E-commerce and advertising on the Web has now grown into a large industry due to the penetration of the Internet. Traders are intended to bring their products and services to all potential customers, the most efficient way of this is applying targeted advertisements which are based on interests and tastes of people. Providers are able to do this by profiling people, which can be done by tracking, observing and analyzing their online activity.
User tracking on the web has an important role in this as the basic tool for committing such activities. User tracking methods are present since the birth of the Internet and continually being developed in parallel with the technology. The state-of-the-art method is designed to fingerprint the browser agent, the system or the device itself by collecting properties through the user’s web browser. These unique user identifiers can be re-produced, and therefore this technique is called fingerprinting.
Evolution of privacy-invasive user tracking techniques is always a step ahead against privacy protection methods, since the latter is usually a reaction to the problem which is already present. There is no publicly available defensive solution against fingerprinting techniques, and those which are available do not provide comprehensive protection, or cause damage to the user experience by over-regulation.
In this thesis I introduce the user tracking techniques on the web, emphasizing the fingerprinting methods and their technical background. Then I establish criteria to the state-of-the-art information based fingerprinting methods which are assumed to be effective, by the analysis of the information sources. After that I examine a fingerprinting technique, and also analyze the related dataset, and the way how it could be improved, and then I introduce my fingerprinting method with some preliminary statistics, and also the future development recommendations. Finally I propose a protection method to impede fingerprinting-based tracking while maintaining browsing experience, and besides I introduce the proof-of-concept application in which I implemented the protection, and also discuss results created while it was used.