A device fingerprint or machine fingerprint or browser fingerprint is information collected about a remote computing device for the purpose of identification. Fingerprints can be used to fully or partially identify individual users or devices even when cookies are turned off.
Basic web browser configuration information has long been collected by web analytics services in an effort to accurately measure real human web traffic and discount various forms of click fraud. With the assistance of client-side scripting languages, collection of much more esoteric parameters is possible. Assimilation of such information into a single string comprises a device fingerprint. In 2010, EFF measured at least 18.1 bits of entropy possible from browser fingerprinting, but that was before the advancements of canvas fingerprinting, which claims to add another 5.7 bits.
Recently such fingerprints have proven useful in the detection and prevention of online identity theft and credit card fraud. In fact, device fingerprints can be used to predict the likelihood users will commit fraud based on their signal profile, before they have even committed fraud.
Prior to early 2017, device fingerprinting was limited to single browsers. If a user switched browsers regularly, fingerprinting could not be used to link the user to these browsers. A cross browser fingerprinting method has been published which allows tracking of a user across multiple browsers on the same device.
Motivation for the device fingerprint concept stems from the forensic value of human fingerprints. In the "ideal" case, all web client machines would have a different fingerprint value (diversity), and that value would never change (stability). Under those assumptions, it would be possible to uniquely distinguish between all machines on a network, without the explicit consent of the users themselves.