September 2, 2016
"A new survey from a group of Princeton researchers of one million websitessheds some light on the cutting-edge tricks being used to follow your digital trail. Rather than placing a tracker on your browser, many sites are now “fingerprinting” — using information about your computer such as battery status or browser window size to identify your presence.
On this week’s What’s The Point, Arvind Narayanan, one of the authors of the Princeton study, discusses his research, the latest in online tracking and what you (and our lawmakers) can do to counter the trackers.
Read a partial transcript below. Here are a few of the tools and studies we mentioned in the show:
- Arvind Narayanan and Steven Englehardt’s full paper (PDF)
- Ghostery, an online tool that alerts you to the trackers on the website you’re visiting
- Panopticlick from the Electronic Frontier Foundation, which analyzes how well your browser is protected from tracking
How fingerprinting works
Arvind Narayanan: In the ad tech industry, cookies are gradually being shunted in favor of fingerprinting. The reason that fingerprinting is so effective is that even if you have a device that you think is identical to the device of the person sitting next to you, there are going to be a number of differences in the behavior of your browser. The set of fonts installed on your browser could be different. The precise version number of the browser could be different. Your battery status could be different from that of the person next to you, or anybody else in the world. And it turns out that if you put all of these pieces of information together, a unique or nearly unique picture of the behavior of your device emerges that’s going to be relatively stable over time. And that enables your companies to recognize you when you come back.
Jody Avirgan: But how does it enable that? My actual finger’s fingerprint doesn’t change from today to tomorrow. But my computer’s battery status can change. So how do they know it’s still you?
Narayanan: The battery status is actually the only exception to that general principle. And that’s the reason why we’re still figuring out how that works. [Editor’s note: Earlier in the interview, Narayanan had mentioned that the rate at which your battery depletes might be an identifier.] But let’s say you’ve got 41 fonts installed on your browser today. You come back in a week, maybe you have 43 fonts installed. But 41 of those are going to be the same as what they saw a week ago. And it changes slowly enough that statistically you can have a high degree of confidence. In the industry they call these things statistical IDs. It’s not as certain as putting a cookie on your browser, but you can derive a very high degree of confidence."