« Back to Glossary Index


Information collected about the software and hardware of a remote computing device for the purpose of identification. – Wikipedia

Relevance in CRO

Fingerprinting is essentially the act of collecting a sufficiently large enough set of data points in order to be able to uniquely identify users. Surface-level identification methods such as cookies, IP address, and device ID can be easily obfuscated, spoofed, or blocked by a user that does not want to be identified. Fingerprinting is a more robust tracking method that is harder to block.

Think of it like this: there are 10,000 users currently looking at your website. Of those, 4,500 are on a desktop device. Of those, 2,000 use Chrome. Of those, 500 specifically have Chrome version 91.0.4472.124. Of those, 10 have a screen resolution of 1920 x 1080. Of those, only 1 has night mode enabled. Congratulations; you’ve identified me looking at your website, now you can track me. I’m so excited for you!

Individually those data points can’t be used for identification. The trick is aggregating them all together. It’s kind of like when someone slices up test result data with enough segments to find a positive result because they’re too focused on winning.

Fingerprinting has broad applications and implications in CRO. It’s how personalization tools work. Can it be used to maintain variation bucketing across devices? Or even more broadly, can fingerprinting be used to maintain bucketing when cookies go the way of the dodo? How does it run afoul of privacy compliance laws? You might be unintentionally breaking the law by setting up a test goal to track a specific behavior and creating a fingerprinting data point.

« Back to Glossary Index