Browser fingerprinting is an increasingly common tracking technique that collects contextual data from a person’s computer without their knowledge.
Hackers have been able to obtain private information such as browsing history, computer clock and even the unique identity of the computer from a user’s internet browser.
Researchers at the University of Adelaide in South Australia are conducting a study to discover the weaknesses in contemporary “browserprinting” methods to build an adequate defence program.
University of Adelaide PhD student Lachlan Kang said browser fingerprinting could affect anyone, even those who used the anonymous aspects of VPNs to protect their privacy.
“Previously, tracking was done with cookies but you could disable cookies. Browser fingerprinting collects a description of your browser to uniquely identify you without you knowing,” he said.
“Imagine a future where you go for a job interview and the people you apply for a job with contact a company to get your profile history, find out your habits, beliefs and are able to pre-judge you before you even show up.
“There are a few defence strategies for fingerprinting but they all have problems. I would like to come up with a more user-friendly solution and try to determine which fingerprinting attacks are more powerful and how they can be combined, improved and defeated.”
Browser fingerprinting has been around for almost a decade with many companies able to take full advantage of the ability to target people’s interests.
The knowledge of someone’s purchasing habits or interests could help an airline calculate the highest amount a customer could afford.
Google can track people on about 80 per cent of the Alexa top million sites and Facebook can track people across 32 per cent.
In an Oxford and MIT joint study earlier this year, it was discovered that the social media site Twitter used location tags to determine real-world addresses, hobbies, and medical histories.
Although this information was obtained for the purpose of targeted advertising, it does highlight the harmful potential of fingerprinting.
Kang is conducting the study as part of a wider project on privacy at the university’s Schools of Computer Science and Mathematical Sciences.
He said most people were unaware of fingerprinting methods that could appear as ReCAPTCHA models that asked users to prove they were not machines.
“The big one is based on what website you visit. Depending on what you do online they can target advertisements to you,” Kang said.
“They can use java script to get things like your time zone, which gives them a good idea of where you are even if you are hiding your IP address.
“It doesn’t matter if you delete your browser history. Trackers have their own database of what you have been doing and you’d have to delete it from them too.”
Kang said there were about 3000 people signed up for the project already but he hoped to reach 10,000 to obtain enough information to build a defence program.