Distil Networks has launched a hi-def fingerprinting solution to tackle the problem of bots. It intends to start: “actively pulling additional data from the browser to identify devices with precision.” This raises questions over Personally Identifiable Information (PII) especially when the EU GDPR comes into force.
Why is Distil Networks doing this?
There are good reasons for tracking bots. Back in August, Distil Networks announced that bots made up 46% of the traffic related to web sites. This volume of traffic is creating a lot of problems for webmasters and security teams. Many of the bots are screen scraping data. Some of that is then used by content aggregators to steal content and pass it off as their own. This helps them drive content and advertising to their sites rather than the content originators. This theft of intellectual property is ignored by law enforcement because it is too onerous to deal with.
Another risk posed by bots is security. The data they gather may contain sensitive data. Websites contain names, telephones numbers and addresses related to the company owning the website. It is not uncommon for sensitive customer data to end up on a webpage due to misconfiguration. There are also a lot of sites running older and insecure plug-ins for their websites. All of this data helps hackers create phishing attacks, create profiles of individuals and launch attacks on websites.