The cookie is the best-known method for identifying and tracking people online. But it’s not the only one. For years, device fingerprinting has gone somewhat under the radar as a more surreptitious alternative to the cookie. However, browser makers including Apple, Google and Mozilla have recently targeted device fingerprinting as a privacy-invasive practice that they are looking to eradicate as part of a broader crackdown on online tracking.
WTF is device fingerprinting?
Device fingerprinting is a way to combine certain attributes of a device — like what operating system it is on, the type and version of web browser being used, the browser’s language setting and the device’s IP address — to identify it as a unique device. It’s an imperfect method of identification. Unlike the cookie, which is effectively a tracking monitor placed on an individual device, device fingerprinting relies on the probability that a device recognized as having certain attributes on one day is the same device seen with those same attributes on another day.
What is it used for?
Using device fingerprinting to identify and track someone online is similar to recognizing someone in a police lineup. A witness may remember certain characteristics of a suspect — like how tall they were, their hair color and length, whether they were male or female, etc. — and if someone in the lineup shares those characteristics, the witness may assume that person is the suspect. They may be right, but they’re effectively making an informed guess about the person’s identity based on this patchwork of information.
Device fingerprinting can, in some ways, be a more reliable way of identifying and tracking devices online. The practice emerged within the online advertising industry as an alternative to the cookie for environments like mobile apps where companies cannot place cookies to definitively track individual devices. And since people can delete cookies from their browsers but are less likely to change operating systems or reset their IP addresses, device fingerprinting can provide a more consistent way of tracking people around the web.
Device fingerprinting seems shady. Is there any way for someone to not let companies use device fingerprinting to track them online?
Not really. People can use virtual private networks to disguise their IP addresses, but for the most part, device fingerprinting is hard for individuals to prevent. That’s because the information used for device fingerprinting is basic information that’s passed anytime a website loads in a browser in order to make sure the site loads properly, such as by recognizing that a person is using a browser that doesn’t support a particular feature or is set to view content in a particular language.
Can’t web browsers do anything to prevent device fingerprinting?
Yes, and they are. Over the past year, Apple, Google and Mozilla have announced that they will be limiting device fingerprinting within their respective browsers. They are taking different approaches to this. Apple obscures the data that is collected and combined for fingerprinting in an effort to make it harder for companies to use that information to identify a device while still passing enough of the data for sites to load properly. Mozilla relies on a third-party list that names specific companies that perform fingerprinting and blocks those companies from accessing the information used for fingerprinting. And Google has proposed, but not implemented, a “privacy budget” to put a cap on how much of the information used for device fingerprinting a given company can access at a time.
Do a lot of ad tech companies use device fingerprinting to track people?
It’s unclear, even among ad tech companies. Digiday asked seven ad tech companies — BounceX, Dataxu, Index Exchange, LiveRamp, Lotame, Sovrn and Tapad — if they use device fingerprinting, and all seven said that they do not because of the difficulty in providing people with an option to opt out of this kind of tracking.
“I don’t see a wide utilization of fingerprinting,” said Mark Connon, COO of Tapad, an ad tech company that specializes in cross-device advertising.
However, while those companies don’t use device fingerprinting, others might. Ad exchanges have asked Dataxu CTO Bill Simmons whether the automated ad-buying firm uses device fingerprinting, and when he replies that Dataxu does not, “people are surprised we don’t,” said Simmons, who has taken the exchanges’ response as indication that many ad tech companies may use fingerprinting.
A clearer indication of which companies use fingerprinting can be found in the list of companies that Mozilla uses to block fingerprinting. That list includes ad verification firm DoubleVerify and demand-side platform MediaMath. MediaMath declined to comment on its use of fingerprinting, and DoubleVerify did not respond to a request for comment. However, it’s possible that neither company uses fingerprinting to track people for ad targeting purposes.
Is this just for ad targeting?
Not at all. Bank websites, for instance, can use the same information to check whether a person trying to log into a given account is the person who owns that account based on whether they are using a device or browser that has been previously used to log in, said Lotame CMO Adam Solomon. It can also be used for measuring ads across multiple devices. Companies often use IP addresses to associate multiple devices that connect to the same wifi network within a single household. This association helps them to recognize how many times a given brand’s ads were shown across those devices so that they can manage the frequency with which people are bombarded with the brand’s ads.
‘Clients are being cautious’: Roe vs. Wade overturn has advertisers evaluating ads, pausing spending
Some marketers, agency execs are also reconsidering their blocklists, adding phrases related to the Supreme Court to their lists to stem potential brand safety issues.
Retail brands rush to cover abortion care, but not all of their workers may be covered
What’s not immediately clear from some of these post Roe announcements is how many employees will be covered by these new policies.
Days Inn seeks unique ways to stand out as people return to traveling
Days Inn is introducing a new, limited-edition amenity: a pillow that compliments guests. It's part of a strategy to find unique ways to stand out and help drive brand awareness.
SponsoredWhy the caliber of content is paramount for advertisers
Agata Brodniewska, brand safety manager, Dailymotion Content is king when attracting consumers but is equally essential when courting advertisers. While both stakeholders want many of the same things, they most notably want relevant content they can count on to deliver an accurate and honest message without confusion or misinformation. This is especially important for advertisers […]
‘We anticipate this percentage will increase’: QuickBooks will allocate more fees to LGBTQ+ influencers
DTC business QuickBooks has found that the more diverse its influencer roster gets, the more effective it is, with content from these influencers more likely to spark a relevant response from viewers.
Why brands want to make NFTs useful, rather than profitable amid the crypto downturn
Despite the volatility in the crypto markets, consumer brands and e-commerce platforms are trying new ways to evolve NFTs from being novel collectibles to something more useful for both consumers and companies.