Is browser fingerprinting a viable technique for identifying anonymous users?
- by SMrF
Is browser fingerprinting a sufficient method for uniquely identifying anonymous users? What if you incorporate biometric data like mouse gestures or typing patterns?
The other day I ran into the Panopticlick experiment EFF is running on browser fingerprints.
Of course I immediately thought of the privacy repercussions and how it could be used for evil. But on the other hand, this could be used for great good and, at the very least, it's a tempting problem to work on.
While researching the topic I found a few companies using browser fingerprinting to attack fraud. And after sending out a few emails I can confirm at least one major dating site is using browser fingerprinting as but one mechanism to detect fake accounts. (Note: They have found it's not unique enough to act as an identity when scaling up to millions of users. But, my programmer brain doesn't want to believe them).
Here is one company using browser fingerprints for fraud detection and prevention:
http://www.bluecava.com/
Here is a pretty comprehensive list of stuff you can use as unique identifiers in a browser:
http://browserspy.dk/