Browser fingerprinting was invented to help keep our online data safe, but in many cases, it does the exact opposite. Here, we take a deep dive into this covert online tracking technique

Online user privacy has been a much-discussed topic in recent years, with a slew of news stories revealing the misuse of sensitive data by some of the biggest names in the tech business.

The result has been an almost universal rejection of the third-party cookie, which to date has been the most prevalent online tracking tool. However, the third-party cookie is not the only way to track a user’s online behavior.

In this article, we explore browser fingerprinting, which is an accurate form of online tracking that is highly evasive, difficult to trace, and, as yet, unregulated. 

What is browser fingerprinting?

Browser fingerprinting is a term used to describe the act of discreetly gathering software and device settings data through an internet user’s browser when they’re online. This combination of settings is then used to build a unique identity – or ‘fingerprint’ – for that individual. It’s also sometimes referred to as ‘device fingerprinting’ or simply ‘fingerprinting’.

How does browser fingerprinting work?

Every time you visit a website, your browser has to provide the hosting server with a certain amount of essential information to ensure the website works properly for your individual machine.

These pieces of information could include device model and spec, language and keyboard layout, location, time zone, installed hardware, software versions, and much more.

Individually, these settings and configurations might seem innocuous – and they are. But when put together, they can create a unique combination or ‘fingerprint’.

Considering the number of connected devices worldwide (projected to hit 38.6 billion in 2025), browser fingerprinting can be surprisingly accurate. This study, for example, found that 83.6% of tested browsers were unique.

What is browser fingerprinting used for?

Fingerprinting is reportedly used by over a quarter of the top 10,000 websites online.

Many of these sites use device fingerprints to maximize the user experience for their audience or to keep accounts secure. However, many others use it to track user activity and then pass that information on to data brokers who will sell it to various ends.

Security

Browser fingerprinting was originally developed to track and block devices associated with suspicious activity. These could be botnets using multiple devices and locations to access online accounts, phishing scammers creating numerous social media profiles, or bad actors using repetitive trial-and-error tactics.

Fingerprinting is such an efficient identifier that it can bypass private browser windows, virtual private networks (VPNs), and other evasion measures to track this activity, making it harder for fraudulent internet users to conceal their actions. 

While it is not foolproof, browser fingerprinting can form an integral part of a robust security strategy when combined with other anti-fraud measures.

Marketing

Such an effective way to identify and track user activity has inevitably drawn the attention of the digital advertising industry.

Global digital ad revenue totaled $378.16bn in 2020 and much of this relied on targeted advertising. In an industry of this size, data is