The security strategy of “defense-in-depth” allows a system or an organization to prevent an attack by coordinating complementary defense techniques, taking advantage of the strengths of each one while relying on the combination to shore up weaknesses in the others.  The end result is a more complex and nuanced system that is resilient to a much greater number of attacks.

In a similar vein, we can see that any single device recognition strategy on the Web is going to run into some serious limitations, mostly related to the quality and the variety of the data that can be collected from a browser.  There are a number of sources of data that we can use to construct a view of a device on the Web, but most of them can be manipulated, and all of them have problems with uniqueness.  How to build a system that is resilient to so much data uncertainty?  Yeah, I know you’re already a step ahead of me – we design in depth. (more…)