Browser fingerprinting is a tracking method used to identify web visitors based on the attributes of their web browsers and devices. These attributes are collected by websites in the background without the visitor’s knowledge or consent and can be compiled into a digital fingerprint. The digital fingerprint then allows websites to identify and track the visitor across multiple sites on the internet. The digital fingerprint reveals intimate details about the user, such as their browsing history, shopping and news preferences and more.
In many ways, browser fingerprinting is similar to the way police and forensic teams identify criminal suspects based on their fingerprints at the crime scene. The digital fingerprint is a unique set of attributes that distinguishes the user from millions of other users online.
Web pages contain a number of different scripts that perform various functions. The most common of these scripts are JavaScript (or JS as it is often abbreviated) and they are run in the background without the user’s knowledge or consent. These scripts can gather a variety of attributes about the user and their device, including operating systems, browser settings and plugins, audio and video capabilities, timezone information and more. These attributes are then compiled into a unique digital fingerprint for each user that is tracked and analyzed by website owners.
There are several different browser fingerprinting JavaScript fingerprinting techniques that can be used to collect this data. Two of the most popular include canvas fingerprinting and rendering fingerprinting. These methods force the browser to render images off-screen which can reveal a lot about the device, such as its graphics system and hardware components. In addition, it can uncover specific fonts installed on the device as well as active screen resolution and color setting.
Other browser fingerprinting techniques rely on HTTP requests sent by the web server to the visitor’s browser. These types of fingerprinting methods can reveal the URL that the website was visited from, the type of web browser and the specific version of the browser being used. This can be combined with other data points to create a comprehensive profile of the user.
These profiles can then be leveraged by companies for marketing and fraud prevention purposes. For example, in cases of account takeover (ATO), fingerprinting can help identify the fraudster’s device and browser and prompt additional security measures like email or two-factor authentication.
Browser fingerprinting can also be used to detect suspicious activity on a website. For instance, if the fingerprint matches a previous fraudster’s profile, it may be a good indication that they are returning to the site. This would trigger an email alert to the fraud detection team and could result in a manual review of their account.
While there is some debate about how effective fingerprinting is, it remains an important tool for reducing fraud on the internet. At SEON, we employ a combination of different fingerprinting technologies to ensure our customers are protected against fraud. Our solutions are continually improved and we stay on top of new developments and advancements in this field.