​ Browser fingerprint recognition

​

Browser fingerprint recognition Is the cookie and supercookie after The third way of user tracking . Fingerprint identification is initiated by the website , These web analytics HTTP Request sent by client , Collect digital fingerprints to uniquely identify a particular computer . The data obtained in this way is even deleted cookie It can also be used to continuously track users .

In this article , We will outline the basics of browser fingerprint recognition , How to use it to track Internet users and what can be done to reduce the likelihood that the details sent will be identified .

How browser fingerprint recognition works

Browser fingerprint recognition is a kind of A very effective way to collect data , You can hash unique browser parameters and create digital signatures . The website can put other JavaScript Code （ By creating your own scripts or buying from a third-party provider ） Add to HTTP Request response .JavaScript The code scans all public browser parameters , And create a unique digital signature based on the data .

By using other JavaScript The data obtained by the code includes user agents 、 Screen size and resolution 、 Installed fonts 、 Plug ins and extensions 、GPU / CPU etc. . Each data point increases the uniqueness of the device , This makes it easier for websites to identify specific computers .

Fingerprint tracking method

Browser fingerprints are becoming more common . Many websites are using fingerprints to identify new and old users , Including some top ranked websites . image Google and Bing Such search engines are no exception , They take a variety of measures to identify specific users .

Audio fingerprint

Audio fingerprint test can test the way the device plays sound . Sound waves can provide information about the device's audio stack , For example, sound hardware , Software and drivers .

HTML5 canvas

The advanced browser fingerprint version can provide more data on the machine , Mainly through visits HTML5 Canvas and request the measurement of specific graphic processing . Use HTML5 The canvas can display the operating system of the computer , The browser and GPU.HTML5 Canvases often require browsers to render specific images . because GPU The way the image is rendered is slightly different , Therefore, it is possible to obtain the details of a specific device .

Clock skew

Extreme measures include analyzing clock skew . Clock skew is from a source （ Mainly from the clock generator ） When the electrical signal of reaches different components unevenly . These differences are affected by hardware temperature changes . therefore , Through sufficient data and numerical analysis , Clock delay difference can be measured , To determine the hardware specifications and many other aspects of the machine .

​

Temperature changes may be used to collect data on the equipment used by the machine . source ：

https://murdoch.is/talks/eurobsdcon07hotornot.pdf

Understand the uniqueness of the browser

The uniqueness of the browser is to determine whether the user can be identified . In short , The uniqueness of a browser is to compare a device with the fingerprints of many other computers , To find possible duplicates . If there are only a few copies in the dataset , Then the device is considered to be unique .

Because you can collect a lot of data about specific devices and browsers , So even if you don't visit Cookie data , Websites may also identify users as unique users . Electronic Frontier Foundation （EFF） A study of ,286,777 Only... Of the browsers 1 Will share their fingerprints . Such high browser uniqueness means that the same user can be easily identified by fingerprint .

source ：https://coveryourtracks.eff.org/static/browser-uniqueness.pdf

Please note that , The global uniqueness of fingerprints could be even worse , Because compared with ordinary Internet users , Research participants may be more proficient in technology and more privacy oriented . however , It is almost impossible to accurately predict the global uniqueness of fingerprints . Due to the difference between the experimental sample and the whole set of fingerprints , The limitations of mathematics are obvious .

At first glance , The existence of unique fingerprints seems puzzling . For ordinary Internet users , Most browsers may look similar . however , Uniqueness usually depends on the amount of information disclosed by the plug-in . for example ,JavaScript Version data usually includes numbers for debugging purposes only （ for example 1.6.0_17）. Because there are many small changes in the development process , So a single plug-in can have hundreds of different versions . Combined with browser details , Include all plug-ins and other data points , Millions of uniquely identifiable devices can be created .

​

Improve browser uniqueness

You can use projects developed by the Electronic Frontier Foundation Panopticlick To test the uniqueness of the browser .Panopticlick The browser fingerprint test will display all data about the device , And provide possible options to prevent tracing .

If you don't want to be followed by big companies , It can reduce the uniqueness of the browser , This is the most effective choice for fingerprint protection ：

• Use common browsers . Run a rare browser （ for example Comodo IceDragon） Will greatly increase the likelihood of having a unique fingerprint .
• Avoid using custom user agents . Unique user agents are sure to make you stand out from the crowd , therefore , It is best to use a generic user agent .
• Reduce the number of plug-ins used . The more plug-ins installed in the browser , The less the uniqueness is guaranteed .
• Narrow the list of preferred languages . Requesting pages in different languages will greatly improve the fingerprint recognition ability of the browser . for example , By default ,TorButton Just ask for EN Version of the website .
• Use TorButton.TorButton Realized Tor Browser to Firefox Most security features used in browsers .
• Ban JavaScript. Ban JavaScript Is an extreme measure , It will destroy almost all websites . However , The Electronic Frontier Foundation found NoScript（ Allow users to turn off JavaScript An extension of ） Users have the greatest resistance to fingerprints .

Ironically , Anti fingerprint solutions and plug-ins that should enhance privacy and reduce uniqueness often have the opposite effect . Installed plug-ins can be detected （ And its version ）, This means that they usually increase rather than decrease browser uniqueness .

We recommend trying to use Panopticlick Test these options , And find the most suitable combination on the Internet . Using all of the options listed above can damage many websites , Without knowing what will happen .

Conclusion

As a tracking method, browser fingerprint recognition is becoming more and more popular . Follow previous generations of tracking tools （ for example HTTP cookie） comparison , Defending against browser fingerprinting is much more difficult . Improving browser uniqueness is a trend , At present, the most effective measure is to ban JavaScript, But once Disabled JS It will cause various client problems when displaying the website . So you want to find the best way to defend against browser fingerprint identification without causing client problems , A more comprehensive approach is needed .