"It doesn't matter what the data is, it should be: - unique to a sufficiently small group of people"
"What you'd rather want is finding the largest group out there and joining it."
Presumably there is a threshhold for how large the group must be before the value of fingerprinting to advertisers drops.
That is one question.
Another question is what value to the advertiser is there, if any, in the data contained in the fingerprint itself (beyond its value in forming a fingerprint).
Hypothetical. User disables Javascript, CSS, does not send Cookies, does not send User-Agent. User only sends a minumum number of headers needed to retrieve the page. For example, Host: and Connection: only.
Putting aside arguments about whether or not this user is more or less "unique" than other users (the size of the group sending minimal data may be small), as well as any arguments about "breaking websites", is the data in the fingerprint valuable to advertisers.
For example, is the advertiser interested in guessing whether the user is using a Javascript and CSS-enabled browser that stores cookies, etc. Will the advertiser perceive the user as a more or less worthy target than another user due to the specifics of the fingerprint.
The point is that the fingerprint identifies you, that's why it's called a fingerprint. A user only sending `Host:` and `Connection:` bought a Nintendo Switch on Site A last week. Another user only sending `Host:` and `Connection:` visited Site B, so we assume it's the same person and show them an ad for Breath of the Wild.
It's not like anyone targets ads to people with specific screen resolutions (and I don't think people would care if they did). The problem is that the data is used to track your activity. The information it contains is "are you the same person as that other visit we tracked".
This is valid point if the user is making a purchase. In that case, the user will likely need to be using a popular browser loaded with graphical features, with images, CSS, Javascript and cookies enabled. In practice, it would be impossible to make a purchase via web with only Host: and Connection: headers. (How many websites engaging in online commerce require neither images, Javascript nor cookies.) That said, there may be instances where web users are not engaging in commerce or other uses that require graphics, cookies and interactivity (submitting forms, etc.). It would seem futile to show ads to users who may not see them due to their client potentially not showing images or running Javascript.
Even without any features enabled and not sending any headers, fingerprinting would let the server track what pages you visit and when (even across websites).
There's not much they'd do with that information (as you say, while it's technically possible, no one cares enough to make an advertising system that works without JavaScript).
The main use case would probably be a primitive way to track which pages are visited in which order, how popular various links are, which paths people took to get to a specific page, etc. Normal tracking stuff which I don't personally have a problem with, but privacy activists often tend to.
"What you'd rather want is finding the largest group out there and joining it."
Presumably there is a threshhold for how large the group must be before the value of fingerprinting to advertisers drops.
That is one question.
Another question is what value to the advertiser is there, if any, in the data contained in the fingerprint itself (beyond its value in forming a fingerprint).
Hypothetical. User disables Javascript, CSS, does not send Cookies, does not send User-Agent. User only sends a minumum number of headers needed to retrieve the page. For example, Host: and Connection: only.
Putting aside arguments about whether or not this user is more or less "unique" than other users (the size of the group sending minimal data may be small), as well as any arguments about "breaking websites", is the data in the fingerprint valuable to advertisers.
For example, is the advertiser interested in guessing whether the user is using a Javascript and CSS-enabled browser that stores cookies, etc. Will the advertiser perceive the user as a more or less worthy target than another user due to the specifics of the fingerprint.