I am sure that if you work in marketing you’ve heard about browser fingerprinting. I'm also pretty sure that you have been offered many products from companies using these techniques.
Here at Uptimal we want to make sure that you and your team have a solid understanding of its implications and its correct application.
What is browser fingerprinting?
In a nutshell, it is a collection of your browser characteristics (browser type, operating system, plugins, timezone, screen resolution... and more!) that all together uniquely identifies your browser. To get a better understanding check out this video on how Google Chrome is handling fingerprinting:
We, marketing people, want user’s data to better spend our media budget. This is often handled through third party cookies that uniquely identify a user and their preferences. However, as I am sure you have heard, this is coming to an end, so the industry is finding new creative ways to identify users across multiple sites.
Is it legal?
This depends on the laws of each country. Taking the EU as privacy law pioneers we can see that fingerprinting is only permitted if:
a) An explicit consent of the user is given that fingerprinting is required to provide a special service and is used in this context without exception to carry out the data transfer or
b) There is another legal basis, such as the entitled interest (according to GDPR Art. 6 1 f), which, however, may no longer be admissible in Germany after the BGH ruling of the end of May. In other EU countries, the Beneficiary's Interest is already no longer regarded as permissible
So there are many factors to take into consideration. Be very careful here and seek legal advice for your specific use case.
Does it really work?
Yes, it does. It can't be easily erased like you can with cookies, although users could use a set of techniques to make it less reliable to avoid uniqueness. But, let’s face it, very few users would do that.
To see how easily identifiable your browser is you can use sites like amiunique.org. I tested it myself using Google Chrome and it concludes that I'm unique among 3 million+ fingerprints on their database. There are very few characteristics where that my fingerprint overlaps with other users. Even if it does, the uniqueness is sufficient for marketing purposes.
Safari claims that they don't use fingerprinting (at least, the most common methods). But if you’re using an iOS device and you do the same test, the result will be very similar. If you are not convinced, you can see a real demo on fingerprintjs.com.
Is it worthwhile?
It all depends on your business and your online presence, but in general, it is worth taking note that: 55% of the total internet share of traffic is using mobile devices. On those mobile devices, 90% of user's mobile usage time is spent in apps, and only 10% browsing on the rest of the internet. Browser fingerprinting doesn’t work in apps as there is no browser to interact with.
If you get positive legal advice and know your target users are mostly web users, you should make the most of it. Gathering this data can bring you valuable insights. On the contrary, if you spend most of your ad budget on app inventory, you don’t need to worry.
As a final note, if you checked the video at the beginning of the post (if you didn’t, do it now), it’s obvious that web browsers will keep fighting against this practice. Therefore any tool you use that solely relies on fingerprinting as a way to identify users will have a very short lifetime.