Close to 1.5 percent of the Internet’s top websites track users without their knowledge or consent, even when visitors enable their browser’s Do Not Track options, according to a research team in Europe.
The researchers say these figures should be taken as the lower bounds of the spectrum.
Device fingerprinting serves many legitimate purposes, including mitigating the impact of denial-of-service attacks, preventing fraud, protecting against account hijacking, and curbing content scraping, bots, and other automated nuisances, the article says. However, few websites disclose the practice in their terms of service. Marketing companies advertise their ability to use fingerprinting to identify user behavior across websites and devices.
According to the article, device fingerprinting may have given the National Security Agency and its counterparts around the world an avenue to identify people using the Tor privacy service. The Guardian reported that the agency is capable of injecting script redirections into the traffic of Tor users.