Companies could soon track people everywhere they go online, even if they switch browsers

Your support helps us to tell the story

Support Now

Find out moreClose

As your White House correspondent, I ask the tough questions and seek the answers that matter.

Your support enables me to be in the room, pressing for transparency and accountability. Without your contributions, we wouldn't have the resources to challenge those in power.

Your donation makes it possible for us to keep doing this important work, keeping you informed every step of the way to the November election

Andrew Feinberg

White House Correspondent

A team of researchers has devised a way of accurately tracking web users across multiple browsers.

The breakthrough could prove particularly useful to advertisers, enabling them to continue serving targeted ads to internet users, even if they tried to avoid them by switching from Chrome to Firefox or Windows Edge.

The research can be found in a paper penned by Lehigh University’s Yinzhi Cao and Song Li, and Washington University in St. Louis’ Erik Wijmans, titled (Cross-)Browser Fingerprinting via OS and Hardware Level Features.

The technique reliably identifies the ‘digital fingerprint’ of users’ browsers, based on information such as extensions, plugins, time zone and whether or not an adblocker is installed.

In a test involving 3,615 fingerprints and 1,903 users, the method had an accuracy score of 99.2%.

“From the negative perspective, people can use our cross-browser tracking to violate users' privacy by providing customized ads,” Yinzhi Cao, the project’s lead researcher, told Ars Technica. “Our work makes the scenario even worse, because after the user switches browsers, the ads company can still recognize the user.

“In order to defeat the privacy violation, we believe that we need to know our enemy well.”

However, as the paper notes, the technique can also be used as part of stronger multi-factor user authentications across browsers.

Banks, for instance, could gain a better understanding of when you’ve logged into your account legitimately, even if you’re using a different machine to usual.

Such tracking was previously only possible on a single browser, so sites wouldn’t be able to match the fingerprint of a user’s Chrome browser with the fingerprint of their Firefox browser, even if they were using the same computer.