Today I would like to talk a bit about the topics of device identity and device fingerprinting. You have probably already read my two articles (1, 2) on precautions to be taken when arbing as to avoid getting limited by the bookmakers too fast. So you already know that bookmakers are profiling you according to your betting activity and to your personal data which you have entered upon registration or which you have made publicly available on social networks.
Now, in addition to that, the bookies will often reach out to personal data that you have not agreed on sharing and you probably (and falsely) think is not accessible for them. I am talking about your device identity. The majority of bookmakers nowadays employ the practice of infecting your computer with virus-like software (a sort of a cookie) that transfers your device identity live onto an external database. This software is harmless to your device but extracts various information regarding your device‘s operation system, screen resolution, MAC address and many other properties (check here for a full list).
In this way a sort of a device identity is being created and assigned to your name. The data is then stored in a database and made accessible by all its clients who include a bunch of different bookmakers. The practice has been declared illegal, however apparently no sanctions have been imposed upon the bookmakers by the relevant authorities since it is still continuously implemented on a large scale. It is a matter of concern not only for arbers but for all the punters since the data in question is being collected form just about everyone opening and using an account with a bookmaker.
The tools they use and how to protect yourself
The most widely used software for this purpose (however certainly not the only one) is iesnare produced by Iovation. Just google iesnare and you will find a lot of information on how to detect whether this cookie was installed on your device and how to stop it from transmitting data any further. Just keep in mind that this thing is around since 2006, meaning that some of the advice on the Internet might be outdated, since the developers in Iovation and the like are continuously working on finding ways to circumvent the defenses protecting your private data.
The most current solution I have found was installing a great browser app called Ghostery (which I already used even before finding out about iesnare) and changing its settings so that it blocks all intrusive software of that type (instructions given in the same article already quoted above). If you are living in the UK I would also strongly advice to file a complaint in the UK Information Commissioner’s Office (ICO) against the relevant bookmakers due to the breach of the Data Protection Act (1998) as described in this article.
If you have found out you already have the cookie installed, that means someone has already recorded your device identity. Looking around the web you would find there are also ways to change your MAC address. I have personally not tried this out yet so proceed with caution and at your own risk. I am a bit skeptical about the effectiveness of that measure as with all the data already collected I doubt you could obscure the identity of your device just by changing this one property. But it might be worth a try.
Iovation and online fraud
Oh, by the way, a study of Iovation and two similar companies and their fingerprinting products found out their clients consist primarily of companies involved with online fraud. Just have a look at this extract from the study:
The top two categories are also the ones that were the least expected. 163 websites were identified as malicious, such as using exploits for vulnerable browsers, conducting phishing attacks or extracting private data from users, whereas 1,063 sites were categorized as “Spam” by the two categorizing engines. By visiting some sites belonging to these categories, we noticed that many of them are parked webpages, i.e., they do not hold any content except advertising the availability of the domain name, and thus do not currently include fingerprinting code. We were however able to locate many “quiz/survey” sites that are, at the time of this writing, including fingerprinting code from one of the three studied companies. Visitors of these sites are greeted with a “Congratulations” message, which informs them that they have won and asks them to proceed to receive their prize. At some later step, these sites extract a user’s personal details and try to subscribe the user to expensive mobile services.
This observation, coupled with the fact that for all three companies, an interested client must set an appointment with a sales representative in order to acquire fingerprinting services, point to the possibility of fingerprinting companies working together with sites of dubious nature, possibly for the expansion of their fingerprint databases and the acquisition of more user data.
The bold is from me. I offer this study to your attention just for you to have an idea what kind of companies we are talking about. And among this great client base we find our beloved bookmakers. Ain’t that telling?
Keep your eyes open
There is a lot of material on the Internet about the bookies’ spying practices so I would advise you to educate yourself as much as possible and be responsible about your personal data. As you see even though some of the practices employed by the bookies are rather shady, you cannot rely on the regulators to protect you. It is up to you not to let those crooks get to your data. Good luck!