this post was submitted on 23 Nov 2024
23 points (96.0% liked)

Privacy

1272 readers
115 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
 

Abstract

Browser fingerprinting is a growing technique for identifying and tracking users online without traditional methods like cookies. This paper gives an overview by examining the various fingerprinting techniques and analyzes the entropy and uniqueness of the collected data. The analysis highlights that browser fingerprinting poses a complex challenge from both technical and privacy perspectives, as users often have no control over the collection and use of their data. In addition, it raises significant privacy concerns as users are often tracked without their knowledge or consent.

Methods of Browser Fingerprinting

  • A. HTTP Header Attributes
  • B. Enumeration of Browser Plugins
  • C. Canvas Fingerprinting
  • D. WebGL Fingerprinting
  • E. Audio Fingerprinting
  • F. Font Fingerprinting
  • G. Screen Fingerprinting
  • H. WebRTC Fingerprinting
  • I. CSS Fingerprinting
  • J. Additional JavaScript Attributes
  • K. Advanced Techniques Using Machine Learning
top 6 comments
sorted by: hot top controversial new old
[–] refalo@programming.dev 3 points 4 days ago* (last edited 4 days ago) (1 children)

Why is TLS fingerprinting not mentioned? This is what CloudFlare uses and it's highly effective (unfortunately). It doesn't even require any use of HTML, CSS or JavaScript, and so can even identify non-browser things.

[–] lurch@sh.itjust.works 3 points 4 days ago

because it just identifies browser builds

[–] lurch@sh.itjust.works 1 points 4 days ago (1 children)

those values are in no way random enough to be sure you're tracking a single user. it could be one or 1000 you're tracking. just because there's theoretically enough bits, doesn't mean they are all used. you can't use it to log people in, for example, you'll end up with people in other peoples accounts occasionally. IMO it's just a big scare.

[–] sukhmel@programming.dev 4 points 4 days ago (1 children)

Because when you collect tracking data for sale you don't care about every specific data point. You sell the data that is clean enough and scrap the rest, that's why tor browser recommends using the same window size for everyone, for instance, to make you indistinguishable and useless as a data point

[–] lurch@sh.itjust.works 1 points 3 days ago (1 children)

but you don't know how clean it is.

it will never be completely useless tho. it just means all tor browser users who use this window size will get the same ads. for advertisers it's still better than not knowing anything. they know there's a group of people and some of them are into dragon dildos and some like to buy used underwear for example and then everyone in the group gets related ads if an advertiser decides to use it.

[–] sukhmel@programming.dev 2 points 3 days ago

Personally, I'm okay with getting average ads, the less targeted ads are, the less chance it will have any effect. If course, it's better to use blocker to not see ads at all, but I don't always use it