Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday February 15 2017, @02:36AM   Printer-friendly
from the we-know-where-you-browse dept.

Researchers have proposed a cross-browser fingerprinting technique that uses OS and hardware-level features. The researchers claim to have successfully identified 99.24% of users in their dataset compared to 90.84% for the state of the art of single-browser fingerprinting.

Researchers have recently developed the first reliable technique for websites to track visitors even when they use two or more different browsers. This shatters a key defense against sites that identify visitors based on the digital fingerprint their browsers leave behind.

State-of-the-art fingerprinting techniques are highly effective at identifying users when they use browsers with default or commonly used settings. For instance, the Electronic Frontier Foundation's privacy tool, known as Panopticlick, found that only one in about 77,691 browsers had the same characteristics as the one commonly used by this reporter. Such fingerprints are the result of specific settings and customizations found in a specific browser installation, including the list of plugins, the selected time zone, whether a "do not track" option is turned on, and whether an adblocker is being used.

Until now, however, the tracking has been limited to a single browser. This constraint made it infeasible to tie, say, the fingerprint left behind by a Firefox browser to the fingerprint from a Chrome or Edge installation running on the same machine. The new technique—outlined in a research paper titled (Cross-)Browser Fingerprinting via OS and Hardware Level Features—not only works across multiple browsers. It's also more accurate than previous single-browser fingerprinting.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Pino P on Wednesday February 15 2017, @11:47PM

    by Pino P (4721) on Wednesday February 15 2017, @11:47PM (#467658) Journal

    I meant in traditional sense, without TLS (I though that was clear and I know the user has to manually configure it).

    If trends continue such that 90 percent of HTTP traffic uses TLS, anonymizing the 10 percent that doesn't won't help much by itself.

    Would this fingerprinting technique fail if multiple people would configure their browser to use the proxy

    A script can still observe the precise results of rendering and relay it back to the site. Or a site can exploit subtle differences in page layout that trigger the retrieval or non-retrieval of images and other resources. Barring that, a site can make everything past the abstract "free reg. req." if it can't gather enough data to identify a user's demographic.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2