So… how effective is it? The fingerprinting. I’m guessing there are studies? Also don’t know whether there’s been legal precedent, ie whether fingerprinting has been recognized as valid means of user identification in a court case.
It’s super effective but there are very few real use cases for it outside of security and ad tracking. For example you can’t replace cookies with it because while good fingerprint is unique it can still be fragile (browser update etc.) which would cause data loss and require reauth.
Usually fingerprint plays a supporting role for example when you do those “click here” captchas that’s actually just giving the browser time to fingerprint you and evaluate your trust to decide whether to give you a full captcha or let you through. So fingerprint is always there in tbe background these days tho mostly for security and ad tracking.
As for court cases and things like GDPR - the officials are still sleeping on this and obviously nobody wants to talk about it because it’s super complex and really effective and effects soo many systems that are not ad tech.
Usually fingerprint plays a supporting role for example when you do those “click here” captchas that’s actually just giving the browser time to fingerprint you and evaluate your trust to decide whether to give you a full captcha or let you through. So fingerprint is always there in tbe background these days tho mostly for security and ad tracking.
I’ve been wondering about those “click here” captchas and their purpose 🤔
Yes, and even before js fingerprint happens the connection is fingerprinted through HTTP and TLS protocol fingerprints as each system is slightly different like supporting different encryption ciphers, different http engine and how requests are performed etc.
So even before you see the page itself the server has a pretty good understanding of your client which determines whether you see this captcha box at all. That’s why on public wifi and rare operating systems (like linux) and web browsers you almost always get these captcha verifications.
The more complex the web becomes the easier it is to gather this data and currently the web is very complex with no sight of stopping.
Huh had no idea. I still wonder how accurate this is though, like whether it can be used forensically as the word “fingerprint” suggests to identify a specific person/private machine. It’s kind of fascinating as a topic. I would think that given that most people use similar setups, similar hardware and software, similar routers and settings, it would be impossible, but perhaps with enough details of a particular setup, a specific machine and user can be identified with decent accuracy.
So… how effective is it? The fingerprinting. I’m guessing there are studies? Also don’t know whether there’s been legal precedent, ie whether fingerprinting has been recognized as valid means of user identification in a court case.
It’s super effective but there are very few real use cases for it outside of security and ad tracking. For example you can’t replace cookies with it because while good fingerprint is unique it can still be fragile (browser update etc.) which would cause data loss and require reauth.
Usually fingerprint plays a supporting role for example when you do those “click here” captchas that’s actually just giving the browser time to fingerprint you and evaluate your trust to decide whether to give you a full captcha or let you through. So fingerprint is always there in tbe background these days tho mostly for security and ad tracking.
As for court cases and things like GDPR - the officials are still sleeping on this and obviously nobody wants to talk about it because it’s super complex and really effective and effects soo many systems that are not ad tech.
I’ve been wondering about those “click here” captchas and their purpose 🤔
Yes, and even before js fingerprint happens the connection is fingerprinted through HTTP and TLS protocol fingerprints as each system is slightly different like supporting different encryption ciphers, different http engine and how requests are performed etc.
So even before you see the page itself the server has a pretty good understanding of your client which determines whether you see this captcha box at all. That’s why on public wifi and rare operating systems (like linux) and web browsers you almost always get these captcha verifications.
The more complex the web becomes the easier it is to gather this data and currently the web is very complex with no sight of stopping.
Huh had no idea. I still wonder how accurate this is though, like whether it can be used forensically as the word “fingerprint” suggests to identify a specific person/private machine. It’s kind of fascinating as a topic. I would think that given that most people use similar setups, similar hardware and software, similar routers and settings, it would be impossible, but perhaps with enough details of a particular setup, a specific machine and user can be identified with decent accuracy.