Sign In

Communications of the ACM

ACM TechNews

Several Top Websites Use Device Fingerprinting to Secretly Track Users

A fingerprint.

A small number of the Internet's top 10,000 sites track users without their knowledge or consent through digital fingerprinting.

Credit: Shutterstock

KU-Leuven researchers have found that 145 of the Internet's top 10,000 websites track users without their knowledge or consent. The sites use hidden scripts to extract a device fingerprint from users' browsers.

Device fingerprinting circumvents legal restrictions imposed on the use of cookies and ignores the Do Not Track HTTP header. Device fingerprinting targets either Flash or JavaScript. The researchers found that the 145 websites use Flash-based fingerprinting. The researchers also found that 404 of the top 1 million sites use JavaScript-based fingerprinting, which enables sites to track non-Flash mobile phones and devices.

The researchers identified 16 new providers of device fingerprinting, only one of which had been identified in earlier research. However, device fingerprinting can be used for various security-related tasks, including fraud detection, protection against account hijacking, and anti-bot and anti-scraping services. In addition, the technology is being employed for analytics and marketing purposes through fingerprinting scripts concealed in advertising banners and Web widgets.

The researchers' FPDetective tool can detect fingerprinting websites by crawling and analyzing sites for suspicious scripts. The researchers will present their findings at the 20th ACM Conference on Computer and Communications Security this November in Berlin.

From KU Leuven
View Full Article


Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA


No entries found