Though your smartphone looks like millions of others just like it, mass-manufactured in some vast overseas facility, each one of these units possesses a series of unique digital attributes that allow it to be precisely identified. These “device fingerprints” are similar to those on human hands, in that they leave traces that allow activity to be tracked back to a specific smartphone or tablet.
In theory, device fingerprinting is a useful tool designed to assist security protocols in assessing and preventing fraudulent activity. However, they have also been appropriated by digital marketers to track a user’s activity across apps and websites, generating personal profiles that they can use to precisely target advertising and marketing messages for that user. Ironically, this use of device fingerprinting not only infringes on individual data privacy, but it can also expose a user’s online information to hacking, fraud, and other forms of cybercrime.
While the use of digital “cookies” in online tracking has become relatively mainstream, the average smartphone user likely knows little, if anything, about the growing reliance on device fingerprinting by online marketers and data brokers. Keep reading for a complete breakdown of what device fingerprinting is, how it is used and how to prevent unwanted parties from accessing this highly specific data from your personal device.
What is Device Fingerprinting?
At its most basic level, a device fingerprint consists of a series of numbers or other code based on a list of specific attributes connected to an individual smartphone, tablet, or computer. The items used to generate this unique code include its operating system (OS), Internet service provider (ISP), Internet protocol (IP) address, language preferences, and any hardware installed on the device.
Device fingerprinting differs from the use of tracking cookies in the location in which the data is stored. With web cookies, the tracking information is stored on the device being tracked, while data used in device fingerprinting is stored in a server based outside the device itself.
What details does device fingerprinting capture?
When a device is connected to a web browser, information used to create its device fingerprint includes:
- IP address
- HTTP request header
- User-agent string
- Installed device plugin
- Time zone in which the device is being used
- Device settings (touch support, operating system, language and screen resolution)
- Flash plugin data
- Silverlight data
- Installed fonts
- Wi-Fi networks
What is the purpose of device fingerprinting?
Device fingerprinting was originally created to assist with identity validation and fraud prevention. However, security measures based on device fingerprinting have largely lost their effectiveness because cybercriminals have discovered ways to circumvent them, such as stolen and synthetic identities, mobile device ID resets, and remote access trojans.
Device fingerprinting cannot distinguish between legitimate users and those using fraudulent identities, and substitute device IDs can be easily purchased on the dark web. Using the replacement device ID and previously captured activity from the original device, cybercriminals can create characteristics and identifying information that is identical to the original.
Even if an individual blocks cookies,
their device fingerprint can still be used to
follow their activity and capture their
Six Critical Steps to Prevent Device Fingerprinting
Because websites and apps are not yet required to disclose their use of device fingerprinting in the collection of users’ information, it can be hard to know when you are being tracked via this method. However, there are six critical steps you can take to minimize the likelihood that your device fingerprint is being hijacked for fraudulent or invasive marketing purposes.
Final Thoughts on Stopping Device Fingerprinting
Though no foolproof method for preventing all device fingerprinting activity currently exists, the steps above can make it less likely that you will be targeted by outside forces—generally aggressive online marketers or would-be fraudsters—using this approach.
For now, device fingerprinting is just one more aspect of online life for which you’ll need to stay on guard, and another critical component of a comprehensive digital hygiene routine to protect your private data and electronic devices from being accessed by unwanted third parties.
Interested in furthering your personal security? Get your personal information removed from 50+ other people search websites and data brokers for less than the cost of a Netflix subscription with Removaly.