Fingerprinting Devices With BlueCava


fingerprintADOTAS – Think about it like this, BlueCava CEO Dave Norris says: you bring your car to the parking lot of a local store. The guy at the register sees it and remembers you — he greets you as you walk in, maybe asks if you need more of this or that which you bought last time.

Next week you come back to the same store, but your car is painted a new color. But the clerk knows it’s the same car — perhaps there’s a telling dent or a “Smashing Pumpkins” bumper sticker. When you walk in, he’s not surprised and might even ask how the paint job is working out.

Granted, he’s not going to write down your make, model and license plate number and store it in a file, perhaps share with some retailing friends. But the online world is a different beast and to some extent that’s what BlueCava does: when you visit one of its clients’ sites, BlueCave determines not only the IP address and cookies, but also the browser and the actual device being used.

The company, which was recently spun off from Uniloc, is the brainchild of one Ric Richardson, an Australian who came up with the technology as a way to beat music piracy while working with INXS in America. (Is that why I can’t steal a copy of “Kick”? Dammit, Ric, I’ve got to let you know — I need that tonight!). Every electronic device — be it desktop, laptop, feature phone, smartphone, tablet, etc. — has a “unique fingerprint,” and BlueCava has the digital ink and paper to mark it.

Whenever you go wandering the web, your browser exchanges plenty of data with a website — “You’d be shocked how much,” Norris said. We’re talking your browser version, fonts on your hard drive and location if you’ve enabled it. BlueCava’s software gathers that information, encrypts it, analyzes it and gives it a unique ID that allows it to track a device wherever it goes online. If you switch browsers or dump your cookies, BlueCava’s system is smart enough to realize it’s the same device and updates its records.

In addition, the technology retrieves “reputation data,” pretty much a history of a device — Norris compares it to Equifax or Experian’s ability to turn up a consumer’s credit history. It collects three types of data — good, such as financial transactions performed on the device; bad, information that suggests your device is illegitimate (more on that below); and interesting, the kind of stuff that marketers dream of.

A publisher can then monetize collected data on BlueCava’s Device Reputation Exchange, where customers can deposit and pull information. It certainly answers the “Whose data is it anyway?” debate: it’s the publishers’.

Norris said the company aims to be the platform of choice for identifying devices. While other companies offer such a service, their pricepoints tend to be between $0.05 and $0.10 cents per device, which is unfeasible to scale for many publishers. However, BlueCava prices its identification service at $0.0001 per device and $0.001 per device reputation transaction.

“By dropping the pricepoint, we’re making it feasible for everybody to define every device,” Norris said. “That may be devastating for those charging higher premiums.”

The applications of this are far and wide — using it for ad targeting is top of mind, but Norris also sees it as a click fraud deterrent. In that case, BlueCava really does serve as a credit bureau, informing advertisers of a clicker’s history for evaluation purposes. If 1,000 clicks come from the same device, chances are it’s a scam.

Before privacy advocates go haywire, Norris notes that BlueCava is not gathering personal information, just generalized data from a device. So that opens up the debate about whether a device is an extension of a person and deserves the same level of privacy. I smell controversy a-brewin’…


  1. First, I am certainly in favour of stamping out click fraud, and any other type of fraud.

    However, I don’t trust the claim that BlueCava isn’t going to gather “personal” information. Perhaps it depends on how we define “personal.” Sure, it is (allegedly) just identifying a device. But you bring up the question of whether the device is an extension of the person.

    What if I am the only person who has ever used my phone, or my computer? And I use them all day, every day, related to every aspect of my life?

    Some of usage includes situations where I identify myself as an individual with real name, physical address, etc. Banking, purchasing physical goods, etc. So that there could be a correlation that, “Device #2345bcd678ef has been repeatedly used by Jane Smith who lives at 123 Main Street, Gotham City.”

    It is like cookies, but worse, since it cannot flushed/changed easily. It is similar the Pentium III “Big Brother Inside” thing, and we all know how well that worked out.

    And it appears that, BlueCava offers the ability to buy/sell information on what a certain device did? So as to allow clients to see what that device was doing at other sites? Including sites where the device’s owner identified herself for a credit card purchase?


Please enter your comment!
Please enter your name here