Beyond Cookie Monster Amnesia: Real World Persistent Online Tracking
This research addresses the lack of real-world data on browser fingerprinting, a privacy threat for web users, by providing empirical insights into its widespread use.
The study investigated the prevalence and characteristics of browser fingerprinting on popular websites, finding that approximately 69% of websites are potentially involved in first-party or third-party fingerprinting, with third-party methods being predominant and more privacy-damaging.
Browser fingerprinting is a relatively new method of uniquely identifying browsers that can be used to track web users. In some ways it is more privacy-threatening than tracking via cookies, as users have no direct control over it. A number of authors have considered the wide variety of techniques that can be used to fingerprint browsers; however, relatively little information is available on how widespread browser fingerprinting is, and what information is collected to create these fingerprints in the real world. To help address this gap, we crawled the 10,000 most popular websites; this gave insights into the number of websites that are using the technique, which websites are collecting fingerprinting information, and exactly what information is being retrieved. We found that approximately 69\% of websites are, potentially, involved in first-party or third-party browser fingerprinting. We further found that third-party browser fingerprinting, which is potentially more privacy-damaging, appears to be predominant in practice. We also describe \textit{FingerprintAlert}, a freely available browser extension we developed that detects and, optionally, blocks fingerprinting attempts by visited websites.