All about unique browser fingerprints

Tomcat

Tomcat

Professional
Messages
2,695
Reaction score
1,060
Points
113
f546de648ab483381b01b.png


Browser fingerprints are a unique snapshot of your computer's settings, and special site engines can track you. Browser Fingerprints are an alternative to cookies with a number of benefits.
1) Cookies and fingerprints: main differences
Cookies are an integral part of many online transactions. They are considered one of the main tools that site owners use to track the activity of clients of a particular resource. However, this technique is outdated and rarely gives the desired effect.
There are several reasons for this. At the present stage, any user can disable the operation of receiving cookies, or using the Incognito mode in the browser, save them only for the current session. That is, making your presence and memorization for the site unnoticed. Cookies transfer data not only to the owner of the resource, but also to the users themselves. The client sees the cookies themselves and their senders, so they can be protected.
The situation with fingerprints is different. This technique is based on the analysis of information that the browser sends to the site visited by the client. Based on several types of data: language settings, installed system fonts, time zone, screen resolution, installed plugins, digital versions of programs, etc. - a whole picture of the browser is created, which, by its principle, resembles a fingerprint. As a result, even with completely removed cookies, the resource still identifies a specific user by the browser picture accurately and simply.

2) It is important to understand that changing the IP address in protection from fingerpritns will not help in any way
Fingerprints are essentially a substitute for cookies, and some sites actively use them. The paradox is that the main weapon of the Internet client in the struggle for privacy can work against him. Supporters of anonymity set up special settings in the browser in order to protect them from excessive activity of sites to identify the user. But many are unaware that such moves make them more recognizable against the background of other Internet visitors.

Research has shown that computers with standard browser settings are identical for approximately 875,000 users. Sites received a similar picture, which made it impossible to accurately sample. As for the browsers that were tuned a little differently, they were identified as unique among 4.4 million peers.

Dangers of fingerprints
- The threat to privacy is the main reason why the user should be alert. fingerprints are much more insidious than cookies. It is more difficult to defend against them, while it is impossible to know whether the user is being followed or not. The system marks your PC with a special digital label in the form of a hash sum, taken from your settings according to a special algorithm, the presence of which the user does not even know. Then it simply compares the newly visiting client with its base of tags and, if it matches, uniquely identifies it.
- Fingerprints as a global identifier. Browser fingerprints make its owner recognizable not only on frequently visited resources, but also in other electronic sources. Fingerprints capture a holistic picture that the resource receives from the browser, which allows it to identify the client even with changes in the settings. Fingerprints can negate the confidentiality of both business and personal correspondence.
- Fingerprints as a malicious cookie regenerator and user IP distributor. Many sites use so-called Flash LSO super cookies, which are capable of restoring regular cookies if they are deleted by the client. Browser fingerprint can not only restore the entire library of cookies, but also calculate the user based on his basic network data. This will make the process of clearing the system of cookies useless - the site will still recognize the client.
- Autonomy. The cookie libraries may not even be needed to identify the fingerprints of a particular browser. Even after blocking all potentially malicious operations, the user cannot be sure that fingerprints will not mark his PC.

3) Research in this area, their methodology and results
Many researchers have set out to find out how the system identifies the browser. The latest research was based on collecting all the characteristics of browsers that make one browser stand out from the others. All the main parameters were taken into account, both well-known and more rare. Researchers have identified eight indicators - usually this is how many fingerprints are required for identification.

The sample was carried out using standard browser settings, because they are what most users have. More unique settings were also tested, for example, protection against JavaScript and Flash.

4) Some settings were not tested for a number of reasons:
- Difficulties in measuring indicators and lack of time. Work was not carried out with full use of Microsoft ActiveX and Silverlight API, the issue of user identification by the type of computer processor was not touched upon. Since Internet Explorer is not very popular today, the work with specialized plugins intended only for it was carried out to a minimum. The researchers decided not to waste time experimenting with different types of super cookies and system fonts that can be detected by CSS analysis.

- Frequently changed parameters such as geolocation and floating IPs were not affected. The equipment connected via a router was not used.

- We have not tested browsers in which operations are completely dependent on the wishes of the user.

The main work was to carry out mathematical analysis based on checking the indicators of the uniqueness of the browser after making changes to its standard target picture.

The foundation was an already existing fingerprint algorithm, it was marked with a certain mathematical symbol. The algorithm was built according to the so-called "own information" or "surprisal". The surprisal element represented information about a particular object (in this case, the browser). Each of the available information was considered a separate variable. When visiting one resource regularly, a specific number of variables were remembered, and the browser became recognizable.

Gradually, some changes were introduced into the finished algorithm: the values of existing variables were rewritten, new ones were added. Sometimes the changes were combined and written out into separate equations. In some cases, statistically independent elements were used, which reduced the measurement error.

5) Further, data processing was carried out. A separate code was deployed that took into account the following information:
- HTTP cookies ID (if the browser received cookies); - HMAC of the user's IP address (was obtained using a special key, which is later discarded).

