While the web site can’t gather personally identifiable information, it can use the fingerprint to track how often a visitor returns to the web site. Even if the fingerprint “drifts” over time–changes due to new installations on the user’s machine–it’s possible to make an educated guess as to which fingerprint is changing.
Figuring out how to track unique web site visitors has been an ongoing battle between enterprises and privacy advocates for years. Initially, web sites used browser cookies–small text files–to track return visitors. When privacy advocates began publicizing that method, some users began to delete their cookies. Enterprises then moved over to tracking unique visitors via Adobe Flash Local Shared Objects (LSOs); however, that once again became less useful once the mechanism was publicized. Now we’re at Level 3: characterizing web site visitors by their system fingerprint. For a more detailed discussion of the issues, see my Burton Group report entitled, “Avoiding the Data Pitfalls of Web Analytics.”
I’d encourage you to read the EFF report and take the EFF test to see how unique your system is. Apparently I’m unique. The test results I received stated, “Your browser fingerprint appears to be unique among the 980,597 tested so far. Currently, we estimate that your browser has a fingerprint that conveys at least 19.9 bits of identifying information.”