In the paper Professors Balaji Padmanabhan and Catherine Yang hypothesized that website operators could use insights gained by observing how users navigate sites over multiple sessions to distinguish between two anonymous visitors, something the pair believes could help a number of company’s prevent fraud online.
"Our main finding is that even trivial features in an Internet session can distinguish users," Padmanabhan said. "People do seem to have individual browsing behaviors."
The pair said between three and 16 sessions are needed to identify an individual user’s clickprint.
Padmanabhan believes that using clickprints to clamp down on fraud will strike a balance that could please privacy advocates because the clickprints don’t identify the personal information of the user.
"If Amazon or a credit card company that can track everything you do uses clickprints, the perception is different because you expect it," he said.
Yang agreed, saying, “the paper is really proof of [the] concept that behavior and minimal information can be used to identify users.”
In one example, they found that from seven aggregated sessions they could distinguish between two different surfers with a confidence of 87 percent. With 51 sessions, the confidence level increased to 99 percent.