In the course of the research, one unique result was obtained. The computer, whose IP address accepted the so-called "interleaving" cookies, transmitted the information that each cookie is a separate element. As a result, the browser running from the same IP had several different fingerprints. The system showed almost impossible: several users were working behind the same firewall. "Striped" cookies were transmitted to only one IP out of 2,585 analogs, which was approximately 3.5% of the total number of addresses used in the study.

Facts related to IP addresses were also noted. It was decided to check if the uniqueness of the browser will change when the IP is changed. The result upset privacy advocates, with only 4.6% of URL changes affecting browser fingerprints. In other cases, the system relied on other data from users.

Conclusion: Fake IP does not guarantee privacy success. The sample was carried out among 321,155 addresses.
Test results confirm that protecting privacy is still a challenge. Of all browsers with different settings, a whopping 83.6% were found to be unique (or easily recognizable). 8.1% belonged to the so-called “frequent analogs” category. Only 8.2% were found to be relatively protected from identification. Research shows that the level of security with standard settings does not depend on the type of browser.

Almost all versions of browsers and analysis techniques were used, but the result was the same - 92% of browsers on the Internet are unique. It's like a chip implanted under the skin, whoever has a scanner will always know who you are.

Less recognizable were browsers with different plugins, for example, standard parameters and NoScript running in parallel. The uniqueness can be reduced to 40-50%. However, the plugin needs to be used only with normal parameters (you can additionally disable Java and Flash). Otherwise, recognition will increase.

The results of the study are disappointing for Windows: other operating systems (OS X, Android) are much less susceptible to identification. They have a more complicated process for transmitting cookies and building browser fingerprints.

Browser fingerprint stability
There are many ways to change browser fingerprints and make it less unique: modernizing browsers (constantly downloading updates), using standard plugins, changing the screen resolution to a more common one, removing non-standard fonts from the system, etc.

The system can "forget" about browsers of a particular configuration. This is shown by a test in which a user visits an experimental Internet resource several times and then returns to it after a while.

The results of this test are not very accurate, but interesting. The uniqueness of browsers from which they came to the site again after 2.5 weeks decreased by 30% or more. It is believed that changes occur after 5 days of inactivity.

An even better result is obtained when the time zone is changed. Users living in different time zones set the wrong time, and after visiting the site, they changed it to the correct one. The client with the most distant (from the initial indicator) time interval decreased the uniqueness as much as possible.

Additional customer tracking techniques
Basic browser fingerprint recognition techniques are far from the only challenges for privacy advocates. Today, many sites track their customers using very subtle information, such as the accuracy of the transmission of data about the version of a plugin. Each program has a version number (1.2, 1.4, etc.), but often this number is in the form of a microversion (for example, DivX Web Player version 1.4.0.333). The last four digits make up the micro version, making it easy to identify the product.

Microversions help developers to more accurately determine the circle of users using a particular version in order to fix bugs in it. However, for users, this is a serious blow to privacy. The more numbers the version of the program contains, the higher the uniqueness of the browser. It is difficult to correct this shortcoming.

A privacy risk is presented by Adobe Flash, which has a very specific mechanism for transmitting information about fonts. Adobe Flash often reports the lists of fonts installed on the system in the correct order and in the correct composition, and returns them without sorting and chaotically. As a result, the user receives a special cookie that differs from the standard information from the library, and the uniqueness of the browser is increased.

In some cases, only the order of the fonts changes, which affects uniqueness to a lesser extent. Interestingly, only fonts of the "Lucida" family are subject to changes due to errors in their implementation. This applies to all Windows versions as well as OS X.

The violation of the list does not depend on the work of the Flash and Java plugins, usually the inaccuracy occurs when the program is updated. Defending against this problem is very difficult, the only relatively reliable way is to disable updates. Studies have shown that in at least 30% of cases, the problem either disappears or becomes less pronounced.

Self-testing browser uniqueness
To assess the vulnerability of a browser, you need to test its uniqueness, which can be done at panopticlick.eff.org. The site is named after the program of the same name, which makes a selection based on the uniqueness of browsers. With its help, almost all users who want to surf the Internet incognito are protected from browser fingerprints. Thanks to this resource, a large amount of research has been carried out on fingerprints.

Go to the site in the required browser and click "Test me". The site will conduct an analysis according to the above principle, having studied the settings for the language, font, resolution and giving an assessment of the browser recognition.

If the results obtained are not satisfactory, you need to work with the settings and carry out testing until the uniqueness of the browser is reduced to a minimum. According to statistics, Panopticlick can significantly reduce user awareness. If you set the standard settings, the browser will be identical to fifty thousand others and even more.

It is recommended to carry out this operation periodically, at least once a month. This is due to the fact that people often change browser settings, which increases the recognition of each individual client.

Protection methods
Fingerprints are an alternative to cookies, but the browser fingerprinting technique is more dangerous for privacy lovers as it combines the capabilities of both fingerprints and cookies. As a consequence, methods that are effective against cookies may not work against fingerprints. For example, the "incognito" mode blocks the execution of some unwanted scripts, but does not alter the browser fingerprints in any way and, on the contrary, makes it more recognizable. Various plugins are ineffective, since they are not much different from special modes and only increase the uniqueness of the browser.

