Sign In

Communications of the ACM

ACM TechNews

Several Top Websites Use Device Fingerprinting to Secretly Track Users


A fingerprint.

A small number of the Internet's top 10,000 sites track users without their knowledge or consent through digital fingerprinting.

Credit: Shutterstock

KU-Leuven researchers have found that 145 of the Internet's top 10,000 websites track users without their knowledge or consent. The sites use hidden scripts to extract a device fingerprint from users' browsers.

Device fingerprinting circumvents legal restrictions imposed on the use of cookies and ignores the Do Not Track HTTP header. Device fingerprinting targets either Flash or JavaScript. The researchers found that the 145 websites use Flash-based fingerprinting. The researchers also found that 404 of the top 1 million sites use JavaScript-based fingerprinting, which enables sites to track non-Flash mobile phones and devices.

The researchers identified 16 new providers of device fingerprinting, only one of which had been identified in earlier research. However, device fingerprinting can be used for various security-related tasks, including fraud detection, protection against account hijacking, and anti-bot and anti-scraping services. In addition, the technology is being employed for analytics and marketing purposes through fingerprinting scripts concealed in advertising banners and Web widgets.

The researchers' FPDetective tool can detect fingerprinting websites by crawling and analyzing sites for suspicious scripts. The researchers will present their findings at the 20th ACM Conference on Computer and Communications Security this November in Berlin.

From KU Leuven
View Full Article

 

Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA


 

No entries found

Comment on this article

Signed comments submitted to this site are moderated and will appear if they are relevant to the topic and not abusive. Your comment will appear with your username if published. View our policy on comments

(Please sign in or create an ACM Web Account to access this feature.)

Create an Account

Log in to Submit a Signed Comment

Sign In »

Sign In

Signed comments submitted to this site are moderated and will appear if they are relevant to the topic and not abusive. Your comment will appear with your username if published. View our policy on comments
Forgot Password?

Create a Web Account

An email verification has been sent to youremail@email.com
ACM veriŞes that you are the owner of the email address you've provided by sending you a veriŞcation message. The email message will contain a link that you must click to validate this account.
NEXT STEP: CHECK YOUR EMAIL
You must click the link within the message in order to complete the process of creating your account. You may click on the link embedded in the message, or copy the link and paste it into your browser.