Security researchers have devised a new technique for fingerprinting cross-browser users on the same machine, their new proves to be very accurate.
Very Accurate Cross-Browser Fingerprinting Technique Developed
Security researchers from the The Washington University in St. Louis and Lehigh University have devised a new method for detecting individual computer users using different browsing. The cross-browser fingerprinting technique is explained in detail in a research paper titled “(Cross-)Browser Fingerprinting via OS and Hardware Level Feature”. According to their findings many of the novel operating system and hardware-level functions can be used to fingerprint the users. The team used browser functions to carry out the needed operations and discovered that this technique resulted in an almost 100% accurate reading.
The researchers note that web tracking techniques have evolved quickly and that fingerprinting emerged as a second-generation technique. Some of the strategies so far have used plug-ins and user agents to extract information about the users. The researchers have created a 2.5-generation technique which not only fingerprints the browser itself but also all other browsers on the same machine.
Many of the features that are used by criminals so far are not unique enough to create a 100% signature. The researchers propose novel techniques that rely on operations that use various hardware components to create a much more accurate identification using hardware components such as the following:
CPU and Graphics Card Use – Using WebGL to render more than 20 different tasks with carefully selected parameters such as texture, anti-aliasing, light, and transparency, and then extract features from the outputs of these rendering tasks.
Single and Cross Browsing Techniques – This method uses variety of measurements including screen resolution and zoom levels.
Operating System Information – Using OS-level features such as the number of virtual cores.
Audio Stack – Uses various audio signal processing with the help of the audio stack available on the operating system and the audio card.
The paper reads the following after the team has carried out extensive testing of their methods:
“Our evaluation shows that our approach can successfully identify 99.24% of users as opposed to 90.84% for state of the art on single-browser fingerprinting against the same dataset.”
At the moment this technique can be countered only by using the Tor anonymous browser. The Conclusion part of the paper reads the following:
In conclusion, we have proposed a novel browser fingerprinting that can identify not only users behind one browser but also these that use different browsers on the same machine. Our approach adopts OS and hardware levels features including graphic cards exposed by WebGL, audio stack by AudioContext, and CPU by hardwareConcurrency. Our evaluation shows that our approach can uniquely identify more users than AmIUnique for single-browser fingerprinting, and than Boda
et al. for cross-browser fingerprinting. Our approach is highly reliable, i.e., the removal of any single feature only decreases the accuracy by at most 0.3%.
For more information you can access the paper by clicking here.