[korm]

But this can't track individual users, it just provides general usage statistics, like visitor retention.

I'd be interested in a viable example of this being used to identify users.

[Leon]

That can help with fingerprinting. Any entropy escaping from a users session is useful.

[korm]

This can be used to make a user's fingerprint stand out based on their browsing patterns. However, it is very fragile in practice. The tracker would need both a rare fingerprint, as well as a rare browsing pattern in order to identify a user.

This is pretty hard, considering the Tor Browser does a good job at having a common fingerprint at it's highest security setting (Javascript disabled, which is what this tracker is for).

[Syrup-tan]

I'm unsure why this is downvoted.

I think he is saying that users can't be tracked between page-loads using this method, or your risk sending multiple users the same token. (which is true, at least with this implementation)

The time they spend on the website, latency, etc can all be used to add to a fingerprint, but there isn't something magic that makes this accurate, especially without JavaScript.

Edit: please don't mind me ghostposting kthx

[mordocai]

I may be missing something, but it seems to me that this technique(if not this particular implementation) could be used to easily track individual users.