Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday January 21 2017, @02:50AM   Printer-friendly
from the they-know-who-we-are dept.

Submitted via IRC for TheMightyBuzzard

Researchers devised a browser fingerprinting technique that allows interested parties to "identify" users across different browsers on the same machine.

The group – Yinzhi Cao and Song Li from Lehigh University, and Erik Wijmans from Washington University in St. Louis – found that many novel OS and hardware level features, such as those from graphic cards, CPU, and installed writing scripts, can be used to accurately "fingerprint" users.

"Our evaluation shows that our approach can successfully identify 99.24% of users as opposed to 90.84% for state of the art on single-browser fingerprinting against the same dataset," they noted. They have proposed and successfully tested a number of cross-browser fingerprintable features, including screen resolution, the number of CPU virtual cores, list of fonts, installed writing scripts, and more.

They extract those features by asking browsers to perform tasks that rely on corresponding OS and hardware functionalities. They found these fingerprintable features to be highly reliable – the removal of a single feature has little impact on the fingerprinting results. Also, that software rendering can be definitely used for fingerprinting.

Currently, the only way to prevent the collection of most of these features is to use the Tor Browser.

Source: https://www.helpnetsecurity.com/2017/01/17/cross-browser-fingerprinting/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by Ethanol-fueled on Saturday January 21 2017, @03:31AM

    by Ethanol-fueled (2792) on Saturday January 21 2017, @03:31AM (#456841) Homepage

    Agreed.

    Somewhat on-topic, when I was a poorfag and "borrowing" my neighbors' unsecured wireless connections, I'd use macchanger -r on Linux. Writing a plugin or even an application shouldn't be beyond the reach of a serious nerd or two. Hopefully it could randomize things such that they were not only convincing but randomized sufficiently enough to prevent security researchers' statistical black-box attacks against its footprint.