Clearing your cookies is not enough to protect your privacy online.
New research led by Texas A&M University found that websites are covertly using browser fingerprinting — a method to uniquely identify a web browser — to track people across browser sessions and sites.
“Fingerprinting has always been a concern in the privacy community, but until now, we had no hard proof that it was actually being used to track users,” said Dr. Nitesh Saxena, cybersecurity researcher, professor of computer science and engineering and associate director of the Global Cyber Research Institute at Texas A&M. “Our work helps close that gap.”
When you visit a website, your browser shares a surprising amount of information, like your screen resolution, time zone, device model and more. When combined, these details create a “fingerprint” that’s often unique to your browser. Unlike cookies — which users can delete or block — fingerprinting is much harder to detect or prevent. Most users have no idea it’s happening, and even privacy-focused browsers struggle to fully block it.
“Think of it as a digital signature you didn’t know you were leaving behind,” explained co-author Zengrui Liu, a former doctoral student in Saxena’s lab. “You may look anonymous, but your device or browser gives you away.”
This research marks a turning point in how computer scientists understand the real-world use of browser fingerprinting by connecting it with the use of ads.
“While prior works have studied browser fingerprinting and its usage on different websites, ours is the first to correlate browser fingerprints and ad behaviors, essentially establishing the relationship between web tracking and fingerprinting,” said co-author Dr. Yinzhi Cao, associate professor of computer science and technical director of the Information Security Institute at Johns Hopkins University.