[aqme28]

Correct me if I'm wrong on this:

Those may be unique for your browser right now, but if you were to update your fonts or your plugins, that would generate a completely new user and all their information about you would be lost. Same as if you delete your cookies, but I bet it happens more frequently.

[eric-hu]

Even if you had this 'lossy' tracking method for users, you can still deduce that the 'new' user generated by a browser is a potential match of the old user agent info with a certain probability.

More than likely, only the browser version will change. For larger updates, would-be-broken plugins would disappear or see a newer version. It would be a ton of effort to track users this way, but I think it's within the realm of reason for those with enough incentive (NSA, maybe advertising companies)

[Djehngo]

It doesn't need to be easy to implement to become easy to use, if someone implements this in a way which can be packaged up and included on sites with only a single line of code somewhere it becomes trivial to apply this to any site that wants it.

[awj]

That's true, it would. In that case you'd need alternative methods to carry the identity across hash changes. Companies participating in this tracking could use their legitimate cookies, or even just login events, to pair up one hash with another.

Likely this could be done in a way that doesn't violate any terms of service or data disclosure promises. After all, pushing out "browser fingerprint 'abcd' and 'efgh' are the same person" isn't disclosing information that most people would realize they're trusting someone with.

[robryan]

Even so, for someone like Google with their scale, even identifying users for a short amount of time would work better than not identifying them at all.