New Fingerprinting Techniques Identify Users Across Different Browsers on the Same PC
A team of researchers from universities across the US has identified different fingerprinting techniques that can track users when they use different browsers installed on the same machine.
Named "cross-browser fingerprinting" (CBF), this practice relies on new technologies added to web browsers in recent years, some of which had been previously considered unreliable for cross-browser tracking and only used for single browser fingerprinting.
These new techniques rely on making browsers carry out operations that use the underlying hardware components to process the desired data.
Researchers measured the response to these operations and used this information to identify the different hardware rigs, specific to distinct users, regardless of the browser accessing a test website.
For example, making a browser apply an image to the side of a 3D cube in WebGL provides a similar response in hardware parameters for all browsers. This is because the GPU card is the one carrying out this operation and not the browser software.
Researchers used all these techniques together to test how many users they would be able to pin to the same computer. For tests, researchers used browsers such as Chrome, Firefox, Edge, IE, Opera, Safari, Maxthon, UC Browser, and Coconut.
Results showed that CBF techniques were able to correctly identify 99.24% of all test users. Previous research methods achieved only a 90.84% result.
"Our fingerprintable features are highly reliable," researchers said, "the removal of one single feature has little impact on the fingerprinting results."
The research team recommends users to use the Tor Browser if they want to avoid cross-browser fingerprinting.
"Tor Browser normalizes many browser outputs to mitigate existing browser fingerprinting," researchers said, albeit the browser is not perfect, still allowing some fingerprinting via screen width and AudioContext parameters. "We believe that it is easy for Tor Browser to normalize these remaining outputs," researchers added.
For other browsers, researchers recommend that they implement virtualization layers in order to process the hardware-level operations on a generic virtual platform (machine), the same for a large number of users.
The research paper titled (Cross-)Browser Fingerprinting via OS and Hardware Level Features will be presented at the Network & Distributed System Security Symposium in February 2017.
MTCHT
ICT
TECHNOLOGICAL INNOVATIONS
POST
ABOUT US
NEWS
INTERESTING
INTERVIEW
ANALYSIS
ONLAIN LESSONS