelphia. Timber Creek won with ...
- Discord Users Are Being Tracked Through Data-Scraping Site
404 Media tried SpyPet's service and confirmed that the messages on the site were real Discord messages. SpyPet uses bots to scrape servers; it says it's currently tracking over 627 million Discord ...
- See 2024 Michigan high school boys track and field event rankings as of April 26
These are the latest top 10 boys in every Michigan high school track and field event during the 2024 season as of April 26.
Go deeper with Google Headlines on:
Tracking website users
[google_news title=”” keyword=”tracking website users” num_posts=”5″ blurb_length=”0″ show_thumb=”left”]