Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday January 21 2017, @02:50AM   Printer-friendly
from the they-know-who-we-are dept.

Submitted via IRC for TheMightyBuzzard

Researchers devised a browser fingerprinting technique that allows interested parties to "identify" users across different browsers on the same machine.

The group – Yinzhi Cao and Song Li from Lehigh University, and Erik Wijmans from Washington University in St. Louis – found that many novel OS and hardware level features, such as those from graphic cards, CPU, and installed writing scripts, can be used to accurately "fingerprint" users.

"Our evaluation shows that our approach can successfully identify 99.24% of users as opposed to 90.84% for state of the art on single-browser fingerprinting against the same dataset," they noted. They have proposed and successfully tested a number of cross-browser fingerprintable features, including screen resolution, the number of CPU virtual cores, list of fonts, installed writing scripts, and more.

They extract those features by asking browsers to perform tasks that rely on corresponding OS and hardware functionalities. They found these fingerprintable features to be highly reliable – the removal of a single feature has little impact on the fingerprinting results. Also, that software rendering can be definitely used for fingerprinting.

Currently, the only way to prevent the collection of most of these features is to use the Tor Browser.

Source: https://www.helpnetsecurity.com/2017/01/17/cross-browser-fingerprinting/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Insightful) by Anonymous Coward on Saturday January 21 2017, @03:01AM

    by Anonymous Coward on Saturday January 21 2017, @03:01AM (#456831)

    ...it's long overdue now that somebody writers a low level plugin that makes the browser report random bullshit values for queries like this.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   1  
  • (Score: 1) by Ethanol-fueled on Saturday January 21 2017, @03:31AM

    by Ethanol-fueled (2792) on Saturday January 21 2017, @03:31AM (#456841) Homepage

    Agreed.

    Somewhat on-topic, when I was a poorfag and "borrowing" my neighbors' unsecured wireless connections, I'd use macchanger -r on Linux. Writing a plugin or even an application shouldn't be beyond the reach of a serious nerd or two. Hopefully it could randomize things such that they were not only convincing but randomized sufficiently enough to prevent security researchers' statistical black-box attacks against its footprint.

  • (Score: 2) by Arik on Saturday January 21 2017, @06:29AM

    by Arik (4543) on Saturday January 21 2017, @06:29AM (#456881) Journal
    Browser should simply ignore any and all such requests. The browser's job is to accept html from a remote server and render it appropriately for the local user, not to be having conversations with the server about said user.
    --
    If laughter is the best medicine, who are the best doctors?
  • (Score: 0) by Anonymous Coward on Saturday January 21 2017, @05:03PM

    by Anonymous Coward on Saturday January 21 2017, @05:03PM (#457013)

    And still some (for very large values of some) fuckwads decline to protect themselves by disabling JS.

    They deserve what's coming for them. Too bad we're all in this together.