Belgian researchers are slated to release a free software framework to the public in November that is designed to identify "fingerprinting," a browser-based method of tracing users by tracking features of a specific device, creating a unique ID.
In a recent study at the University of Leuven, Belgium, researchers used the framework, called FPDetective, to crawl many popular sites. Results found that more sites use fingerprinting techniques than previously was believed.
A device fingerprint is a set of system attributes with a combination of values that are highly likely to be unique to a single machine, such as a personal computer or cell phone, says the white paper.
"It's an increasingly common practice by advertisers and anti-fraud companies," says Gunes Acar, a PhD student in privacy-enhancing technologies at the university who worked on the white paper. He says that Flash, Java-Script, many third-party plug-ins and even website banners can extract the necessary features to create a unique ID.
Some features collected include the device's screen size, the version of installed software and the list of installed fonts.
Acar adds that fingerprinting is an attractive method of identifying users because it is not regulated like other popular data-collecting methods, such as cookies.
"There is a cookie directive in the EU," says Acar. The directive reveals sites that collect cookies. "Sites using fingerprinting can circumvent this list," he adds.
Regulation and litigation are "soft" means of fighting invasive tracking, but Acar and his team are focused on hard-tech methods.
"We are thinking about releasing the list of websites we found [during the study]," says Acar. However, he doesn't want to step on toes at the university.