DEV Community

Discussion on: How the Web Audio API is used for browser fingerprinting

 
savannahjs profile image
Savannah Copland πŸ‘‹

To the cookies comment - yes that's right.

For breaking laws (as it pertains to GDPR and the EU), there are different rules for 'data processors' and 'data controllers'. We have responsibilities as a data processor that include data encryption, ensuring proper authorization access and confidentiality of data, and security incident reports and auditing. The data controller also has its own set of requirements, including asking for consent to track for marketing purposes. The Information Commissioner’s Office (who enforces GDPR) can levy significant fines against either the processor, the controller, or both, depending on who is breaking the rules. So in short, it depends, but we take our end of upholding privacy laws very seriously.

For organizations using us - we have some logos on our homepage but other than that we don't provide a full list!

Thread Thread
 
shadowfaxrodeo profile image
Nathaniel

I'm sorry to belabour the point.

The privacy and security implications of this go beyond legal questions into ethical ones. Tools like this are always abused β€”Β and it's often the most vulnerable people who pay the price.

I'm sure you take all kinds of strict security and legal measures, but in my opinion this is going to hurt people. I hope I'm wrong.

Thread Thread
 
bezpowell profile image
BezPowell

I'm in complete agreement here. It may also be subject to the same restrictions as cookies, but we all know cookies are regularly abused when different websites pool their data on individuals.

I suppose a big advantage of having this as a open-source project is it might make it easier to develop tools to circumvent it. We know that many unscrupulous websites are already fingerprinting users (try running some websites to use through Blacklight, the results can be scary), so knowing how they are doing so is better than having to guess.

The prevalence of tracking scripts and finger-printers is the reason I do most of my day to day browsing using Tor browser. Just because I'm not doing anything illegal doesn't mean I want websites tracking everything I do.

Thread Thread
 
shadowfaxrodeo profile image
Nathaniel

Thanks for the link to Blacklight β€” that's a really interesting website.

Looking at the Github for FingerprintJS there's an thread about the ethical implications of the project: #430.

The authors defend themselves by saying the library helps defend users from privacy violations by being open source, and therefore bringing to light these issues.

They build weapons so world can better defend itself against people who use their weapons.

@savannahjs Does fingerprintJS also maintain an opensource library for protecting users?