Network Device Fingerprinting
December 1st, 2010Via: Wall Street Journal:
Advertisers no longer want to just buy ads. They want to buy access to specific people. So, Mr. Norris is building a “credit bureau for devices” in which every computer or cellphone will have a “reputation” based on its user’s online behavior, shopping habits and demographics. He plans to sell this information to advertisers willing to pay top dollar for granular data about people’s interests and activities.
Device fingerprinting is a powerful emerging tool in this trade. It’s “the next generation of online advertising,” Mr. Norris says.
It might seem that one computer is pretty much like any other. Far from it: Each has a different clock setting, different fonts, different software and many other characteristics that make it unique. Every time a typical computer goes online, it broadcasts hundreds of such details as a calling card to other computers it communicates with. Tracking companies can use this data to uniquely identify computers, cellphones and other devices, and then build profiles of the people who use them.
…
It’s tough even for sophisticated Web surfers to tell if their gear is being fingerprinted. Even if people modify their machines—adding or deleting fonts, or updating software—fingerprinters often can still recognize them. There’s not yet a way for people to delete fingerprints that have been collected. In short, fingerprinting is largely invisible, tough to fend off and semi-permanent.
…
Computers need to broadcast details about their configuration in order to interact smoothly with websites and with other computers. For example, computers announce which specific Web browsers they use, along with their screen resolution, to help websites display correctly.
There are hundreds of parameters. “We call them the ‘toys on the table,'” says Mr. Norris of BlueCava. “Everyone has the same toys on the table. It’s how you rearrange them or look at them that is the secret sauce” used to fingerprint a specific computer.