A New Threat to Your Online Privacy

Here’s a new challenge to your privacy which is not easy to overcome. It’s a new system being promoted for bank security purposes by a company called The 41st, which takes an online “fingerprint” of your computer. And using secure VPN such as Cryptohippie does not eliminate this threat.

It works like this. An online bank installs third party software on their computer which tracks all your logins. They take information which your browser reveals about your computer: things like your language, your timezone, the version of your browser, plug-ins like Javascript that you may have installed…. they claim to gather around 40 factors like this. Taken together, they make your PC pretty much unique.

So far so good and of course this does have a legitimate use. Its intention is to catch malicious hackers. If one PC with that unique connection of 40 factors is logging in to lots of different accounts, it may be a sign of hacking activity and the bank would then block access to those accounts automatically.

The dangerous thing is that we have seen that the fingerprint is being retained in some cases on a central server, which could be shared between banks. And it’s not just banks using this system, either… its other online financial services companies like credit card issuers, merchant account providers and so on.

Now let’s say you are careful to log in to your home, public passthrough bank account from your home IP address, then you run your VPN on your laptop and log in from another IP address to a completely different bank, which you might want to keep secret for very legitimate reasons. Although you’ve changed your IP address, if this technology is installed at both banks, they would be able to link the two accounts because you logged in from the same PC.

Worse still, would be if you had two accounts in the same bank that the bank doesn’t know are linked, and you want to keep it that way.

Solutions to this problem? Cryptohippie says:

It is a privacy issue that the web browser has. So, it is somewhere between “very hard”, “impossible” and “destroying your application” if we would filter it. Since the issue is your web browser and your javascript a local javascript filter/patch (noscript for example) could help more.

Leave a Comment