Jump to content


Discussing Web Design & Marketing Since 1998

  • Announcements

    • cre8pc

      Thank you! Cre8asiteforums 1998 - 2018   01/18/2018

      Internet Marketing Ninjas released many of the online forums they had acquired, such as WebmasterWorld, SEOChat, several DevShed properties and these forums back to their founders. You will notice a new user interface for Cre8asiteforums, the software was upgraded, and it was moved to a new server. Thank you for your support as we turn 20 years old.  
Sign in to follow this  

Visitor Identification

Recommended Posts

An article in Search Marketing Land ( :)) by Daniel Waisberg UK On Cookie Compliance: Website Owners “Must Try Harder”, 15-December-2011, is well worth reading even for those of us not in the UK/EU. While the 'cookie' provisions being discussed are only a tiny part of quite an encompassing digital electronic regulatory framework they have an inordinate importance to many webdevs.


One of the web's biggest hurdles is that HTTP is a stateless protocol - it has no memory. A common solution is a session id, the identifier portion given to the visitor known colloquially as a cookie. One drawback of this method is that it is an 'active' tracker: the server (website) originates the communication and the client (visitor) either accepts or declines. Many sites, especially in ecommerce, are functionally unusable if the cookie is refused.


So I thought I'd write about something a little different: visitor fingerprinting. Not biometric fingerprinting but device/browser fingerprinting. Why? Because it is an alternative or backup to cookies.


As with most things on the web, browser fingerprinting is not new and only those utilising the process know whether it is improved. Why? Because unlike cookies there is little or no (depending on methodology) recognised communication between the server and the browser.


There are two main classes of remote visitor device fingerprinting that can be utilised by a website:

* passive: observation and analysis of communication traffic with the browser/device.

* semi-passive: after the browser initiates communication the server then interacts.

The third class, active, requires that the server initiate the connection; most sites would rather opt for serve a cookie, as active fingerprinting can be identified and may contravene local regulation/law.


What data points can be used to differentiate devices?

---TCP/IP implementation.

---OS configuration.

Note: even the presence of 'scrubbers' are of value as an identifier.

---browser identification via web retrieval flow analysis

Note: flow analysis can identify browsers even when set to 'another' user agent.

---clock timing skew.

---browser plug-ins, versions, mime types.

---system fonts.

---firewall, router identification and configuration.

---wireless settings

---screen resolution

and many more. To operate devices, be they hardware or software, need to communicate, to share specifications. Basic passive finger printing from several years ago could differentiate ~8-bytes (64 bits) of identifying data sufficient to uniquely identify over 80% of visitors.


Granted this is far short of what is functionally necessary for an ecommerce shopping cart. :D However, unsubstantiated reports suggest current passive, semi-passive combination methodologies are closer to 98%. Even if true and released publicly still short of cookie performance.


However, fingerprinting is totally invisible and long lived (short of significant upgrade or replacement. Note: 'significant' is a moving target as statistical analysis can increasingly look past device changes if IP remains static or vice versa). Certainly sufficiently robust for remarketing, definitely valuable for non-ecommerce sites, and a reasonably reliable failover/extension for ecommerce businesses.


So, when the cookie crumbles know that all is not lost in the fight to induce memory onto a stateless web.

  • Like 1

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this