What is Browser Fingerprinting
Browser fingerprinting, a.k.a. canvas fingerprinting, works similar to collecting human fingerprints. Traces of information that are left by the browser interaction with the server are collected. The sum of these traces, the browser’s fingerprint, can be used in many cases to identify the device and by extension the user. Thus, in short, browser fingerprinting is the wholesale collection of as many browser identification points as possible at a website that can then be later matched against the browser characteristics of known people. The analysis may not reveal the identify of a person but can still show that the same person performed different activities.
Unlike browser cookies there are no traces left on your system of fingerprinting having occurred. Thus, many sites use fingerprinting instead of cookies believing that this will free them from needing to notify users.
How is fingerprinting performed
There are two primary avenues. a) Client side collection of information via a script or b) server side collection of information via server logs.
On the client side there are many elements that can used in combination to determine the visitor’s uniqueness. For an example, you can visit the AmIUnique website.
On the server side, your interaction with servers tends to leave many log entries that can be used to assign a uniqueness score to you as well. At XcooBee we regularly purge logs and de-identify user interactions. However, this is not the standard for many organizations.
The XcooBee Cookie Kit Fingerprint Setting
In the XcooBee Cookie Kit, our open source Cookie manager, we allow the user to explicitly consent to being fingerprinted. This information is, then, shared with the site-owner, who can take appropriate action.
Fingerprinting can be a helpful security feature on sites where you have sensitive information. For example, your bank could notice that you login from a device that you have not used before and let you know that this has happened.
Thus, using fingerprinting is neither good or evil in itself. It will always depend on how it is used similar to cookies. The XcooBee Cookie Kit allows site-owners to obtain consent before the use of fingerprint.