Almost certainly - and if you're wondering what a clickprint is, it is "a unique pattern of web surfing behavior based on actions such as the number of pages viewed per session, the number of minutes spent on each page, the time or day of the week the page is visited, and so on." That's the description used by Professor Balaji Padmanabhan, at the Wharton School at the University of Pennsylvania, and Professor Catherine Yang, of the Graduate School of Management at the University of California, Davis.

In a new paper (available from http://tinyurl.com/hj263), they suggest that by observing how people navigate around a site over a number of sessions, an e-commerce company could distinguish between two anonymous surfers. That could have important implications in preventing fraud: if someone signed in with an existing user's logon, but their clickprint differed, that might be an indication that their ID had been stolen.

"Our main finding is that even trivial features in an internet session can distinguish users," Padmanabhan told the Wharton Review. "People do seem to have individual browsing behaviors." The duo found that anywhere from three to 16 sessions are needed to identify an individual's clickprint.

"The paper is really a proof of concept that behavior and minimal information can be used to identify users," says Yang. In one example, they found thatfrom just seven aggregated sessions they could distinguish between two different surfers with a confidence of 86.7%. Given 51 sessions, the confidence level rose to 99.4%.

Clickprints thus join a plethora of data that can be used to identify us while we're online. But while the leak earler this year of half a million users' Google searches from AOL caused widespread outrage, Padmanabhan suggests that "if Amazon or a credit card company that can track everything you do uses clickprints, the perception is different because you expect it".

If clickprints are used as a way to prevent fraud, it's highly unlikely there will be an uproar over privacy, says Padmanabhan. We'll have to see.

· If you'd like to comment on any aspect of Technology Guardian, send your emails to tech@theguardian.com