“Machine/device fingerprinting” technologies allow collecting and recording unique traces of individual devices. This technique has been primarily used for tracking bad guys and making it difficult for them to repeatedly use the same device for nefarious purposes. Typically a client-side script is used to collect information (“fingerprint”) of the device which is subsequently stored on the server side. Today several vendors exist on the market offering various patented ways of collecting the device data (including the internal clock, screen parameters, OS data etc.). Recently announced and hyped “evercookie” is an example of an open source code offering even more innovative ways of doing the same. Alas, while sophistication of these techniques is impressive, it doesn’t take equal sophistication for the fraudsters to neutralize (or neuter – if you will) these measures to completely circumvent device identification. Using a virtual machine (or a simple sandboxie), not to mention completely avoiding the usage of browsers in mounting cyber attacks, is a sufficient antidote to the pains companies go to “fingerprint” fraudsters’ devices. Indeed, it’s a matter of time for the fraudster community to fully adapt to the “fingerprinting” technologies…
Having said that, device “fingerprinting” is far from being dead – it is definitely finding second – perhaps more significant – life in growing trends for “average” user tracking – e.g. serving advertisement industry. Here an average netizen – being far less sophisticated than an average fraudster – is pretty much powerless against them (unless tracking is made illegal by law). Device fingerprinting will not lose its value, it’s just IMHO the days of it as a way of fighting fraud are numbered.