What is fingerprinting
Just as the citizen is associated with a personal and exclusive identification code, expressed through a string that identifies his tax code, in the same way it is possible to reconstruct the online activity of a user from a single image – or fingerprint , which in Italian means fingerprint. A technique certainly more invasive than cookies and perhaps even more subtle precisely because it is hidden, used for the achievement of profiling purposes and with potential negative effects or abuses on personal privacy.
When we talk about digital fingerprinting we refer first of all to a process through which a site or service collects a handful of information relating to a specific configuration of the user's device, which are then used to create a unique image of the subject himself, as is the fingerprint. In principle, this technique takes place in two ways: browser fingerprinting , which comes into play when this information is sent by the browser as soon as the user connects to a certain Internet site; or the device fingerprinting , which differs from the first because these data are sent not from the browser, but from applications installed on the device.
The fingerprinting has been around for more than a decade even if it is still unknown to most. Its establishment derives above all from the changes in online targeting methods following the actions taken by users and the restrictive policies regarding cookies . Hence the opportunity for tracking companies to explore alternative tools, and fingerprinting is certainly one of them. More sophisticated, because it is a hidden tracking method , and more aggressive than the cookies themselves. And the activation of the “private browsing” mode, now present on most of the browsers , is of no use, much less having deleted the data.
The browser's fingerprint aims to identify the user, so that they can be recognized later. In this way, it is possible to observe the behaviors held by that user while browsing the web and, from here, acquire knowledge that allows advertisers to display personal content , i.e. specifically created in clusters of groups in which the user himself is inserted. In fact, the data collection allows advertising companies to profile users and better convey targeted advertising.
However, it must be said that fingerprinting can have positive uses. For example, this technique can be used to identify the characteristics of botnets and to detect potential fraud.
The data collected through fingerprinting is based on a complexity of information related to the hardware, software, add-ons and preferences or settings of the device, which combined together allow you to create a unique and more easily identifiable fingerprint. These data include, among others, active services, the type of PC, the version of the operating system , the screen resolution , the fonts used, the active plug-ins , the time zone. The attributes are concatenated into a long string and the fingerprint is defined as the hash value of the string.
We must not fall into the misunderstanding of assimilating cookies to fingerprinting , as they are different concepts. Without getting too technical, we can say that while the cookies are stored on the user's device or on the client part of the browser, on the contrary for fingerprinting and the other “passive” identifiers, the user has no available remedies that can be operated independently, as the fingerprint is stored outside the device , and remains in the availability of the owner and for which the person concerned therefore has no room for action. This is a substantial difference, taking into account that in the case of cookies, the user has the possibility to legally express his refusal to be profiled by exercising all the protections provided for by the European Data Protection Regulation ( GDPR ). Without forgetting the intrinsic characteristic of cookies: being stored directly on the device, the user has the possibility to block or remove them. Speaking of fingerprinting , the browser engineers Google Chrome wrote: «It is neither transparent nor under user control; therefore it translates into monitoring that does not respect the user's choice “.