Do you trust that getting rid of third party cookies keeps you safe from tracking? Think again as there's a new cross-browser tracking that can follow you no matter how often you delete cookies or switch browser.
Nowadays, privacy issues arising from surfing the web are well known to the public and so are their countermeasures: cleaning your browser's cache, removing cookies, deleting history, installing ad-blockers and privacy aware extensions which reveal the trackers behind every page you visit. These are more or less the minimum of actions you can employ in feeling moderately safe.
Of course there's much more you can do, such as Tor-enabled browsing, using a VPN or embrace the extremes of SilentKeys' Privacy Aware Keyboard. Nevertheless, all these measures fall within the realm of the superuser and are beyond the expertise of the general public.
However there's a new technique that exploits other innocently leaked information by the browser in order to track your steps in cyberspace; a sophisticated approach which:
utilizes many novel OS and hardware level features, such as those from graphics cards, CPU, and installed scripts. We extract these features by asking browsers to perform tasks that rely on corresponding OS and hardware functionalities.
The team of researchers from Lehigh University, in Bethlehem, Pennsylvania set out to investigate the possibility of using OS and hardware level features to track users not only within a single browser but also across different browsers on the same machine.
The results are reported in (Cross-)Browser Fingerprinting via OS and Hardware Level Features presented this week at the 24th Annual Network and Distributed System Security Symposium NDSS 2017 which suggest further tracking techniques based on graphics and rendering which exploit the:
Line, curve, and anti-aliasing 2D features which are supported by both Canvas (2D part) and WebGL.
Vertex shader, rendered by the GPU, which converts each vertex to its coordinate in a 2D clip-space.
Fragment shader, which processes fragments, such as triangles output by rasterization.
Transparency via Alpha Channel, a feature provided by the GPU and the driver, which allows the background to be intermingled with the foreground.
Image encoding and decoding in different formats, such as JPEG, PNG, and DataURL.
3D Modeling, the computer graphics process of mathematically describing an object via three-dimensional surfaces.
Lighting and shadow mapping.
Camera, which maps 3D points in a space onto 2D points in an image.
Clipping Planes, which restrict the rendering operations within a defined region of interest.
In the fingerprinting benchmarks that were performed there's a newsworthy gem - IE and Edge were the browsers with the highest leak rate, as such greater fingerprinting capability, when subjected to the single browser fingerprinting tests.
The source is open and available on GitHub.
Given that a demonstration is worth a thousand words, the authors have set up a website which you can visit and get your unique browser and machine emitted fingerprint. This opportunity was too good to miss and we subjected one of our own machines to it, by visiting the web page from both Firefox and Chrome.
Fingerprint of Chrome
Fingerprint of Firefox
The verdict was truly scary; a flawlessly identical machine level signature.
It really does seem that your machine is the universal undeletable cookie that you cannot defeat.
The list of mentoring organizations for this year's Google Summer of Code has been posted and there's a record number of them. The list includes large and well known projects together with smaller and [ ... ]