New Browser Fingerprinting Technique Could Take Online Tracking To A Whole New Level

By Adam | Security
Disclosure: Bonkers About Tech is supported by its readers. When you purchase through links on our site, we may earn an affiliate commission. Thank you.

We all know that ad companies track us online and that the ads we see are often a result of this digital stalking, but we can only be tracked in one browser at a time.  Until now that is!

Researchers from the Computer Science and Engineering Department at Lehigh University have now found a reliable way to track visitors even when they are swapping between browsers.

How does browser fingerprinting work?

Browser fingerprinting isn't new and has been proven to be highly effective at identifying users by creating fingerprints based on settings and customizations found in a specific browser installations.

Such fingerprints could include for example a list of plugins, a list of installed fonts, user agent strings, whether a "do not track" option is turned on or whether an adblocker is being used.

The Electronic Frontier Foundation created a tool a while back called Panopticlick which you can use to get a fingerprint for your particular browser.

And it's remarkably good.  In fact when I ran it on my browser, it showed that it was unique among 238,958 browsers tested so far.  See the results below:

Panopticlick Browser Fingerprint

However, techniques such as those used by Panopticlick and other open-source libraries such as Fingerpintjs2 will only work for a single browser.

So for example you couldn’t take a fingerprint of a Firefox browser and link it to a fingerprint of a Chrome browser and say that it is the same computer running those two browsers.

Multiple browser fingerprinting

However, this new browser fingerprinting technique works across multiple browser and is apparently more accurate than previous browser fingerprinting techniques.

The way it works is by asking browsers to perform certain tasks that require specific Operating System and hardware resources to complete those tasks.

Such hardware resources include graphics cards, CPU's, audio cards and installed fonts and are typically unique to each computer.

For example, the researchers asked the browser to render more than 20 tasks with carefully selected graphics parameters such as texture, anti-aliasing and transparency and then used the outputs of the rendering tasks as features which were then used to generate unique computer fingerprints.

Generating fingerprints using the WebGL standard has been implemented before, but the researchers claimed to have improved on this by "being the first to use many novel OS and hardware features, especially computer graphics ones, in both single- and cross-browser fingerprinting".

The researchers have also claimed that their approach can successfully fingerprint 99.24% of users compared to the previous state-of-the art of 90.84% by AmIUnique.

Browsing Fingerprinting Technique By AmIUnique

Try it out for yourself

So the new tracking technique is actually a piece of JavaScript code that runs in the background in your browser.

It will quietly get your browser to perform various tasks in the background which reveal your computer's hidden uniqueness whilst you're reading text or viewing a video for example.

If you want to see it in action for yourself, you can do so by checking out the website launched by the researchers.

And if you're feeling more adventurous, and would like to see how it works in more detail, you can even delve into the source code which they have open-sourced on GitHub or read the research paper.

Wrapping up

This technique isn't completely infallible because it fails when using the default installation of the Tor Browser.

Having said that, many people tweak their Tor browsers which could provide a way for the fingerprinting techniques to work.

Personally I think fingerprinting techniques like this are pretty cool and can be very useful but should be used responsibly.

For example it does offer benefits to users of online banking – banks could use it to detect if someone else other than you has tried to access your online bank account.

On the negative side though are the usual privacy concerns around providing customized advertisement.

What is your stance on this?  Do you think browser fingerprinting is a good thing?  Do you use a Tor browser for anonymity on the web?  Let me know in the comments!