Device fingerprinting is a technique for identifying a computing device (e.g. desk top, laptop, tablet or smartphone) based on its unique configurations. Many people might own the same device but once we track location and time zone settings, operating system, apps and plugins installed, browser versions, etc. we quickly get a unique device. The goal of device fingerprinting is to connect online identities to real-world ones.
In the past, this has generally been done for security purposes – think of those warnings you get when you log into certain online services from a new phone or tablet. Today however, it is increasingly being used by marketers to learn about us, study our behaviour and sell us things.
Organizations are becoming more and more capable of using our device footprints to effectively de-anonymize us, monitor our actions and predict what we will do next. For retailers, for example, this means they can begin to track our actions from the first time we show interest in a product, to the way we browse sales listings, right up to point-of-sale.
Ritchie Hale – Chief Innovation Officer of TouchCR which integrates device fingerprinting techniques into the service it provides to its B-2-C customers, tells me “It’s about being able to resolve the identification back to a person – looking at the device, fingerprinting it back to a person and maintaining a relationship with that person on an ongoing basis.”
Of course, device fingerprinting would be very straightforward if we all used one device. That clearly isn’t the case – last year Google reported that 70% of internet users connect through at least two different devices each day. To resolve that one person using two devices to, for example, order pizza, are in fact the same person, another identifier is needed – for example an email address, or payment information.
Similarly, devices often change hands, are shared between groups, or have their fingerprint fundamentally altered in some way by, for example, operating system updates. This makes device fingerprinting a bit more complex than it first seems. In order to operate effectively, it requires a continuous ongoing process of cross-referencing and verification which is demanding in terms of CPU power and data bandwidth, making it a Big Data operation.
Nevertheless, as tools and as-a-service frameworks become available, it puts this kind of marketing firepower within the reach of moderately-resourced businesses. This therefore means we are likely to see a lot more of it in the near future.
Device Fingerprinting overcomes some of the inefficiencies of using other means of customer-tracking. Most notably this includes cookies installed in our web browsers, which businesses have long used monitor our behavior when we visit their websites. The problem is that cookies can deleted whenever we want, and its relatively easy for us to stop specific sites, services or companies from using them to track us.
Device fingerprinting doesn’t have this limitation as it doesn’t rely on storing data locally on our machines, instead is simply monitors data transmitted and received as devices connect with each other.
Privacy awareness site amiunique.org refers to device fingerprinting as the “cookie-less monster” due to how it allows us to be tracked without storing cookies.
Monitoring and tracking via device fingerprinting is more difficult for us to circumvent than prior technologies, which makes is unsurprisingly somewhat controversial, and concerns have been raised over the privacy challenges it represents.
I mentioned this to Hale, who said that the solution is for companies to be very up-front and clear about how they are collecting data, and the reasons for it. “Two things need to occur – there needs to be the ability to opt-out of being tracked.
“And then if they do choose to opt-in, the terms of service need to indicate very clearly what is going to go on.”
This might mean sending more, and clearer, notifications to users to let them know they are being tracked. Alongside the “cookie law” notifications that EU users now see on almost every website, further notifications warning that behavior may be tracked through device fingerprints could become common – or even legally obligatory in more privacy-aware jurisdictions.
In other places which have been slower to impose legislation on what marketers can do with personal information, such as the US, the implications could be greater.
“Something we had a significant conversation with our lawyers about was, who owns this data?” Hale tells me.
“Access points can often be provided by third parties – you have a big retail chain with thousands of stores, and a third party managing their access points.
“Who controls that data? The customer needs to be aware and notified at opt-in that [the terms of service apply to] the company which has the retail stores, not for the access point provider, who can actually resell that data if they wanted to.”
For anyone who doesn’t want to be tracked, be it via cookies or device fingerprinting, there are solutions that include the use of virtual private networks (VPNs) that make it look as if we are connecting from a different machine, anonymous internet protocols such as TOR, and operating systems designed to only publish device information which will keep you indistinguishable from other users. Unless you are a whistleblower or want to hide from a despotic regime, these may seem like overkill if you simply want to avoid your bank or supermarket finding out too much about you.
But it is a strategy which is becoming increasingly popular. Last month YouGov reported that 16% of UK internet users have used a VPN, and 25% of those did it in order to avoid advertisers tracking their behaviour.
Thank you for reading my post. Here at HuffPost, LinkedIn and at Forbes I regularly write about management, technology and Big Data. If you would like to read my future posts then simply join my network here or click 'Follow'. Also feel free to connect on Twitter, Facebook or Slideshare.
Also, you might like to know that my brand new book 'Data Strategy: How to Profit from a World of Big Data, Analytics and the Internet of Things' is out now.
And if you want something to read now, then you could check out my my new and free ebook 'Beyond The Big Data Buzz: How Data Is Disrupting Business In Every Industry In The World'.