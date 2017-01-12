Fingerprinting Methods Identify Users Across Different Browsers On the Same PC (bleepingcomputer.com) 25
An anonymous reader quotes a report from BleepingComputer: A team of researchers from universities across the U.S. has identified different fingerprinting techniques that can track users when they use different browsers installed on the same machine. Named "cross-browser fingerprinting" (CBF), this practice relies on new technologies added to web browsers in recent years, some of which had been previously considered unreliable for cross-browser tracking and only used for single browser fingerprinting. These new techniques rely on making browsers carry out operations that use the underlying hardware components to process the desired data. For example, making a browser apply an image to the side of a 3D cube in WebGL provides a similar response in hardware parameters for all browsers. This is because the GPU card is the one carrying out this operation and not the browser software. According to the three-man research team led by Assistant Professor Yinzhi Cao from the Computer Science and Engineering Department at Lehigh University, the following browser features could be (ab)used for cross-browser fingerprinting operations: [Screen Resolution, Number of CPU Virtual Cores, AudioContext, List of Fonts, Line, Curve, and Anti-Aliasing, Vertex Shader, Fragment Shader, Transparency via Alpha Channel, Installed Writing Scripts (Languages), Modeling and Multiple Models, Lighting and Shadow Mapping, Camera and Clipping Planes.] Researchers used all these techniques together to test how many users they would be able to pin to the same computer. For tests, researchers used browsers such as Chrome, Firefox, Edge, IE, Opera, Safari, Maxthon, UC Browser, and Coconut. Results showed that CBF techniques were able to correctly identify 99.24% of all test users. Previous research methods achieved only a 90.84% result.
The DOM model strikes again (Score:1, Insightful)
Someone tell me why a browser needs to tell this stuff to the Internet?
Re: (Score:2)
Its a good point. Make them earn the white hat mug. https://society6.com/product/w... [society6.com]
Re: (Score:1)
DOM = DUM
Re: (Score:2)
What benefit does using a HOSTS file have over using a plugin to block JS/tracking shit/ads/etc?
Is the HOSTS file more dependable? Is the HOSTS file faster?
Re: (Score:3)
Someone that has advanced personal knowledge of this should definitely chime in about the glories of the HOSTS file over all other options.
Price of you vacation (Score:2)
So it will be easier for the travel industry to keep track of you and keep the prices up for the places you have been looking at information for, even when you try to use different browsers, ip adresses etc?
Re: (Score:1)
Technically yes. You could even browse with Internet Explorer as usual, then connect a VPN and switch to Icognito mode in Google Chrome and they still know who you are.
VirtualBox (Score:1)
I guess now we need a bunch of VMs with different distros on them or something. This is really getting tiring.
Btw, I bet javascript was used to pull all these variables somehow.
Re: (Score:2)
I've been browsing in a VM for a while. This not just limits browser fingerprinting, but also what damage malicious software can do.
Re: (Score:2)
Unplug your computer from the Internet...
I really think that is the only way.
But then you still have all the public surveillance, credit cards, wifi, cell towers and who knows what else tracking you.... so.... good luck.
Re: (Score:2)
Time for counter-measures (Score:4, Insightful)
Browsers should present a "generic" capabilities list to web sites unless the user white-lists that site to receive some or all of the "real" capabilities. An online video-gaming site may need to know if I can play a GPU-intensive online game through the web browser, but very few other sites need to know.
For example, "generic capabilities" would be:
Screen size would be "small" for tablets, phones, and small notebooks, or "normal" for everything else. Pixel density would not be disclosed.
"List of fonts" would be the most common "web fonts" in the main language of the operating system.
As for the rest, they would be shown as "not disclosed."
You're far too generous (Score:2)
Re: (Score:2)
Screen size would be "small" for tablets, phones, and small notebooks, or "normal" for everything else.
Important information for the web site and CSS is the viewport size, i.e. the size of the browser window usable by the site scripts. The screen size itself should not be disclosed.