Is browser fingerprinting a viable technique for identifying anonymous users?

Posted by SMrF on Programmers See other posts from Programmers or by SMrF
Published on 2011-11-29T18:42:02Z Indexed on 2011/11/30 2:06 UTC
Read the original article Hit count: 368

Is browser fingerprinting a sufficient method for uniquely identifying anonymous users? What if you incorporate biometric data like mouse gestures or typing patterns?

The other day I ran into the Panopticlick experiment EFF is running on browser fingerprints.

Of course I immediately thought of the privacy repercussions and how it could be used for evil. But on the other hand, this could be used for great good and, at the very least, it's a tempting problem to work on.

While researching the topic I found a few companies using browser fingerprinting to attack fraud. And after sending out a few emails I can confirm at least one major dating site is using browser fingerprinting as but one mechanism to detect fake accounts. (Note: They have found it's not unique enough to act as an identity when scaling up to millions of users. But, my programmer brain doesn't want to believe them).

Here is one company using browser fingerprints for fraud detection and prevention:
http://www.bluecava.com/

Here is a pretty comprehensive list of stuff you can use as unique identifiers in a browser:
http://browserspy.dk/

© Programmers or respective owner

Related posts about authentication

Related posts about Identity