Forwarded from BlackBox (Security) Archiv
This media is not supported in your browser
VIEW IN TELEGRAM
📺 SensorID
Sensor Calibration Fingerprinting for Smartphones
When you visit a website, your web browser provides a range of information to the website, including the name and version of your browser, screen size, fonts installed, and so on. Ostensibly, this information allows the website to provide a great user experience. Unfortunately this same information can also be used to track you. In particular, this information can be used to generate a distinctive signature, or device fingerprint, to identify you.
📺 https://sensorid.cl.cam.ac.uk/
#tracking #android #ios #fingerprinting
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Sensor Calibration Fingerprinting for Smartphones
When you visit a website, your web browser provides a range of information to the website, including the name and version of your browser, screen size, fonts installed, and so on. Ostensibly, this information allows the website to provide a great user experience. Unfortunately this same information can also be used to track you. In particular, this information can be used to generate a distinctive signature, or device fingerprint, to identify you.
📺 https://sensorid.cl.cam.ac.uk/
#tracking #android #ios #fingerprinting
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
To identify websites who use browser fingerprinting, one can simple turn to privacy policies. Most of the time, you will never see the term “fingerprinting” in it but sentences along the lines of “we collect device-specific information to improve our services.” The exact list of collected attributes is often imprecise and the exact use of that information can be very opaque ranging from analytics to security to marketing or advertising.
https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead
#fingerprinting #tor
https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead
#fingerprinting #tor
blog.torproject.org
Browser Fingerprinting: An Introduction and the Challenges Ahead | Tor Project
In the past few years, a technique called browser fingerprinting has received a lot of attention because of the risks it can pose to privacy. What is it? How is it used? What is Tor Browser doing against it? In this blog post, I’m here to answer these questions.
Researchers use AI to combat and quantify browser fingerprinting
Browsers including Firefox, Safari, Opera, and Chrome have begun providing protections against cross-site tracking methods employing cookies and IP addresses. It’s an encouraging development, but there’s a fear it will push trackers to adopt more opaque, “stateless” tracking like browser fingerprinting, which tracks browsers by the configuration information they make visible.
https://venturebeat.com/2020/08/17/researchers-use-ai-to-combat-and-quantify-browser-fingerprinting
#US #California #browser #fingerprinting
Browsers including Firefox, Safari, Opera, and Chrome have begun providing protections against cross-site tracking methods employing cookies and IP addresses. It’s an encouraging development, but there’s a fear it will push trackers to adopt more opaque, “stateless” tracking like browser fingerprinting, which tracks browsers by the configuration information they make visible.
https://venturebeat.com/2020/08/17/researchers-use-ai-to-combat-and-quantify-browser-fingerprinting
#US #California #browser #fingerprinting
A quarter of the Alexa Top 10K websites are using browser fingerprinting scripts
Academics also discover many new previously unreported JavaScript APIs that are currently being used to fingerprint users
A browser fingerprinting script is a piece of JavaScript code that runs inside a web page and works by testing for the presence of certain browser features.
Today, browser fingerprinting is commonly used by online advertisers as a next-gen user tracking mechanism. Advertisers run different types of fingerprinting operations, create one or more "fingerprints" for each user, and then use them to track the user as he/she accesses other sites on the internet.
https://www.zdnet.com/article/a-quarter-of-the-alexa-top-10k-websites-are-using-browser-fingerprinting-scripts/
#Alexa #browser #fingerprinting #scripts #privacy
Academics also discover many new previously unreported JavaScript APIs that are currently being used to fingerprint users
A browser fingerprinting script is a piece of JavaScript code that runs inside a web page and works by testing for the presence of certain browser features.
Today, browser fingerprinting is commonly used by online advertisers as a next-gen user tracking mechanism. Advertisers run different types of fingerprinting operations, create one or more "fingerprints" for each user, and then use them to track the user as he/she accesses other sites on the internet.
https://www.zdnet.com/article/a-quarter-of-the-alexa-top-10k-websites-are-using-browser-fingerprinting-scripts/
#Alexa #browser #fingerprinting #scripts #privacy
Forwarded from BlackBox (Security) Archiv
fpinspector-sp2021.pdf
543.5 KB
FP-Inspector
Artifact release for our IEEE Symposium on Security and Privacy 2021 paper entitled Fingerprinting the Fingerprinters
👀 👉🏼 Fingerprinting the Fingerprinters:Learning to Detect Browser Fingerprinting Behaviors (PDF)
https://umariqbal.com/papers/fpinspector-sp2021.pdf
👀 👉🏼 https://github.com/uiowa-irl/FP-Inspector
#fpinspector #fingerprinting #browser #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Artifact release for our IEEE Symposium on Security and Privacy 2021 paper entitled Fingerprinting the Fingerprinters
👀 👉🏼 Fingerprinting the Fingerprinters:Learning to Detect Browser Fingerprinting Behaviors (PDF)
https://umariqbal.com/papers/fpinspector-sp2021.pdf
👀 👉🏼 https://github.com/uiowa-irl/FP-Inspector
#fpinspector #fingerprinting #browser #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Forwarded from BlackBox (Security) Archiv
Introducing Cover Your Tracks!
