Device fingerprinting the emerging tool for behavioural targeting: Socialist Party worried

Every device to roam the web is unique. When computers, smartphones or tablets make contact with websites, they exchange information about for, for instance, fonts, installed software and clock settings. This “fingerprint” of our digital devices is all but unique and easy to track, which is called device fingerprinting.

Device fingerprinting is a technology originally developed to track internet and credit card fraude. However, the technology has a further, potentially much bigger value for companies: as a means to create user profiles. As devices are easily identified, it is not hard to map the web behaviour from that devices. Device fingerprinting is already called “the next generation of online advertising.

MP Sharon Gesthuizen of the Dutch Socialist Party is doubtful of the societal value of this development and has questioned the Minister of the Interior. Gesthuizen wonders whether the privacy of Dutch citizens is duly safeguarded and whether the government shouldn’t initiate research to assess the impact, opportunities and threats of device fingerprinting. Furthermore, Gesthuizen proposes to open a “track-me-not” register, comparable to the “don’t call me” register that is already in place in The Netherlands.

In contrast to cookies, there is no easy way to prevent fingerprinting. The data one’s device sends are part of the protocols used to keep internet traffic going where it should. Deleting or adding fonts to change a fingerprint is not enough to render identification impossible. Furthermore, it is very hard to tell when your fingerprint is being read and by whom. The technology can be employed quite stealthily. Finally there are no readily available ways to delete existing profiles. Gesthuizen is right to question whether the position of internet users is duly safeguarded.

Webbrowsers Internet Explorer and Firefox have announced that their new versions include a “do not track” button. This function should provide users with more control by providing data on which sites store what data. However, it is unclear which tracking technologies are covered by the function. Because it is so hard to know, it is very well possible that this may slip through the net of the “do not track” function.