At least a third of the 500 sites that Americans visit most “often use hidden code to run an identity check” and create unique “fingerprints” of visitors’ computers or phones, reportsWashington Post technology columnist Geoffrey A. Fowler.
“Just when you thought we had hit rock bottom on all the ways the Internet could snoop on us — no. We’ve sunk even lower,” Fowler writes.
According to tests conducted on those 500 most-used sites at Fowler’s request by Patrick Jackson, chief technology officer of the Disconnect privacy software company, fingerprinting is likely used by 183.
These include marketing and ecommerce sites like Airbnb, Best Buy, Costco, Marriott.com and Hotels.com as well as TheWashington Post itself, Fox News, The New York Times, CNN, Yahoo, WebMD, AllRecipes, four government sites (including the IRS, though all four now claim they will stop fingerprinting), porn sites, and even security/privacy software maker Norton. The column cites the reasons given by the 30 (named) sites Fowler commented for comment.
Sites create unique fingerprints of individual devices by “forcing browsers to hand over innocent-looking but largely unchanging technical information” about a computer or phone, like screen resolution and the fonts installed, he explains. Even flagging “do not track” or blocking cookies are in some cases used as a means of tracking.
“Sites can use your digital fingerprint to know if you’ve visited before, create profiles of your behavior or make ads follow you around. They can also use it to stop you from sharing a password, identify fraudsters and block harmful bots.”
While the method has been around for a decade, its use on run-of-the-mill users on a large scale is apparently relatively recent —and is spreading, Fowler theorizes, precisely because consumers are trying to do more to protect their data.
Even the parent companies of reigning browsers Google, Apple and Mozilla agree that fingerprinting is a “growing
threat” because it’s hidden, not in the user’s control, and not regulated, he points out.
Average users can use the Firefox browser, or Safari for mobile devices, both of which provide some (by no means complete) protection against fingerprinting, but otherwise don’t have a lot of options to fight back against the practice, according to Fowler.
Google has said it plans to take some steps in first-half 2020 to reduce passive, and eventually active, fingerprinting by browsers — which could make some difference, “until the next round of battle against the snoops,” he concludes.