Fingerprinting: Difference between revisions

Line 7:

Fingerprinting can work in 2 ways, depending on how much access the fingerprinter has:

* '''~~Minimal~~ access''': By collecting one or more data items (e.g. device hardware, web browser, browser plugins, configuration, screen resolution, installed fonts, etc...)<ref>{{Cite web |title=How does device fingerprinting work? |url=https://www.crossclassify.com/resources/articles/how-does-fingerprinting-work/ |url-status=live |archive-url=http://web.archive.org/web/20250907041725/https://www.crossclassify.com/resources/articles/how-does-fingerprinting-work/ |archive-date=7 Sep 2025 |access-date=31 August 2025 |website=crossclasiffy.com}}</ref> from the subject and turning them into a much shorter bit string that uniquely identifies itself (typically by applying a [[wikipedia:Hash_function|hash-function]]), this string can be recomputed and then matched against a database, to repeatedly correlate device activity. Even the ''lack of data can be used to build a fingerprint'', as certain data is unlikely to be missing. Because of the many different variables used to generate a fingerprint, adding extensions and changing settings intending to increase privacy may have the opposite effect.

*'''Low access''': By collecting one or more data items (e.g. device hardware, web browser, browser plugins, configuration, screen resolution, installed fonts, etc...)<ref>{{Cite web |title=How does device fingerprinting work? |url=https://www.crossclassify.com/resources/articles/how-does-fingerprinting-work/ |url-status=live |archive-url=http://web.archive.org/web/20250907041725/https://www.crossclassify.com/resources/articles/how-does-fingerprinting-work/ |archive-date=7 Sep 2025 |access-date=31 August 2025 |website=crossclasiffy.com}}</ref> from the subject and turning them into a much shorter bit string that uniquely identifies itself (typically by applying a [[wikipedia:Hash_function|hash-function]]), this string can be recomputed and then matched against a database, to repeatedly correlate device activity. Even the ''lack of data can be used to build a fingerprint'', as certain data is unlikely to be missing. Because of the many different variables used to generate a fingerprint, adding extensions and changing settings intending to increase privacy may have the opposite effect.

* '''Full access''': By inserting unique (or mostly unique) data into the subject, there's no need to recompute the fingerprint, so it can be compared and matched faster. An example of this is ''Unicode [[wikipedia:Steganography|steganography]]'', which consists on adding invisible and/or [https://www.unicode.org/reports/tr39/tr39-32.html#confusables confusable] characters in digital text, so that copy-pasting the text distributes the fingerprint.<ref>https://www.zachaysan.com/writing/2017-12-30-zero-width-characters</ref><ref>https://www.zachaysan.com/writing/2018-01-01-fingerprinting-update</ref>

*'''Full access''': By inserting unique (or mostly unique) data into the subject, there's no need to recompute the fingerprint, so it can be compared and matched faster. An example of this is ''Unicode [[wikipedia:Steganography|steganography]]'', which consists on adding invisible and/or [https://www.unicode.org/reports/tr39/tr39-32.html#confusables confusable] characters in digital text, so that copy-pasting the text distributes the fingerprint.<ref>https://www.zachaysan.com/writing/2017-12-30-zero-width-characters</ref><ref>https://www.zachaysan.com/writing/2018-01-01-fingerprinting-update</ref>

==Why it is a problem==

@@ Line 7: / Line 7: @@
 <!-- Can someone knowledgable enough please check this? -->Fingerprinting can work in 2 ways, depending on how much access the fingerprinter has:
-* '''Minimal access''': By collecting one or more data items (e.g. device hardware, web browser, browser plugins, configuration, screen resolution, installed fonts, etc...)<ref>{{Cite web |title=How does device fingerprinting work? |url=https://www.crossclassify.com/resources/articles/how-does-fingerprinting-work/ |url-status=live |archive-url=http://web.archive.org/web/20250907041725/https://www.crossclassify.com/resources/articles/how-does-fingerprinting-work/ |archive-date=7 Sep 2025 |access-date=31 August 2025 |website=crossclasiffy.com}}</ref> from the subject and turning them into a much shorter bit string that uniquely identifies itself (typically by applying a [[wikipedia:Hash_function|hash-function]]), this string can be recomputed and then matched against a database, to repeatedly correlate device activity. Even the ''lack of data can be used to build a fingerprint'', as certain data is unlikely to be missing. Because of the many different variables used to generate a fingerprint, adding extensions and changing settings intending to increase privacy may have the opposite effect.
+*'''Low access''': By collecting one or more data items (e.g. device hardware, web browser, browser plugins, configuration, screen resolution, installed fonts, etc...)<ref>{{Cite web |title=How does device fingerprinting work? |url=https://www.crossclassify.com/resources/articles/how-does-fingerprinting-work/ |url-status=live |archive-url=http://web.archive.org/web/20250907041725/https://www.crossclassify.com/resources/articles/how-does-fingerprinting-work/ |archive-date=7 Sep 2025 |access-date=31 August 2025 |website=crossclasiffy.com}}</ref> from the subject and turning them into a much shorter bit string that uniquely identifies itself (typically by applying a [[wikipedia:Hash_function|hash-function]]), this string can be recomputed and then matched against a database, to repeatedly correlate device activity. Even the ''lack of data can be used to build a fingerprint'', as certain data is unlikely to be missing. Because of the many different variables used to generate a fingerprint, adding extensions and changing settings intending to increase privacy may have the opposite effect.
-* '''Full access''': By inserting unique (or mostly unique) data into the subject, there's no need to recompute the fingerprint, so it can be compared and matched faster. An example of this is ''Unicode [[wikipedia:Steganography|steganography]]'', which consists on adding invisible and/or [https://www.unicode.org/reports/tr39/tr39-32.html#confusables confusable] characters in digital text, so that copy-pasting the text distributes the fingerprint.<ref>https://www.zachaysan.com/writing/2017-12-30-zero-width-characters</ref><ref>https://www.zachaysan.com/writing/2018-01-01-fingerprinting-update</ref>
+*'''Full access''': By inserting unique (or mostly unique) data into the subject, there's no need to recompute the fingerprint, so it can be compared and matched faster. An example of this is ''Unicode [[wikipedia:Steganography|steganography]]'', which consists on adding invisible and/or [https://www.unicode.org/reports/tr39/tr39-32.html#confusables confusable] characters in digital text, so that copy-pasting the text distributes the fingerprint.<ref>https://www.zachaysan.com/writing/2017-12-30-zero-width-characters</ref><ref>https://www.zachaysan.com/writing/2018-01-01-fingerprinting-update</ref>
 ==Why it is a problem==