Today, we’re pleased to announce Cover Your Tracks, the newest edition and rebranding of our historic browser fingerprinting and tracker awareness tool Panopticlick. Cover Your Tracks picks up where Panopticlick left off. Panopticlick was about letting users know that browser fingerprinting was possible; Cover Your Tracks is about giving users the tools to fight back against the trackers, and improve the web ecosystem to provide privacy for everyone.
Over a decade ago, we launched Panopticlick as an experiment to see whether the different characteristics that a browser communicates to a website, when viewed in combination, could be used as a unique identifier that tracks a user as they browse the web. We asked users to participate in an experiment to test their browsers, and found that overwhelmingly the answer was yes—browsers were leaking information that allowed web trackers to follow their movements.
n this new iteration, Cover Your Tracks aims to make browser fingerprinting and tracking more understandable to the average user. With helpful explainers accompanying each browser characteristic and how it contributes to their fingerprint, users get an in-depth look into just how trackers can use their browser against them.
👀 👉🏼 https://www.eff.org/deeplinks/2020/11/introducing-cover-your-tracks
#eff #tool #coveryourtracks #panopticlick #tracking #fingerprinting
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Today, we’re pleased to announce Cover Your Tracks, the newest edition and rebranding of our historic browser fingerprinting and tracker awareness tool Panopticlick. Cover Your Tracks picks up where Panopticlick left off. Panopticlick was about letting users know that browser fingerprinting was possible; Cover Your Tracks is about giving users the tools to fight back against the trackers, and improve the web ecosystem to provide privacy for everyone.
Over a decade ago, we launched Panopticlick as an experiment to see whether the different characteristics that a browser communicates to a website, when viewed in combination, could be used as a unique identifier that tracks a user as they browse the web. We asked users to participate in an experiment to test their browsers, and found that overwhelmingly the answer was yes—browsers were leaking information that allowed web trackers to follow their movements.
n this new iteration, Cover Your Tracks aims to make browser fingerprinting and tracking more understandable to the average user. With helpful explainers accompanying each browser characteristic and how it contributes to their fingerprint, users get an in-depth look into just how trackers can use their browser against them.
👀 👉🏼 https://www.eff.org/deeplinks/2020/11/introducing-cover-your-tracks
#eff #tool #coveryourtracks #panopticlick #tracking #fingerprinting
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Electronic Frontier Foundation
Introducing Cover Your Tracks!
Today, we’re pleased to announce Cover Your Tracks, the newest edition and rebranding of our historic browser fingerprinting and tracker awareness tool Panopticlick. Cover Your Tracks picks up where
Forwarded from BlackBox (Security) Archiv
How anti-fingerprinting extensions tend to make fingerprinting easier
Do you have a privacy protection extension installed in your browser? There are so many around, and every security vendor is promoting their own. Typically, these will provide a feature called “anti-fingerprinting” or “fingerprint protection” which is supposed to make you less identifiable on the web. What you won’t notice: this feature is almost universally flawed, potentially allowing even better fingerprinting.
I’ve seen a number of extensions misimplement this functionality, yet I rarely bother to write a report. The effort to fully explain the problem is considerable. On the other hand, it is obvious that for most vendors privacy protection is merely a check that they can put on their feature list. Quality does not matter because no user will be able to tell whether their solution actually worked. With minimal resources available, my issue report is unlikely to cause a meaningful action.
That’s why I decided to explain the issues in a blog post, a typical extension will have at least three out of four. Next time I run across a browser extension suffering from all the same flaws I can send them a link to this post. And maybe some vendors will resolve the issues then. Or, even better, not even make these mistakes in the first place.
👉🏼 Contents 👈🏼
— How fingerprinting works
— How anti-fingerprinting is supposed to work
— Barking the wrong tree
— Catching all those pesky frames
— Timing woes
— The art of faking
https://palant.info/2020/12/10/how-anti-fingerprinting-extensions-tend-to-make-fingerprinting-easier/
#fingerprinting #extensions #privacy #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox
Do you have a privacy protection extension installed in your browser? There are so many around, and every security vendor is promoting their own. Typically, these will provide a feature called “anti-fingerprinting” or “fingerprint protection” which is supposed to make you less identifiable on the web. What you won’t notice: this feature is almost universally flawed, potentially allowing even better fingerprinting.
