Sitting at my computer, I open four or five windows of Mozilla Firefox so that I can set up everything that I need to work. In one window, I type in Grooveshark’s address so that I can listen to music. In another, I open my e-mail to stay updated, and in the rest, I open the articles that I need for my references. However, I quickly notice that since the last time I was on the computer, my internet has slowed to a crawl. I consider closing one of my windows, but I decide against it. Instead, I move my mouse to the top of the screen to the “History” button and click on the “delete cookies” option. Five minutes later, the cookies are still being erased from my computer.
Cookies? What?
There is a fairly well-known internet comic that shows Cookie Monster sitting at his computer with an outraged expression on his face at the idea of deleting cookies. However, internet “cookies,” or packets of data planted on users’ computers in order to collect information about the user or to store settings, are quickly becoming obsolete. Taking their place is a new form of technology known as “device fingerprinting,” a technique that was formerly only used for fraud prevention. As demand for more target-specific advertising grows, though, advertising companies are beginning to take advantage of device fingerprinting technology to track the activity of specific computers across the internet. While this does allow more consumer-relevant ads to be displayed on users’ computers, building a permanent record and profile of a user’s online activity is both invasive and potentially dangerous, especially since these profiles become available for sale on the internet. As a general rule, device fingerprinting should be restricted to fraud prevention software, or should at least allow for a “do not track” option similar to the way that browsers offer cookie-blocking options.
Device fingerprinting is invasive to consumers not because it places anything on the consumers’ computers, but because it builds “profiles” and “reputations” based on consumers’ online habits and connects them with a particular computer model and IP address. This concept alarms many consumers who had assumed previously that their web surfing was relatively private. In addition, fingerprinting requires only the information that computers already must provide to websites in order for content to display properly; because of this, people cannot simply (at this time) click a button to delete or prevent the fingerprinting process, nor can they even know if the process is occurring. When discussing this with Bradford Olson, a student at Minnetonka High School, he noted that he “didn’t even know that [advertising companies] used tracking until [he] noticed one day that there was an Eagle Scout ad on Google” (Personal Interview). The vast majority of current fingerprinting practices operate in this manner, surreptitiously gathering data about users and then using this data to display ads that are sometimes disconcertingly personal. Without notifying consumers of tracking or allowing them to avoid it, device fingerprinting becomes an invasive process that gathers personal information about internet users without their explicit consent.
Not only is device fingerprinting invasive, but it is also potentially dangerous as entire collections of user data become available for sale to third party retailers or services. One such service, a startup tracking company called BlueCava, is “seeking to use a controversial technique of matching online data about people with catalogs of offline information about them, such as property records, motor-vehicle registrations, income estimates and other details” (Angwin and Valentino-Devries, “Race is on…”). This information then would be made available for sale to marketers or other companies. Such in-depth profiles, available on the internet, are prime targets for hackers or identity thieves, especially since there appear to be so many different groups clamoring to buy this type of data. Mr. Kevin Dasch, a vice president at IMVU Inc., a company that runs an online virtual-reality game, says that he does not “mind fingerprints of IMVU customers being added to the exchange,” as long as “his company can use other exchange data in return.” Although the opinions of one company are not necessarily representative of the whole, if a significant number of companies offer up user “fingerprints” in order to receive other internet users’ information, it becomes relatively easy for some of these profiles to be stolen in the process. And anyway, if companies agree to sacrifice some measure of user privacy in order to garner other sources of information and possibly to also garner advertising revenue, are they really acting in the best interests of consumers?
