Wednesday, February 15, 2017
Now sites can fingerprint you online even when you use multiple browsers
Researchers have recently developed the first reliable technique for websites to track visitors even when they use two or more different browsers. This shatters a key defense against sites that identify visitors based on the digital fingerprint their browsers leave behind.
State-of-the-art fingerprinting techniques are highly effective at identifying users when they use browsers with default or commonly used settings. For instance, the Electronic Frontier Foundation's privacy tool, known as Panopticlick, found that only one in about 77,691 browsers had the same characteristics as the one commonly used by this reporter. Such fingerprints are the result of specific settings and customizations found in a specific browser installation, including the list of plugins, the selected time zone, whether a "do not track" option is turned on, and whether an adblocker is being used.
Until now, however, the tracking has been limited to a single browser. This constraint made it infeasible to tie, say, the fingerprint left behind by a Firefox browser to the fingerprint from a Chrome or Edge installation running on the same machine. The new technique—outlined in a research paper titled (Cross-)Browser Fingerprinting via OS and Hardware Level Features—not only works across multiple browsers. It's also more accurate than previous single-browser fingerprinting.
Fingerprinting isn't automatically bad and, in some cases, offers potential benefits to end users. Banks, for instance, can use it to know that a person logging into an online account isn't using the computer that has been used on every previous visit. Based on that observation, the bank could check with the account holder by phone to make sure the login was legitimate. But fingerprinting also carries sobering privacy concerns.