I’ve seen a number of extensions misimplement this functionality, yet I rarely bother to write a report. The effort to fully explain the problem is considerable. On the other hand, it is obvious that for most vendors privacy protection is merely a check that they can put on their feature list. Quality does not matter because no user will be able to tell whether their solution actually worked. With minimal resources available, my issue report is unlikely to cause a meaningful action.
That’s why I decided to explain the issues in a blog post, a typical extension will have at least three out of four. Next time I run across a browser extension suffering from all the same flaws I can send them a link to this post. And maybe some vendors will resolve the issues then. Or, even better, not even make these mistakes in the first place.
👉🏼 Contents 👈🏼
— How fingerprinting works
— How anti-fingerprinting is supposed to work
— Barking the wrong tree
— Catching all those pesky frames
— Timing woes
— The art of faking
https://palant.info/2020/12/10/how-anti-fingerprinting-extensions-tend-to-make-fingerprinting-easier/
#fingerprinting #extensions #privacy #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox
Almost Secure
How anti-fingerprinting extensions tend to make fingerprinting easier
Browser extensions claiming to protect against fingerprinting will typically result in more data available for fingerprinting.
Forwarded from BlackBox (Security) Archiv
Media is too big
VIEW IN TELEGRAM
The Elephant In The Background: Empowering Users Against Browser Fingerprinting
Tracking users is a ubiquitous practice in the web today. User activity is recorded on a large scale and analyzed by various actors to create personalized products, forecast future behavior, and prevent online fraud. While so far HTTP cookies have been the weapon of choice, new and more pervasive techniques such as browser fingerprinting are gaining traction. Hence, in this talk, we describe how users can be empowered against fingerprinting by showing them when, how, and who is tracking them using JavaScript fingerprinting.
https://media.ccc.de/v/rc3-113142-the_elephant_in_the_background
#ccc #rc3 #browser #fingerprinting #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox
Tracking users is a ubiquitous practice in the web today. User activity is recorded on a large scale and analyzed by various actors to create personalized products, forecast future behavior, and prevent online fraud. While so far HTTP cookies have been the weapon of choice, new and more pervasive techniques such as browser fingerprinting are gaining traction. Hence, in this talk, we describe how users can be empowered against fingerprinting by showing them when, how, and who is tracking them using JavaScript fingerprinting.
https://media.ccc.de/v/rc3-113142-the_elephant_in_the_background
#ccc #rc3 #browser #fingerprinting #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox
avoidthehack@mastodon.social
Privacy Tools
URL Cleaner
Password Tools
Autofill Check
Personaldata.info Searx instance
Personaldata.info Whoogle instance
Tracking Company Finder Bookmarklet
https://personaldata.info/
#privacy #privacymatters #opsec #browser #fingerprinting
What data are you exposing to the web?
Fingerprinting uses many different methods to pull unique characteristics about your device/browser - especially since browsers tend to be "leaky."
So, what is your device/browser sharing? This page gives you an idea. + some extras services
Privacy Tools
URL Cleaner
Password Tools
Autofill Check
Personaldata.info Searx instance
Personaldata.info Whoogle instance
Tracking Company Finder Bookmarklet
https://personaldata.info/
#privacy #privacymatters #opsec #browser #fingerprinting
Forwarded from Pegasus NSO & other spyware
"Browser Fingerprinting Using WebAssembly", 2025.
#Browser #Fingerprinting #WebAssembly #Wasm
Abstract—Web client fingerprinting has become a widely used technique for uniquely identifying users, browsers, operating systems, and devices with high accuracy. While it is beneficial for applications such as fraud detection and personalized expe- riences, it also raises privacy concerns by enabling persistent
tracking and detailed user profiling. This paper introduces an advanced fingerprinting method using WebAssembly (Wasm)—a low-level programming language that offers near-native execution speed in modern web browsers. With broad support across major browsers and growing adoption, WebAssembly provides a strong foundation for developing more effective fingerprinting methods. In this work, we present a new approach that leverages WebAssembly’s computational capabilities to identify return- ing devices—such as smartphones, tablets, laptops, and desk- tops—across different browsing sessions.
Our method uses subtle differences in the WebAssembly JavaScript API implementation to distinguish between Chromium-based browsers like Google Chrome and Microsoft Edge, even when identifiers such as the User-Agent are completely spoofed, achieving a false-positive rate of less than 1%. The fingerprint is generated using a combination of CPU-bound operations, memory tasks, and I/O activities to capture unique browser behaviors. We validate
this approach on a variety of platforms, including Intel, AMD,
and ARM CPUs, operating systems such as Windows, macOS,
Android, and iOS, and in environments like VMWare, KVM, and VirtualBox.
Extensive evaluation shows that WebAssembly-based fingerprinting significantly improves identification accuracy. We also propose mitigation strategies to reduce the privacy risks
associated with this method, which could be integrated into future browser designs to better protect user privacy.
#Browser #Fingerprinting #WebAssembly #Wasm