Everything you always wanted to know about web-based device fingerprinting (but were afraid to ask)


December 10, 2013


Nick Nikiforakis


KU Leuven University


Billions of users browse the web on a daily basis, and there are single websites that have reached over one billion user accounts. In this environment, the ability to track users and their online habits can be very lucrative for advertising companies, yet very intrusive for the privacy of users.

In this talk, we are going to take a step back and describe many aspects of web-based device fingerprinting, i.e., the ability to tell users apart, without the use of cookies or any other client-side identifiers, by associating browsing environments with users. We will explain how device fingerprinting works on the current web, who are the big players offering fingerprinting-as-a-service as well as who are their clients. Moreover, we will demonstrate that most of the current methods of protecting one’s self against fingerprinting, not only do not work, but often make the user more fingerprintable than before. Our work shows that user-fingerprinting is on the rise, and calls for further attention of fingerprinting and its consequences, from the technical as well as legal community.


Nick Nikiforakis

Nick Nikiforakis is a Postdoctoral Researcher at the KU Leuven University, in Belgium. Nick’s current interests lie in the analysis of online ecosystems from a security and privacy perspective and he has published his work in top conferences of his field, including CCS, S&P, and WWW. More information about him can be found online, on his personal page: http://www.securitee.org