The ideal solution to the issue of device fingerprinting would be to restrict the use of fingerprinting software to anti-fraud uses; however, this is already nearly impossible since many new advertising companies have already begun implementing fingerprinting techniques. So, instead of banning tracking software altogether, the focus should be on allowing consumers the choice to “opt out” of tracking similar to the way that they can block cookies from certain (or all) websites using their internet browsers or anti-virus software. A Federal Trade Commission proposal that would provide this option was introduced in July by FTC chairman Jon Leibowitz, but as of yet, nothing has been passed. The main argument preventing the passage of these rules is that tracking is used to deliver personalized content to users such as “sports scores [and] stock prices,” and thus is beneficial to consumers (Tessler, “Federal Trade Commission…”). However, the perceived benefits of online tracking (such as being able to receive instantaneous scores and prices) are few, and become negligible when compared to the likely consequences (such as having personal information sold to anonymous third parties). A “Do Not Track” option, if made available, would allow consumers to choose their balance between personalization and privacy by letting them designate which websites may use fingerprinting to track their respective computers. This would be beneficial to all consumers, whether they mind the idea of tracking or not, because they could select the level of privacy that they desire, and also because consumers would be better informed about which websites are trying to track them.
As internet browsers and anti-virus software improve, advertising companies are turning to device fingerprinting to replace easily erasable cookies and to collect more specific information about potential customers. However, the lack of transparency and amount of information involved in the fingerprinting process renders such a technology hazardous and unfavorable for internet users. To prevent potential identity theft and unwanted information collection, either Congress or the advertising companies themselves should create a mechanism for internet users to choose which, if any, websites can use fingerprinting on their computers for tracking purposes.
Works Cited
Olson, Bradford. Personal Interview. 12 December 2010.
Angwin, Julia, and Jennifer Valentino-Devries. “Race Is On to ‘Fingerprint’ Phones, PCs – WSJ.com.” Business News & Financial News – The Wall Street Journal – WSJ.com. 30 Nov. 2010. Web. 14 Dec. 2010. <http://online.wsj.com/article/SB10001424052748704679204575646704100959546.html?KEYWORDS=fingerprinting>.
McCandlish, Stanton. “EFF’s Top 12 Ways to Protect Your Online Privacy | Electronic Frontier Foundation.” Electronic Frontier Foundation | Defending Freedom in the Digital World. 10 Apr. 2002. Web. 14 Dec. 2010. <http://www.eff.org/wp/effs-top-12-ways-protect-your-online-privacy>.
Tessler, Joelle. “Federal Trade Commission Proposes ‘Do Not Track’ Tool to Help Web Surfers Duck Marketers | StarTribune.com.” StarTribune.com: News, Weather, Sports from Minneapolis, St. Paul and Minnesota. 01 Dec. 2010. Web. 14 Dec. 2010. <http://www.startribune.com/science/111119669.html?page=1&c=y>.
Valentino-DeVries, Jennifer. “‘Evercookies’ and ‘Fingerprinting’: Are Anti-Fraud Tools Good for Ads? – Digits – WSJ.” WSJ Blogs – WSJ. 01 Dec. 2010. Web. 14 Dec. 2010. <http://blogs.wsj.com/digits/2010/12/01/evercookies-and-fingerprinting-finding-fraudsters-tracking-consumers/?KEYWORDS=fingerprinting>.
Valentino-DeVries, Jennifer. “How To Prevent Device Fingerprinting – Digits – WSJ.” WSJ Blogs – WSJ. 30 Nov. 2010. Web. 14 Dec. 2010. <http://blogs.wsj.com/digits/2010/11/30/how-to-prevent-device-fingerprinting/?KEYWORDS=fingerprinting>.
“Wall Street Journal: Question of the Day Would You Use an Internet “do-not-track” Tool If It Were Included in Your Web Browser?” Business News & Financial News – The Wall Street Journal – WSJ.com. Web. 14 Dec. 2010. <http://online.wsj.com/community/groups/question-day-229/topics/would-you-use-internet-do-not-track>.
Wingfield, Nick, and Jennifer Valentino-Devries. “Microsoft to Add ‘Tracking Protection’ to Web Browser – WSJ.com.” Business News & Financial News – The Wall Street Journal – WSJ.com. 07 Dec. 2010. Web. 14 Dec. 2010. <http://online.wsj.com/article/SB10001424052748703296604576005542201534546.html?mod=WSJ_Tech_LEFTTopNews>.
Digged what I needed from your website within 30 minutes. Thanks!