Submitted via IRC for TheMightyBuzzard
Researchers devised a browser fingerprinting technique that allows interested parties to "identify" users across different browsers on the same machine.
The group – Yinzhi Cao and Song Li from Lehigh University, and Erik Wijmans from Washington University in St. Louis – found that many novel OS and hardware level features, such as those from graphic cards, CPU, and installed writing scripts, can be used to accurately "fingerprint" users.
"Our evaluation shows that our approach can successfully identify 99.24% of users as opposed to 90.84% for state of the art on single-browser fingerprinting against the same dataset," they noted. They have proposed and successfully tested a number of cross-browser fingerprintable features, including screen resolution, the number of CPU virtual cores, list of fonts, installed writing scripts, and more.
They extract those features by asking browsers to perform tasks that rely on corresponding OS and hardware functionalities. They found these fingerprintable features to be highly reliable – the removal of a single feature has little impact on the fingerprinting results. Also, that software rendering can be definitely used for fingerprinting.
Currently, the only way to prevent the collection of most of these features is to use the Tor Browser.
Source: https://www.helpnetsecurity.com/2017/01/17/cross-browser-fingerprinting/
(Score: 1, Insightful) by Anonymous Coward on Saturday January 21 2017, @03:01AM
...it's long overdue now that somebody writers a low level plugin that makes the browser report random bullshit values for queries like this.
(Score: 1) by Ethanol-fueled on Saturday January 21 2017, @03:31AM
Agreed.
Somewhat on-topic, when I was a poorfag and "borrowing" my neighbors' unsecured wireless connections, I'd use macchanger -r on Linux. Writing a plugin or even an application shouldn't be beyond the reach of a serious nerd or two. Hopefully it could randomize things such that they were not only convincing but randomized sufficiently enough to prevent security researchers' statistical black-box attacks against its footprint.
(Score: 2) by Arik on Saturday January 21 2017, @06:29AM
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Saturday January 21 2017, @05:03PM
And still some (for very large values of some) fuckwads decline to protect themselves by disabling JS.
They deserve what's coming for them. Too bad we're all in this together.