Close to 1.5 percent of the Internet's top websites track users without their knowledge or consent, even when visitors have enabled their browser's Do Not Track option, according to an academic research paper that raises new questions and concerns about online privacy.
The research, by a team of scientists in Europe, is among the first to expose the real-world practice of "device fingerprinting," a process that collects the screen size, list of available fonts, software versions, and other properties of the visitor's computer or smartphone to create a profile that is often unique to that machine. The researchers scanned select pages of the top 10,000 websites as ranked by Alexa and found that 145 of them deployed code based on Adobe's Flash Player that fingerprinted users surreptitiously. When they expanded their survey to the top one million sites, they found 404 that used JavaScript-based fingerprinting. The researchers said the figures should be taken as the lower bounds since their crawlers weren't able to access pages behind CAPTHCAs and other types of Web forms. Mainstream awareness of fingerprinting first surfaced three years ago following the
release of research from the Electronic Frontier Foundation.