Simply put, device fingerprinting (also known as canvas fingerprinting) is basically a process of identifying a device based on specific configuration of data.
What is Device Fingerprinting?
In brief, the essence of device fingerprinting lies in combining a number of device attributes (like OS, browser version, IP address, user agent, timezone, language settings, list of installed plugins, etc.) to identify it as a unique device.
Unlike the use of cookies, device fingerprinting is based around the probability that a specific device with certain attributes can be identified as the exact same device.
How It Works
When a user visits a website, a specific piece of JS code gathers all available data points regarding the device and sends it to the server (with a specific hash assigned to it) for storage and further use.
Benefits of Device Fingerprinting
First and foremost, device fingerprinting is crucial for behavior targeting, enabling marketers to identify, track and reach their target customers across all platforms more effectively.
Secondly, the technique plays an important part in fighting advertising fraud (e.g. invalid traffic detection), as well as preventing online frauds in the e-commerce and bank/financial market segments.
Controversies around Device Fingerprinting
One of the biggest concerns, regarding the use of device fingerprinting is that the “fingerprint” can be merged with other user data points, including cookies and those collected on the social media channels you manage, for instance, to eventually create a universal tracker, often referred to as “supercookie.”
More importantly, in regard to Data Protection Laws & Regulations, device fingerprinting somewhat collides with the legitimacy of collection of Personal Data (like device ID and/or IP address), e.g. under GDPR.
Namely, GDPR narrows the scope of legitimate business interests enabling the collection and processing of users’ Personal Data to cybersecurity purposes, identity theft protection, and/or fraud prevention, to name a few.
At the same time, creating device fingerprints for marketing & advertising purposes requires an explicit and informed user consent to be obtained prior to any collection of their Personal Data.