Posted on 01/12/2017 7:17:47 PM PST by markomalley
It just got a lot harder to evade browser fingerprinting: a bunch of boffins have worked out how to fingerprint the machine behind the browser, using only information provided by browser features.
Like so many ideas, it's obvious once someone's thought of it: activities that aren't processed in the browser are treated the same whether the page is rendered in (say) Chrome, Firefox, IE or Edge.
The group Yinzhi Cao and Song Li of from Lehigh University in Pennsylvania, and Erik Wijmans Washington University in St. Louis have worked out how to access various operating system and hardware-level features that can fingerprint an individual machine, regardless of browser.
These include screen resolution with zoom; CPU virtual cores; installed fonts and writing scripts; the AudioContext call; GPU features such as line and curve rendering, anti-aliasing, shading, and transparency; and more.
The researchers reckon they can fingerprint a machine with 99.24 per cent accuracy (compared to under 91 per cent for browser fingerprinting).
Cao and friends say there's one browser that defeats the worst of their attacks: the Tor browser. That's because the Tor people have the position of being paranoid by default: it normalises many of the outputs Cao uses. The only features not given fake values by the Tor browser, the paper says, are screen width-to-height ratio, and AudioContext.
Cao has published the paper at his personal page, here. ®
What?
interesting post. :-)
True dat. Apache server logs each transaction and provides a lot of information on the type of macine being used
In the paper, we propose a (cross-)browser fingerprinting based on many novel OS and hardware level features, e.g., these from graphics card, CPU, audio stack, and installed writing scripts. Specifically, because many of such OS and hardware level functions are exposed to JavaScript via browser APIs, we can extract features when asking the browser to perform certain tasks through these APIs.
One more reason why my motto is "NoScript is your friend."
http://yinzhicao.org/TrackingFree/crossbrowsertracking_NDSS17.pdf
Of course, they can’t find who got into Hillary’s open server,
or who made up the phony attack on Trump...
Hmmm....
So, use and TOR and top it off with another VPN.
Have several VMs and alternate in their use.
+1
MAC address.....yeah they can be spoofed, but TOR spoofs the variables these guys are collecting.
From the article I linked above: “Lets start with the basics: Tor was developed, built and financed by the US military-surveillance complex. Tors original and current purpose is to cloak the online identity of government agents and informants while they are in the field: gathering intelligence, setting up sting operations, giving human intelligence assets a way to report back to their handlers that kind of thing. This information is out there, but it’s not very well known, and it’s certainly not emphasized by those who promote it.”
Wow.
They were also instrumental in developing encryption,yet I still use it.
Bookmark
My epic post from 3 years ago.
History lessons on telecom and how we got here [gov spying on all citizens]
Vanity
http://www.freerepublic.com/focus/news/3032748/posts?q=1&;page=1#1
EXACTLY. Pay for your VPN with Bitcons w/ anon e-mail... heh heh
Sonar gear has long been able to distinguish between boats of the same designation.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.