[JoeAcchino]

I don't know how useful is this to track unique visitors, the next month I will probably have a different fingerprint.

All it takes is a new release of Firefox (different version in the User-Agent string) a new font or any plugin update.

So with that fingerprint you can possibly identify me now, but you cannot track me over time.

[WiseWeasel]

You can account for those factors by parsing only certain bits of the User Agent string, and allowing for the addition of fonts to the list (most typically don't uninstall fonts). With the plugins, you can ignore the version number and just go by the names. There are bits like browser name, OS name, screen resolution and the presence of all previously detected fonts and plugin names that you can be pretty sure won't change for most users. As long as you can uniquely match by certain factors, it'll be enough to link you to your previous session.

For a purpose like ad tracking, the period of time you need to track people is likely pretty short, as in from when they click on a banner or text link until they complete a purchase, so you can compare lots of data points to identify them. If you need to track for longer periods, like to retarget an ad to people who have completed purchases for x, then you would need to compare fewer, more stable points and hope you find a unique match.

[gorhill]

This just shows that even when shielding successfully against all other known mean of tracking [1], ultimately fingerprinting still can accomplish something re. tracking. Of course if a user doesn't care about other means of tracking, it's rather useless to worry about EFF's demonstration of fingerprinting.

[1] For example, see "evercookie": http://samy.pl/evercookie/

[SamReidHughes]

Yes you can. A user agent string, plugin string, or individual font update is only part of the fingerprint.