Stories
Slash Boxes
Comments

SoylentNews is people

Accurate Cross-Browser Fingerprinting is Possible, Researchers Show

posted by janrinok on Saturday January 21 2017, @02:50AM   Printer-friendly
from the they-know-who-we-are dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Researchers devised a browser fingerprinting technique that allows interested parties to "identify" users across different browsers on the same machine.

The group – Yinzhi Cao and Song Li from Lehigh University, and Erik Wijmans from Washington University in St. Louis – found that many novel OS and hardware level features, such as those from graphic cards, CPU, and installed writing scripts, can be used to accurately "fingerprint" users.

"Our evaluation shows that our approach can successfully identify 99.24% of users as opposed to 90.84% for state of the art on single-browser fingerprinting against the same dataset," they noted. They have proposed and successfully tested a number of cross-browser fingerprintable features, including screen resolution, the number of CPU virtual cores, list of fonts, installed writing scripts, and more.

They extract those features by asking browsers to perform tasks that rely on corresponding OS and hardware functionalities. They found these fingerprintable features to be highly reliable – the removal of a single feature has little impact on the fingerprinting results. Also, that software rendering can be definitely used for fingerprinting.

Currently, the only way to prevent the collection of most of these features is to use the Tor Browser.

Source: https://www.helpnetsecurity.com/2017/01/17/cross-browser-fingerprinting/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Accurate Cross-Browser Fingerprinting is Possible, Researchers Show | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Runaway1956 on Saturday January 21 2017, @03:24AM

    by Runaway1956 (2926) Subscriber Badge on Saturday January 21 2017, @03:24AM (#456839) Journal

    I never did any research on it, not even a casual internet search. But, it has crossed my mind. I have four browsers installed, but all of them report that I'm a Linux user. All of them have javascript disabled, unless and until I click the icon to "temporarily enable scripts on this site". From there, the browsers are all set up differently, but each reports bits and pieces of my computer's details. I've asked myself how hard it would be to correlate all those bits and pieces.

    TFA gives me the answer - it's possible. It doesn't tell me how many (if any) data miners are making the effort to do so, but it's possible.

    Of course, the real data miner (NSA) just sits on top of my internet connection, recording all of my internet activity. There's no hiding from Big Brother, after all. That's why I proxy in to The Mighty Buzzard's computer to communicate with my jihadi brothers in the mideast. ;^)

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Saturday January 21 2017, @07:07AM

    by Anonymous Coward on Saturday January 21 2017, @07:07AM (#456888)

    You don't need any fancy device fingerprinting when they are all on the same IP address.

    This attack is really only relevant to mobile phone users and others behind carrier-grade NAT.