The Sneaky New Way to Spy on Unsuspecting Internet Users
A growing realization among those online around the world is that we’re never alone. From Edward Snowden’s whistleblowing on the U.S. National Security Administration’s illegal spying on Americans to reports on period trackers selling users’ data to advertisers, Internet users have become well aware their data is not secure. This has spurred various ways in which we could protect our data– from activating incognito mode to clearing tracking cookies that websites drop into a user’s browser. But as users implement better methods to secure their data, websites come up with ingenious ways to better track it. In this glorified digital game of cat and mouse, a new attack strategy has quickly gained ground: digital fingerprinting.
A Washington Post analysis found at least a third of 500 surveyed websites, including CNN, Xvideos, WebMD, and Thesaurus.com, use digital fingerprinting to target users. It’s a method of collecting data about a person’s device — be it phone, laptop or tablet — that they might not even have thought to hide. These websites force users’ browsers to share data such as the resolution of a computer screen, the font a user uses, or tiny details about their operating system, which the websites then combine to create a unique identity for a user’s device. Every website has a different digital fingerprinting code, which determines what minuscule data points they will extract from the device. This diversity makes it difficult to prevent digital fingerprinting from happening. What’s more, with digital fingerprinting, these websites can even search by which users have enabled no-tracking methods in their browser, to end up doing just that.
“Fingerprinting is designed to be user-hostile,” Patrick Jackson, chief technology officer of privacy software company Disconnect, told the Washington Post. “It even takes the fact that you don’t want to be tracked as a parameter to make your fingerprint more unique.” The Post further reported many at Google have identified digital fingerprinting as a threat to online autonomy; “because fingerprinting is neither transparent nor under the user’s control, it results in tracking that doesn’t respect user choice,” Google engineers wrote in May.
Related on The Swaddle:
With this unique identity, websites can track users’ movement on the Internet, and in turn, their online behavior, which they then use to create ads that are specifically targeted to users’ needs. The problem is, this intrusion isn’t all that altruistic. It’s a naked attempt by marketers not only to tap a consumer base that fits their target demographic but also to artificially create a need for their products. While this problem isn’t all that new, growing awareness among Internet users about all the ways websites do this has led them to implement protective measures against such unwarranted intrusion. But with digital fingerprinting, users don’t yet know how they can protect themselves and their data. A direct repercussion, according to one 2016 study, is that ads are not simply providing consumers with what they want, they are also changing consumer behaviors and desires. A personalized ads-based digital marketing strategy has also led to the spread of fake news and rampant false political advertising that has the power to change the fabric of democracy if left unchecked.
When the Washington Post reached out to all the companies they identified had digital fingerprinted the users who visited their websites, many played dumb, saying they had no idea they were doing it. Only six out of 30 admitted to using digital fingerprinting code on their website, and agreed to remove it — four of the six websites belonged to the U.S. government.
Digital fingerprinting has been a known practice for almost a decade, the Washington Post reported, but it was more of a theoretical threat. Now, websites, such as Airbnb and eBay, often use the method under the guise of wanting to protect users’ data — they can use the unique data they have collected from users’ browsers to “stop you from sharing a password, identify fraudsters and block harmful bots.” But when it comes to violating users’ privacy — even of users who have explicitly conveyed they would not like to be tracked — all the ways in which digital fingerprinting can be used for good seem futile, since the initial methods are so shady.
“Data collected today can be used against us today, tomorrow or even 10 years from now,” Jackson told the Washington Post. “Your browsing history, the apps you use and the data you give companies can lead to voter manipulation, targeted behavior modification, and further aids the mass surveillance of our activities on and offline.”