5 maneres d’identificar usuaris web sense utilitzar CookiesAuthor: Joaquim Perez Noguer | Filed under: General
1. Using the user’s IP
Using an IP address is the most obvious solution of all. It is simple and fast, however it is also the least effective. The main problem with the using the IP is that the vast majority of users use dynamic IP, meaning a user’s IP address today may not be the same one tomorrow. Also, if multiple users connect to the same network, everyone will have the same IP and they will all be indistinguishable to the server.
Unfortunately, clearing the LocalStorage is also relatively easy for any user concerned about their privacy and incognito mode browsers still make the user undetectable.
3. Canvas Fingerprinting
What happens is a particular pattern of geometries and text is hidden in an area of each page. Due to the particularities of browsers, operating systems and, above all, graphic cards users, the resulting image on two separate computers can be made distinct (although the instructions for generating it are the same).
This image is a fingerprint unique from any other computer. If we pass on a hash created with this image in every request, we can identify requests made from the same computer without storing anything on the user.
4. User Behavior
The above method still has a problem: it can be detected. Advanced privacy tools (like Tor browsers) are able to detect when you are painting in a “suspect” canvas and will send a notification to the user.
The following method is probably the most complex of all and is only available to some technology giants like Google that have the resources to pull it off. However, if implemented correctly, this new methodology can detect if a user accessed your site from another computer!
The technique is to record the behavior of the user (mouse movements, acceleration, the use of the scroll, etc.) and transmit that information to the server. The user behavior is very personal and can be detected by grouping Machine Learning algorithms.
5. Using the ETAG
Finally, a balance between simplicity and efficiency – this is my favorite method. First of all, let’s explain how the cache works on modern servers.
When a user requests file A for the first time, the server then serves up the ETAG file along with a code that is a signature of the file contents. When the user wants to order the file a second time, the browser (which has the file and the cached ETAG) sends to the server with the ETAG. If the file has not changed, the server that has the ETAG is the same one that was sent by the client and the server, instead of sending the file a second time, tells the browser to use the version that is cached. If the file has changed, the server would send the customer the new version with the new ETAG. Simple, right?