Race Is On to 'Fingerprint' Phones, PCs

Source: Wall Street Journal

IRVINE, Calif.—David Norris wants to collect the digital equivalent of fingerprints from every computer, cellphone and TV set-top box in the world.

He's off to a good start. So far, Mr. Norris's start-up company, BlueCava Inc., has identified 200 million devices. By the end of next year, BlueCava says it expects to have cataloged one billion of the world's estimated 10 billion devices.

Advertisers no longer want to just buy ads. They want to buy access to specific people. So, Mr. Norris is building a "credit bureau for devices" in which every computer or cellphone will have a "reputation" based on its user's online behavior, shopping habits and demographics. He plans to sell this information to advertisers willing to pay top dollar for granular data about people's interests and activities.

-------

It's tough even for sophisticated Web surfers to tell if their gear is being fingerprinted. Even if people modify their machines—adding or deleting fonts, or updating software—fingerprinters often can still recognize them. There's not yet a way for people to delete fingerprints that have been collected. In short, fingerprinting is largely invisible, tough to fend off and semi-permanent.

Read more: http://online.wsj.com/article/SB10001424052748704679204575646704100959546.html?mod=rss_whats_news_technology

---

Breaking Alternative News http://activistnews.blogspot.com/

We've got a real computer expert right here.

Shit. I was *sure* that would change my MAC address!

Web browsers send their name and version, along with the OS name and version, and fonts installed under Java.

This has been known for almost a year. Pick an article:

http://www.google.com/search?hl=en&safe=off&q=browser+fingerprint

will just spoof their user agent string, run noscript, etc, wouldn't they?

It's a tad more complex than "User-Agent" and noscript.

If you don't believe me, try running 300 automated google searches in an hour without being flagged, or walled.

I run about 3,000 a day, and it's a fun, messy, field, to simulate thousands of users.

But then, it's not hard to make a browser tell sweet sweet lies. It only takes a few minutes to batten down the hatches on a vanilla Firefox install.

However, I think it's fair to say that deleting fonts, unless that's a euphemism for something else, probably isn't the most efficient way to go about being sneaky. I'm just an amateur though, so maybe I missed something. I'm not the king of nerds around here by a long shot.

That should throw them off for a couple of days.

So, since you possibly think of yourself as an expert, I'll explain how it works..

Both flash and javascript have font calls, and methods of downloading "missing" fonts.

Font=Cookie.

a derp

No way to notice and find that, right?

"I'm the rare buffalo standing away from the herd! You can't identify me in the herd! I'm way over here, different from all of them!"

*bang*

"Shit."

If it looks like a few hundred other people out of the 1.5 million( http://panopticlick.eff.org/ ), that's ok, imho. Apparently the trick is to get a sufficiently generic user agent string, but for some reason mine is still sticking out even when tuned to a flavor of internet exploder. :shrug:

Never claimed to be a special snowflake, though.

It showed all my PC info, all my fonts, browser type/version, browser plugins, etc. Also thumbnails of the pr0n I'd looked at and most embarrassingly pics of the Esteban guitar I ordered. OK, kidding about the last 2.

That site will not even load for me, because I have Javascript turned off, I think.

uzbl lets you do fun things.

For only $19.95 per month per advertiser.

No Privacy for anyone, anywhere.

All for the Greater Greed.

Makes me wonder sometimes if the developers of the Original Deus Ex had a point.

Blow It All Up and Start It The Fuck Over.

http://www.youtube.com/watch?v=ZGhVxTxjS-Y

I build all my Laptops and Desktops, what has me concerned
is my Phone and maybe my router one day, anyways cant a
wireless or internet provider just sell that them-self?

TP

Are you on Facebook?? That is information assimilated. Aside from your DNA, they know who you know, what you buy, the websites you visit, who you know, your political leanings, what you say, what you think. How does that feel?? There is no such thing as privacy anymorel

if you lie all the time while face/spybooking. So much demographic data exists and so little ability to process it. I don't have any portable devices, except for this laptop...

Just like TV.

And expanded to allow research scientists to exchange pornography^H^H^H^H^H research papers.

Police state? How about the Corporate State?

Seems to me it's the market that collecting, tabulating and collating this information on everyone they can. And the market seems to be a lot more effective and efficient at it that your local PD or even the Feds.

I'm much more concerned about my personal info reaching the market than I am it reaching the Feds.

Not everything is nefarious, ya know?

Once I've researched exactly what a proxy is and how it works, there will be quite a few buffers between myself and the impending fascist conspiracy:freak:

Macromedia essentially gutted the security restrictions Java and Javascript had been operating under, and nobody cared because we were too enamored of being able to watch videos of pandas sneezing.

I doubt hacker types will be intimidated. Watch the techno sites for a counter measure.

I'll bet its under $50.

Yesterday, Kerry introduced legislation written to deal with this. (Coincidentally, his brother, Cam Kerry is heading Obama's task force on this.


http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=433x538934

Anyone who has tested their second RAM channel knows exactly what I mean: just moving the memory over one centimeter used to be enough to force a phone call to Microsoft to re-validate Windows XP, because Windows interpreted that movement as a previously used copy of XP being installed on a new machine.

Toss in zombies, burners, wide-open routers, images, sock puppets, proxies, and clouds, and the quality of the data being collected becomes the proverbial teaspoon of wine in the gallon of sewage, or vice versa--either way, it's shit. It's shit, and it will be used against us.