Sunday, October 27, 2013

The new Web tracking: You never see it coming


October 24, 2013









If a website really wants to track you, it seems, it'll be able to do so no matter what.


That's one of the conclusions to be gleaned from a report published by researchers from the KU Leuven Dept. of Computer Science and the Department of Media, Culture, and Communication at New York University.


Entitled "FPDetective: Dusting the Web for Fingerprinters," the report describes a method for determining whether or not browsers are being tracked via mechanisms that are invisible to the end-user and don't use cookies, Flash, or other technologies that are easily tracked and blocked.


Tracked without traces
Tracking mechanisms such as this typically involve polling the browser for information about it and its host PC that are readily available. This doesn't just include the browser's user agent string, but also the size of the screen, the fonts available in the system (a major source of uniquely identifiable data), and so forth. Because all this data is routinely made available to the browser -- and thus any Web page invoked in it -- it's trivially simple to harvest it and create a fingerprint from it.


"Device fingerprinting raises serious privacy concerns for everyday users," the report notes. "Its stateless nature makes it hard to detect (no cookies to inspect and delete) and even harder to opt out." Few if any sites admit that they do this kind of detection -- in part because such fingerprinting is used in conjunction with "massive device reputation databases where device fingerprints are stored along with the device owners' Web history and 'reputation scores.' "


The researchers found that tracking of this sort is not only quite pervasive, but provided by a wide range of third-party outfits normally involved in consumer tracking, such as Mindshare Technology, BlueCava, and others.


Even spookier was the way some of the tracking mechanisms in question actively evaded detection, such as "by removing the fingerprinting script once the device has been fingerprinted, and collecting fingerprints through third-party widgets."




Source: http://podcasts.infoworld.com/t/internet-privacy/the-new-web-tracking-you-never-see-it-coming-229440?source=rss_infoworld_top_stories_
Tags: eric decker   Ed Lauter   homeland   Ray Rice   Lisa Robin Kelly  

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.