Different experts in computer security have developed the first reliable technique so that the webs can trace to their visitors although they use different browsers, as can be read in Ars Technica. The findings have been published in a paper called (Cross-) Browser Fingerprinting via OS and Hardware Level Features.
Among other things, they have discovered that the latest digital fingerprinting techniques are highly effective at identifying users when using browsers with common features. These fingerprints are the result of specific adjustments and customizations found in a specific installation. Among them we find the list of plugins, the temporary zone, if the option to avoid the tracing is activated or if you use an advertising blocker.
The main novelty so far is that the crawl was limited to a single browser. This restriction made it impossible to connect the fingerprints of Firefox or Chrome, even if they run on the same machine by the same user. The new technique is based on code that “orders” browsers to perform a series of tasks. These tasks consume resources of the hardware of the machine and of the operating system, that they vary in each computer.
What the researchers propose is the following …
We propose a technique of fingerprinting multinavegador based on several characteristics at the level of operating system and hardware, for example the graphic card, the processor, the sound card and the writing scripts installed. Specifically, because several of these functions are exposed to JavaScript through the browser APIs, we can extract features by asking the browser to perform various tasks through these APIs. What you extract can be used to perform firgerprinting on one or more browsers.
But what is it about “figerprinting”? Basically it is a technique of collecting data directly from a machine to learn more about its configuration and behavior. In itself is not a bad thing, since it can offer potential benefits to the users (for example in online banking matters).
However, looking at it from a negative perspective can be used to violate the privacy of users, for example by offering advertising based on their browsing habits. Yinzhi Chao, the researcher in charge of the team that has published the document, and professor of computer science at Lehigh University, is aware that his work may worsen the scenario:
Our work makes things even worse, because after the user changes the browser, the company associations that are shown to the user can “recognize” and vovler to be displayed. To defeat the violation of privacy, we believe we need to know our enemy well.
A success rate of 99%
The new technique relies on JavaScript code compact enough to run in the background opaque to the user, while focusing on a specific task (such as watching a video or reading something). Researchers have launched this website to demonstrate that the techniques work and have released the source code, which can be found in this link.
In a test that collected 3,615 tracks of 1,903 users for three months, the technique was able to successfully identify 99.2% of them. By way of contrast, a fingerprinting technique for a single browser known as AmIUnique has a success rate of 90.8%.
Good news: the technique (known as “cross-browser tracking”) does not work with the Tor browser in its default installation. Now, according to the media, if you customize the browser installation to make it compatible with certain WebGL graphics capabilities, you will lose immunity to these tracking techniques.
This method is just the latest trick that has come to developers to track users who visit their websites. In addition to traditional tracking, other methods are to monitor the way visitors type passwords and other textures, along with embedding inaudible sound on different websites. Be that as it may, an effective way to prevent you from being tracked is to use extensions like Privacy Badger.
