fingerprinting Researchers Develop Cross-Browser Fingerprinting Technique

[vissha]

Researchers Develop Cross-Browser Fingerprinting Technique

 

Researchers have developed a cross-browser fingerprinting technique that uses operating system and hardware level features.

 

Fingerprinting has been limited for the most part to individual web browsers in the past. If a user switched browsers regularly, fingerprinting could not be used to link the user to these browsers.

 

Fingerprinting tests like the Electronic Frontier Foundation's Panopticlick or BrowserPrint, try to gather data about the browser and underlying operating system. They use all the data to create a fingerprint of the browser/computer combination, and may be able to do the same in future sessions.

 

Cross-browser fingerprinting was out of the picture up until now. While other methods existed to track users across browsers, for instance by requiring them to sign into accounts to use a service or recording IP addresses, no fingerprinting method came close to providing a working solution.

 

Cross-browser fingerprinting

 

 

The researchers who published the research paper (Cross-)Browser Fingerprinting via OS and Hardware Level Features think that they have found a way.

 

Quote

In the paper, we propose a (cross-)browser fingerprinting based on many novel OS and hardware level features, e.g., these from graphics card, CPU, audio stack, and installed writing scripts. Specifically, because many of such OS and hardware level functions are exposed to JavaScript via browser APIs, we can extract features when asking the browser to perform certain tasks through these APIs. The extracted features can be used for both single- and cross-browser fingerprinting.

 

They have created an online service that demonstrates the fingerprinting technique. It is called Unique Machine, and works on any device that supports JavaScript.

 

A click on Get My Fingerprint starts the process. It works, if JavaScript is enabled, and if connections to a few sites are allowed. The scan takes a couple of seconds to complete.

 

 

The result is a browser fingerprint, and also a computer fingerprint; the latter is not finalized yet and still in development.

 

You may hit the details button on the Unique Machine website for the list of tested cross-browser features.

 

The following features are tested currently:

• Time Zone.
• Number of CPU Cores.
• Fonts.
• Audio.
• Screen Ratio and depth.
• WebGL.
• Ad Blocking.
• Canvas.
• Cookies.
• Encoding.
• GPU.
• Hash values of GPU rendering results.
• Language.
• Plugins.

The idea is now that you will get similar results when you use a different browser on the same system to run the fingerprinting test a second time.

 

The researchers state that the technique identified 99.2% of users correctly. The sample size is a bit small, 1903 users and 3615 fingerprint samples.

 

I ran tests on a machine using different browsers, and results were mixed. The computer fingerprint was identical when I ran the fingerprinting test in Chrome, Chrome Canary and Vivaldi, but different in Firefox and Edge.

 

The three browsers the hash was identical in are all based on Chromium. This is probably the reason why the fingerprint was identical.

 

The source code of the cross browser fingerprinting site is available on GitHub.

 

Now You: Did you cross-browser fingerprinting work on your devices?

 

Source

[steven36]

So how is this anything new?  More rehash written to scare people here is a article talking about this in 2013

 

 

Generating a Cross-Platform Unique Machine Fingerprint

https://oroboro.com/unique-machine-fingerprint/

uniquemachine site does not even work on my machine I am immune  because i disable the WEBGL in all my browsers and run policeman it tries to fingerprint you trough webgl  and Google  maps  a picture rendered with WebGL, witch on Android  the police get warrants form Google because  Google maps fingerprint you. I also block WEBGL in chrome and use a 3rd party script blocker.

 

Some other software you install  that's not  browsers set Unique Machine Fingerprint as well this technique  has been around for years.  most of it is software that require online updates this why i just don't install just anything . Browsers is a very good place too impose this lots of holes in them  and require internet to use them.

 

Device fingerprint

 

Quote

Assimilation of such information into a single string comprises a device fingerprint. In 2010,  EFFmeasured at least 18.1 bits of  entropy possible from browser fingerprinting but that was before the advancements of canvas fingerprinting, which claims to add another 5.7 bits

 

 

Unique Machine Fingerprint is older than canvas fingerprinting even here is a better site than uniquemachine . Its called am  i unique

https://amiunique.org/

 

Quote

 

On this site, we collect:

• the User agent header
• the Accept header
• the Connection header
• the Encoding header
• the Language header
• the list of plugins
• the platform
• the cookies preferences (allowed or not)
• the Do Not Track preferences (yes, no or not communicated)
• the timezone
• the screen resolution and its color depth
• the use of local storage
• the use of session storage
• a picture rendered with the HTML Canvas element
• a picture rendered with WebGL
• the presence of AdBlock
• the list of fonts

 

 

 

 

[edwardecl]

Doesn't even work without scripts enabled.

And the other link (amiunique.org) says: your full fingerprint is unique among the 316235

just because it and ID my web browser (which might be spoofed) and the OS... I think not.

not only that it thinks my screen resolution is something it's not as well.

[steven36]

On undefined at 10:49 AM, edwardecl said:

Doesn't even work without scripts enabled.

And the other link (amiunique.org) says: your full fingerprint is unique among the 316235

just because it and ID my web browser (which might be spoofed) and the OS... I think not.

not only that it thinks my screen resolution is something it's not as well.

the more things you do  too spoof you're identity the more tractable you become if you never change it. This is unless you change it all the time then you're not,  so you need to change it at random and its best to not enable java script on no sites unless you have too.  .