Computer Identification

Computer identification can be a means of user identification. However there can be a difference because computer identification pertains to the computer or device that a user may be using whereas a user may use several different computers/devices.

User identification

User identification is necessary to manage access to private groups and priveleges. For example to access one's bank account online a username and password is required before gaining access to account data. Now that everyone is expected to have a mobile phone, quoting a validation number sent by a short message service (SMS) has become part of the login process.

Password protection

Password protection is the requirement of a username and matching password to be submitted. Additional validation can be required by responding to a short message service (SMS). However bots can guess passwords by trying variations based on known details about the user such as their name, email or anything else on record. Date of birth is commonly used so they try a combination of numbers.

Consequently most sites now require that a mixture of letters and numbers be used in a password including at least one capital letter and one non-alphanumeric letter (!@#$%^&*+?). However this can pose a problem when web developers do not filter such imputs because those special characters can be used as commands to read, edit and delete database records.

Many sites now require that passwords be changed at internals which can make managing passwords most difficult. However the use of password managers like KeyPass can make it bearable.

User tracking

Once a user has logged in their activity can be tracked by using a variety of techniques, the most common being browser cookies that can store the user's preferences to better serrve content of their interest.

Browser cookies

Browser cookies, as the name implies, are created and stored in a user's web browser and are site specific. Despite claims about them being a privacy issue, cookies are only accessible to a web site while visiting that web site. In other words, data stored in cookies for a web site cannot be extracted by another web site.

Browser cookies are most useful for storing user name and password so that they can be preloaded when visiting a login form. However while logging in, most web browsers offer the option of saving those login details or not. On banking websites it is recommended to not save those details in case someone else gains access to your computer.

Browser cookies can also store information about your sit such as preferred pages, page last visited, etc to better serve information and links that one may be more intersted in. Browser cookies are set by scripting on a web page and they can be set to expire in months, days or at the end of a session.

Session Cookies

Session cookies have nothing to do with a web browser and only last as long as the current session, which is until the user leaves the page/s in question. Session cookies are created by a web server for user tracking and are most useful for conserving data memory resources of both the web server and the user's device and data usage. In other words they are an integral part of a web service and it is pointless raising privacy issues about them.

Session cookies can also be created by scripting on a web page and are especially useful as an alternative to browser cookies when a visitor has disabled. Some sites prefer to use session cookies instead of browser cookies to ensure that a user hasn't gained access automatically, ie: when someone else gains use of the account holder's computer.

Webserver logs

All web servers log each request, In fact they loge every request to include all web content including the scripts, css and images, each on a separate line. Each line in a log file will include the date, time, the user's ip addressm the file the requested, plus their user-agent and success code. For example one line might look like:

2024-12-14 03:33:25 64.72.150.34 GET /index.html - 443 - 35.180.12.153 Mozilla/5.0+(Windows+NT+6.3;+Win64;+x64;+rv:63.0)+Gecko/2010010Firefox/63.0 - 200

From that line we can tell when and how IP address 35.180.12.153 requested /index.html while using Windows8/Firefox for a 200response (success). From the IP address one can trace the user's Internet service to report any mischief. Repeated requests for a WordPress link when your web site is not using WP can easily show who is running scripts to probe for an access point to exploit. From these logs site statistsics can be collated to show the hits on each page per day and per hour for traffic analysis.

Custom logs

If you only want statistics for special pages viewed by special users, then you can code your own logging system to record their login details and also which pages they have viewed. While this may sound like an invasion of privacy to muppets, it can help both the user and the site owner/tutor in tracking which courses have been completed and by whom.

Fingerprinting

Fingerprinting is a buzzword that some in the copy protection industry use to sound sophisticated while not divulging how anything works. Truth be known, some fingerprinting techniques can be as simple as the use of session cookies that are created when a user logs into a membership portal.

IP address

An Internet Protocol (IP) address is the unique identifying number assigned to every device connected to the internet. Some Internet services may assign a unique IP address for each user while some might pool users to use the one IP address. Either way the Internet Service Provider (ISP) can always identify each user logins, user-agent and points of access. In the case of unique IP addresses for each connection, they are usually randomly assigned when the user connects. Use of a fixed IP address usually requires extra configuration and fees will apply.

That being said, using a virtual private network (VPN) can make tracking difficult because a user's IP address can get rotated at regular intervals or after a set number of requests via proxy servers. VPN number rotation can include IP addresses assigned to many different ISPs and in different countries. One minute a user might be connected from India and then next they are using an IP assigned to a service England. The Tor network is an VPN commonly used by hackers and other miscreant not wanting to be discovered doing what they do. While legitimate companies proviidng VPN services might use their own servers, services like Tor rely on volunteers support.

At the end of the day, using a VPN can not only get one blocked from most srvices, it is not guaranteed to be private when the authorities start looking.

Browser user-agent

A user-agent is a string that is reported with web page requests, and it usually includes the operating system (OS), application brand and version numbers. User-agent is most useful for website to better accommodate each vidstor because each web browser can behave differently. For example there was alway a 1 pixel difference between Internet Explorer and Netscape Navigator that needed compensation, and support for WC3 standards differs between Chrome and Firefox browsers. In fact while all Mozilla based browsers used the same NPAPI plugins, special versions were needed for Chrome.

Today most popular browsers can install add-ons for browser spoofing, which means that they can pose as a different brand of browser or a different version. However web developers can detect which browser core they were forked from by testing how they respond to some special tasks. Today older browsers can easily be detected by their lack of support EcmaScript and CSS3.

Device serial number

All devices have a serial number somewhere. On mobile phones it can be the serial number of the device itself. However some cloned phones have been found to be using the same serial number. Those clones will have problems installing new apps since the Google Play crackdown. Desktop computers for Windows and Mac can have parts replaced and some are assembled completely from parts, so defining a constant serial number can be more difficult. However operating systems (OS) can usually report the hard drive serial number on which they are installed.

All else fails there is always MAC address.

MAC address

A MAC address (media access control address) is a 12-digit hexadecimal number assigned to each device connected to the network. Primarily specified as a unique identifier during device manufacturing, the MAC address is often found on a device's network interface card (NIC).

MAC address was used for DRM in the early days and stored inside encrypted token files that could be referenced for access rights to view documents and media. But while MAC address will be unique within any local network, across the Internet different computers can be using the same MAC address making the concept useless for identifying users outside of a local network. However it did work for DRM tokens because while the user had a matching token, at least they could access the media.

If ever two devices do have the same MAC address in a local network, both devices will have communication problems because the local network gets confused about which device should receive the packet.

Privacy

While the masses complain and plead for restictions to protect their privacy, their argument may be borne from naievity or duplicity. Without things like cookies a user cannot stay logged into an account and preventing the other methods of tracking would only enable hackers and other miscreants to turn the Internet into a toilet that will never be flushed.

Digital Rights Management

Digatal Rights Management (DRM) solutions use a combination if not all of the above techniques.

Please report any errors or typos here.