Web Fingerprinting Demo ⇥ bitestring.com
A non-bylined post at Bitestring:
FingerprintJS has a demo built into its homepage, https://fingerprint.com. When you visit this website, they generate a visitor ID (fingerprint) which is unique for your browser. So even if you clear the cache (and other site data) or visit the site in Private Browsing mode, they can generate the same ID and correlate with your previous visit.
My visitor ID was stable in Safari after visiting fingerprint.com only in private windows across two separate sessions. This, despite using Safari’s anti-tracking features, having iCloud Private Relay switched on, and using browser extensions which limit what kinds of scripts are able to run in my browser — and, again, accessing it only in private windows. On its homepage, FingerprintJS says the “VisitorID will remain the same for years, even as browsers are upgraded”. It can be, near as makes no difference, a permanent personal identifier.
The writer notes Firefox has a
resistFingerprinting setting which does appear to prevent whatever techniques FingerprintJS is using by restricting access to some APIs. However, as this technology is also used to check that website visitors are real people and to reduce credit card fraud, I imagine it could prove restrictive. There are already many websites which challenge me to prove I am not a bot simply because I am using Safari; the same sites do not present so many challenges in Chrome.