At the NDSS Symposium of 2017, three researchers from Pennsylvania’s Lehigh University presented a paper on “(Cross-)Browser Fingerprinting via OS and Hardware Level Features”, which was bound to draw the attention of news outlets specializing in cybersecurity and fraud.
Proclaimed as a 2.5-generation technique occupying the space between fingerprinting and cross-device tracking, cross-browser fingerprinting promised to improve online verification and tracking significantly, overcoming the hurdle of users choosing to have more than one web browser on the same device to evade detection of malicious activities, as well as for privacy concerns.
So, what has happened since, and has this innovation been adopted?
From Browser to Cross-Browser Fingerprinting
Utilizing stateless identifiers and thus moving beyond the stateful, server-set identifiers of cookies for tracking purposes, browser fingerprinting scrutinizes the browser configuration of a website visitor in order to identify them. Applications vary, from assessing their intentions as part of anti-fraud and anti-money laundering efforts to malicious tracking and beyond. Browser fingerprinting taps into several data points related to the user’s browser, including their browser language; browser type and version; whether they have cookies enabled; their user agent; accelerator, proximity sensor, and gyroscope, for mobile browsers; local databases; etc.
This wealth of data points inform a user’s browser ID, from which various assertions can be made.....
Author
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- LiveSeptember 5, 2024"40 Steps" Satellite Security - Registration for LIVE WORKSHOP IS NOW ON!
- LiveAugust 21, 2024"40 Steps" Game Hacking - Registration for LIVE WORKSHOP IS NOW ON!
- BlogDecember 13, 2022What are the Common Security Weaknesses of Cloud Based Networks?
- BlogOctober 12, 2022Vulnerability management with Wazuh open source XDR