I'm the (co)author of the project. Please note that it's just a one-day proof of concept, imagine what a well motivated corporation could do.
It's nothing new (someone correctly pointed the EFF project) but I wanted to make a real world demo out of it.
The demo doesn't store each bits of info separately, it simply creates an hash out of them. If I stored the data separately I could for example identify small user agent updates or screen resolution changes or newly installed plugins and so on.
Also, many of the info can be gathered without JS and actually browsing with NoJS puts you in a very restricted niche making you even more trackable ;)
The demo is far from perfect but I believe that even a 90% reliability is alarming. Anyway I'll put all the source code on Github for you to review. I hope to be able to add the NoScript code as well soon.
Just IP comparison only works if the user's IP is constant, which rules out many phones, tablets, and laptops that frequent coffee shops and restaurant wifi. It also doesn't allow you to tell when IP $a and IP $b are really the same person at home and work. Further, IP comparison doesn't let you distinguish between multiple users coming from the same home or office network, or from a proxy.
Commercial implementations of this sort of tracking include the user's IP in their dataset, but track a number of other datapoints so they can tell if e.g. everything but a user's IP matches an entry in their database, it's probably the same person connecting from a different location.
It's nothing new (someone correctly pointed the EFF project) but I wanted to make a real world demo out of it.
The demo doesn't store each bits of info separately, it simply creates an hash out of them. If I stored the data separately I could for example identify small user agent updates or screen resolution changes or newly installed plugins and so on.
Also, many of the info can be gathered without JS and actually browsing with NoJS puts you in a very restricted niche making you even more trackable ;)
The demo is far from perfect but I believe that even a 90% reliability is alarming. Anyway I'll put all the source code on Github for you to review. I hope to be able to add the NoScript code as well soon.