Web fingerprinting is a data tracking and identification mechanism that is used by banks and other companies as a way to authenticate and track users. This can be used for good, or for bad.
It might be good for banks to be able to verify and identity through other means, and can also be annoying for retailers to track us and deliver ads tailored to our previous web activity. And this all happens without even having cookies enabled.
Researchers in computer science and engineering from Washington University have gone beyond the standard single browser tracking, and have developed the first cross-browser fingerprinting technique. A paper has been published about this called (Cross-)Browser Fingerprinting via OS and Hardware Level Features.
This approach is able to track an individual across different browsers on the same machine by getting hardware level information such as graphic card, CPU and installed script information that can correlate between browsers. This approach might be more complicated, and maybe even appear on first impression to be less accurate, but the opposite is the case in terms of accuracy with 99.24% of users being successfully identified through this new cross browser fingerprinting, as opposed to 90.84% identification success on single browser fingerprinting using the same data set.
Rather than only relying on the layer four Internet protocol as the main way to identify users, Yinzhi Cao and his team have chosen to go deeper to the operating system hardware features to getting even more unique identification. Using an IP is unstable and unreliable as it dynamically changes from each place you use the Internet, from home work or a coffee shop.
Specifically, WebGL exposes the graphic card for information, Audio-Context allows the audio stack to be reached, and hardwareConcurrency can get the CPU info. Additionally, removing any single feature in this cross-browser fingerprinting only decreases the accuracy by at most 0.3%.
The research team is ideally hoping that financial institutions will adopt this new approach in order to provide better multi factor authentication for their customers.
Some solutions to deal with these tracking methods are to employ anti-tracking mechanisms. Isolating your browsing mode can be done to make your profile private on certain sites and separate from your normal browsing profile. Some tools are TrackingFree, Do Not Track and Ghostery. These are to deal with cookie-based tracking, which doesn't deal with the new cross-browser technique. The browser fingerprinting can be better defended with Tor Browser which better anonymizes you're browsing.
- Novel technique tracks more web users across browsers
- (Cross-)Browser Fingerprinting via OS and Hardware Level Features
If you appreciate and value the content, please consider:
Upvoting , Sharing or Reblogging below.