Device fingerprinting is an incredibly powerful tracking technique that allows data brokers, marketers and government surveillance agencies to know who you are even when you’re using a privacy-protected browser. It’s also a big concern for anyone concerned about giving up too much personal information to websites, especially since it can be used in conjunction with other tracking techniques.
Fraudsters, phishers and scammers often utilize device spoofing, which is the practice of masking your true device information in order to get past fraud detection systems. These spoofing methods can include emulators (software designed to emulate another system), proxy servers and VPN services. Device fingerprinting can help identify these red flags and stop fraudulent activity, such as account takeovers, credit card fraud, malware attacks and bonus abuse.
The most common form of device fingerprinting is browser fingerprinting, which uses a core feature of web pages to generate a distinctive identifier for the user’s device. It is extremely difficult for people to avoid this type of tracking because it relies on the fundamental features of web pages and the devices that access them.
Browser fingerprinting techniques typically rely on basic information that is passed through to every webpage, such as the browser type, screen resolution, installed plugins and language settings. In addition, some of the more advanced techniques use time stamps sent by the HTTP requests to identify the hardware fingerprint.
Canvas fingerprinting, for example, uses the HTML5 canvas element of web pages to create a unique image that can be used to identify the device’s software and hardware. This is a highly effective technique that can be used on both PCs and mobile devices.
Audio fingerprinting is another powerful technique that works similar to canvas and WebGL, except it uses the browser’s audio functions to create a fingerprint based on the device’s audio drivers and hardware. This can be used to identify the device’s make, model and sound hardware.
Fraudsters, bad actors and cybercriminals have been using device fingerprinting for decades to steal your personal information and manipulate your online experience. Without it, detecting and stopping fraud related to multi-accounting, credit card and bank accounts, account takeovers, digital onboarding and payment fraud would be significantly more challenging.