No guaranteed effective protection against fingerprints has been found yet, but there are measures to drastically reduce the uniqueness of the browser. Disabling Flash, Javascript and WebGL execution is quite effective. This makes it much more difficult to determine the uniqueness of the browser.

The main disadvantage of this precaution is the possible display problems of some sites, so a combined method based on disabling Flash and Java and using a special plugin like NoScript in parallel can be used. The likelihood of problems with displaying the page is minimal, however, uniqueness will be slightly higher due to the plugin.

It is undesirable to use plugins separately. The only exception can be a special product called Ghostery, which protects against cookies and reduces uniqueness.

The simplest method of protecting against fingerprints is to have tight control over script execution in the browser. Special plugins for Google Chrome or Mozilla Firefox may ask the owner of the PC for permission to display the page and perform processes related to receiving cookies or sending data.

As noted, some programs contain errors when updating, which leads to the appearance of special cookies. Disabling updates completely can help, but keep in mind that many system elements, such as drivers, need them. It is more correct to independently manage the installation of components in manual mode. You need to be extremely careful while browsing the list to avoid performing an operation that would increase the uniqueness of the browser.

Mozilla Firefox browser add-ons
One of the attractive features of Firefox is protection against cookies with the ability to anonymously work with Internet resources. This protection is provided by a special plugin called NoScript. It is a standalone Firefox extension that is used to block executions of Flash, JavaScript, Java applets, and other elements of HTML pages that pose a potential threat to the user. The plugin is completely client dependent. Only it enables and disables the extension, thus allowing the execution of specific scripts or suspending this process.
It is not necessary for the user to confirm the execution of scripts on certain resources every time; it is enough to add the site to the whitelist. All electronic sources on this list work without restrictions. Some versions of NoScript already contain a default whitelist that includes the following resources: developer sites, Google sources, Microsoft and Yahoo sites.

NoScript is versatile and cross-platform, it can run on Windows and Linux. The plugin protects against XSS attacks based on the injection of malicious code into a page.

Firefox and other browsers may not display correctly sites written with Internet Explorer or Google Chrome in mind. The User agent switcher extension allows you to solve this problem. It disguises Firefox as any other browser of the user's choice: Internet Explorer, Google Chrome, Opera, or another. Thanks to this, you can easily go to resources intended only for another browser.

User agent switcher allows you to fake data about the operating system on which the computer is running. But you should not get carried away with it: TCP sends certain information about the OS, so if the computer is running Windows, and the User agent switcher shows Linux, this dramatically increases the uniqueness of the browser, since there are very few users with such settings.

For other browsers, there are analogs of NoScript and User agent switcher, but they work best on Mozilla Firefox.

Conclusion
Protecting against browser fingerprints, or fingerprints, is quite difficult. Let's draw some conclusions.
1.fingerprints is a unique tracking system for Internet users based on the use of information received from the browser.
2.fingerprints collect a large amount of information from the settings of both the browser and the computer as a whole. These are language parameters, screen resolution, the presence of specific plugins, settings for receiving and sending cookies, etc.
3. If the browser is marked with fingerprints, deleting cookies will have a limited effect. It is more efficient to completely change your browser and system settings while being careful when doing so. The settings should not be too unique, as this will lead not to decrease, but to increase the browser's recognition.
4. Protection from fingerprints has been the subject of many studies that have revealed not only methods of protection, but also especially clever ways of tracking. The latter include microversion reports and font transfer errors.
5. Any print has an expiration date. If you do not go to an electronic resource for a long time (at least 2.5 weeks), browser recognition will become somewhat lower.
6. It is impossible to completely protect against fingerprints, but you can minimize the likelihood of browser tagging by installing special plugins, disabling scripts (especially Java and Flash), and monitoring updates. One of the best defenses is using Tor.
7. Separately, it is worth highlighting the means of protection using the Mozilla Firefox browser. NoScript disables unwanted scripts that expose the user. User agent switcher masks the browser for other browsers (Opera, Internet Explorer, Google Chrome). It can also mask the operating system, but this feature should be used with caution.

Source: whoer.net
 
You must log in or register to reply here.

Similar threads

BadB
Session Cookies vs. 2FA: Why EvilProxy Has Become the APT Group's Weapon of Choice
Replies
0
Views
232
BadB
BadB
Professor
Carding software 2026: An arsenal of automated fraud where customization kills mass appeal.
Replies
0
Views
321
Professor
Professor
Professor
The Click Economy: Carding as a Symptom of the Fragility and Hypermonetization of Digital Trust (A Macro View of the Problem as a Systemic Failure)
Replies
0
Views
257
Professor
Professor
Professor
Fullz in 2026: Structure, Validation, Exploitation, and Why It's a Major Attack Vector
Replies
0
Views
495
Professor
Professor
Student
What is Device Fingerprinting? (How is it used to detect fraud)
Replies
0
Views
468
Student
Student
Back
Top