WTF is device fingerprinting?
The cookie is the best-known method for identifying and tracking people online. But it’s not the only one. For years, device fingerprinting has gone somewhat under the radar as a more surreptitious alternative to the cookie. However, browser makers including Apple, Google and Mozilla have recently targeted device fingerprinting as a privacy-invasive practice that they are looking to eradicate as part of a broader crackdown on online tracking.
WTF is device fingerprinting?
Device fingerprinting is a way to combine certain attributes of a device — like what operating system it is on, the type and version of web browser being used, the browser’s language setting and the device’s IP address — to identify it as a unique device. It’s an imperfect method of identification. Unlike the cookie, which is effectively a tracking monitor placed on an individual device, device fingerprinting relies on the probability that a device recognized as having certain attributes on one day is the same device seen with those same attributes on another day.
What is it used for?
Using device fingerprinting to identify and track someone online is similar to recognizing someone in a police lineup. A witness may remember certain characteristics of a suspect — like how tall they were, their hair color and length, whether they were male or female, etc. — and if someone in the lineup shares those characteristics, the witness may assume that person is the suspect. They may be right, but they’re effectively making an informed guess about the person’s identity based on this patchwork of information.
Device fingerprinting can, in some ways, be a more reliable way of identifying and tracking devices online. The practice emerged within the online advertising industry as an alternative to the cookie for environments like mobile apps where companies cannot place cookies to definitively track individual devices. And since people can delete cookies from their browsers but are less likely to change operating systems or reset their IP addresses, device fingerprinting can provide a more consistent way of tracking people around the web.
Device fingerprinting seems shady. Is there any way for someone to not let companies use device fingerprinting to track them online?
Not really. People can use virtual private networks to disguise their IP addresses, but for the most part, device fingerprinting is hard for individuals to prevent. That’s because the information used for device fingerprinting is basic information that’s passed anytime a website loads in a browser in order to make sure the site loads properly, such as by recognizing that a person is using a browser that doesn’t support a particular feature or is set to view content in a particular language.
Can’t web browsers do anything to prevent device fingerprinting?
Yes, and they are. Over the past year, Apple, Google and Mozilla have announced that they will be limiting device fingerprinting within their respective browsers. They are taking different approaches to this. Apple obscures the data that is collected and combined for fingerprinting in an effort to make it harder for companies to use that information to identify a device while still passing enough of the data for sites to load properly. Mozilla relies on a third-party list that names specific companies that perform fingerprinting and blocks those companies from accessing the information used for fingerprinting. And Google has proposed, but not implemented, a “privacy budget” to put a cap on how much of the information used for device fingerprinting a given company can access at a time.
Do a lot of ad tech companies use device fingerprinting to track people?
It’s unclear, even among ad tech companies. Digiday asked seven ad tech companies — BounceX, Dataxu, Index Exchange, LiveRamp, Lotame, Sovrn and Tapad — if they use device fingerprinting, and all seven said that they do not because of the difficulty in providing people with an option to opt out of this kind of tracking.
“I don’t see a wide utilization of fingerprinting,” said Mark Connon, COO of Tapad, an ad tech company that specializes in cross-device advertising.
However, while those companies don’t use device fingerprinting, others might. Ad exchanges have asked Dataxu CTO Bill Simmons whether the automated ad-buying firm uses device fingerprinting, and when he replies that Dataxu does not, “people are surprised we don’t,” said Simmons, who has taken the exchanges’ response as indication that many ad tech companies may use fingerprinting.
A clearer indication of which companies use fingerprinting can be found in the list of companies that Mozilla uses to block fingerprinting. That list includes ad verification firm DoubleVerify and demand-side platform MediaMath. MediaMath declined to comment on its use of fingerprinting, and DoubleVerify did not respond to a request for comment. However, it’s possible that neither company uses fingerprinting to track people for ad targeting purposes.
Is this just for ad targeting?
Not at all. Bank websites, for instance, can use the same information to check whether a person trying to log into a given account is the person who owns that account based on whether they are using a device or browser that has been previously used to log in, said Lotame CMO Adam Solomon. It can also be used for measuring ads across multiple devices. Companies often use IP addresses to associate multiple devices that connect to the same wifi network within a single household. This association helps them to recognize how many times a given brand’s ads were shown across those devices so that they can manage the frequency with which people are bombarded with the brand’s ads.
‘Going above and beyond usual benefit norms’: Companies are starting to give employees time off for pregnancy loss
In an effort to better support working parents, companies across the industry are ramping up family leave policies for everything from miscarriage to adoption.
How (and why) agencies are adapting to stay relevant in the metaverse
To get more comfortable in this new environment, some agencies are getting involved in experimental projects to stake their claim to the metaverse.
‘Reach a totally different audience’: With Sundance virtual once again, marketers pivot to online experiences
Until earlier this month, this year’s Sundance was meant to be a hybrid festival with attendees returning to Park City to participate in-person as well as virtual elements for attendees to tune-in online.
SponsoredHow the relationship between live events and mobile devices is evolving in 2022
Sponsored by AdColony The pandemic has accelerated changes in the way people consume content — and live events are part of that transformation. For advertisers, the questions are the kind on which campaign success depends: In what ways (and numbers) have people returned to watching sports, e-sports and events such as the Grammys? Are they […]
Pepsi launches app and short ‘trailer’ to hype Super Bowl halftime show
The soft-drink giant will promote its Super Bowl Halftime show with a newly launched app and a short film directed by F. Gary Gray.
‘The business is at a level of scale now’: The Brandtech Group CEO David Jones on building a business for the ‘post-advertising’ world
Not only is the holding group past the hype cycle peak these businesses usually encounter, it’s skipped right over the trough of disillusionment that tends to follow and is straight into growth mode.