Who needs cookies (Internet privacy)

Yesterday I was in discussion with a friend about internet and privacy. He has a background in software development and told me about browser fingerprints as a very good alternative to cookies.

What is browser fingerprint? Browser fingerprint is a type of tracking that may identify you far more accurately than any type of cookie and you may never know it was there!

What are Cookies
Cookies are small often encrypted text files which are located in the browser directory. Cookies are created when a user’s visits a particular website. The website creates a text file on you local computer and every time the user goes back the browser retrieves and sends this file to the website server. The cookies that are on your computer are not only form the website the user visit but also from the ads or other elements that are on the website. There are many different kind of cookies for more information see: http://en.wikipedia.org/wiki/HTTP_cookie

Where are cookies good for?
Cookies helps websites to personalize the site based on the users preferences. The preferences of the user is determent by their surf behaviour. This way they can collect data about you including your interests. The contact of a cookies vary from site to site. This can be user logon information for that site or if you bean there before what links on that site did you visit. Cookies don’t scan your computer for any personal information. Any personal information that is in the cookie was put there as a result of own input on the website. Basically cookies are used to profile you.

The law
Back in 2003 we got European directive which is for the protection of privacy in the electronic communications. In 2009 this directive was change. This included a change to Article of the E-Privacy Directive.  This is a requirement to obtain consent for cookies and similar technologies. These rules had to be implement into every Governments law in Europe before may 2011.  The rules in this area are designed to protect the privacy of internet users about which information is being collected about them and that it is not directly personally identifiable. These rules are not designed to restrict online tracking of individuals and the use of spyware but they are intended to prevent information being stored on people’s computers, and used to recognise them via the device they are using, without their knowledge and agreement!

So if you go to a web site, and they want to use cookies and are under European law, you should get a question like below:

Request for cookies sources:http://www.allaboutcookies.org/

Who needs cookies
Why should a web site go to all that trouble to profile you by cookies while there is another way to profile you. Browser fingerprint! Browser fingerprint collect innocuous data about you browser version, system font , screen size, colours, the OS, the date software is installed the plug-in you use etc. It works like a description of a suspect such as the police used. We are looking for a person with black hair who is 1,92 meters long and weighs 85 kg  skin colour is white and has shoe size of 42 and if you collect enough information like this than it is possible to pick somebody out of a crowd.

Browser fingerprint also called device or machine fingerprint is purely used for identifying the user behind the browser. it doesn’t make a difference which browser you use it is possible, even when you use in private browsing! In private browsing means that the browser does not store information about the website you have visited but the website can still track you!

How unique is your fingerprint?
there was an investigation done by Peter Eckersley for the Electronic Frontier Foundation and the came to the conclusion that only one in 286,777 other browsers will share its fingerprint! you can read it in the report about browser-uniqueness. Even if a user makes a change update a plug-in or change the fonts this will change the fingerprint but even than with help of tracking information beside the fingerprints it is possible to identify the user!

How to defend against browser fingerprinting
Browser fingerprint is a powerful tool to track users and it is not very easy to not be unique! there are some ways to be less unique use a common browser and plug-in’s. But the best way is to disable the JavaScript this way it is not possible to detect plugins and fonts e.g. Browser fingerprint relies on scripting. A drawback is that when you disable Java Scripting many site won’t work well.

The cap in the law
When you read the E-Privacy Directive you will noticed that this is not forbidden to track you without a warning as long it is not stored on your computer, but the website will still have to be compliant with the Data Protection Act.But it is still possible to profile you and to track you! So you are on the internet now reading this article, your privacy is gone!