The techniques of tracking users through their web browsers have greatly evolved since the birth of the World Wide Web, posing an increasingly significant privacy risk. An important branch of these methods, called fingerprinting, is getting more and more attention, because it does not rely on client-side information storage, in contrast to cookie-like techniques. In this paper, we propose a new, browser-independent fingerprinting method. We have tested it on a data set of almost a thousand records, collected through a publicly accessible test website. We have shown that a part of the IP address, the availability of a specific font set, the time zone, and the screen resolution are enough to uniquely identify most users of the five most popular web browsers, and that user agent strings are fairly effective but fragile identifiers of a browser instance.
Source: 16th Nordic Conference in Secure IT Systems, Tallinn, Estonia, 26–28 October 2011.