📺 SensorID
Sensor Calibration Fingerprinting for Smartphones

When you visit a website, your web browser provides a range of information to the website, including the name and version of your browser, screen size, fonts installed, and so on. Ostensibly, this information allows the website to provide a great user experience. Unfortunately this same information can also be used to track you. In particular, this information can be used to generate a distinctive signature, or device fingerprint, to identify you.

📺 https://sensorid.cl.cam.ac.uk/

#tracking #android #ios #fingerprinting
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

To identify websites who use browser fingerprinting, one can simple turn to privacy policies. Most of the time, you will never see the term “fingerprinting” in it but sentences along the lines of “we collect device-specific information to improve our services.” The exact list of collected attributes is often imprecise and the exact use of that information can be very opaque ranging from analytics to security to marketing or advertising. 



https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead


#fingerprinting #tor

Researchers use AI to combat and quantify browser fingerprinting

Browsers including Firefox, Safari, Opera, and Chrome have begun providing protections against cross-site tracking methods employing cookies and IP addresses. It’s an encouraging development, but there’s a fear it will push trackers to adopt more opaque, “stateless” tracking like browser fingerprinting, which tracks browsers by the configuration information they make visible.

https://venturebeat.com/2020/08/17/researchers-use-ai-to-combat-and-quantify-browser-fingerprinting

#US #California #browser #fingerprinting

A quarter of the Alexa Top 10K websites are using browser fingerprinting scripts

Academics also discover many new previously unreported JavaScript APIs that are currently being used to fingerprint users

A browser fingerprinting script is a piece of JavaScript code that runs inside a web page and works by testing for the presence of certain browser features.

Today, browser fingerprinting is commonly used by online advertisers as a next-gen user tracking mechanism. Advertisers run different types of fingerprinting operations, create one or more "fingerprints" for each user, and then use them to track the user as he/she accesses other sites on the internet.

https://www.zdnet.com/article/a-quarter-of-the-alexa-top-10k-websites-are-using-browser-fingerprinting-scripts/

#Alexa #browser #fingerprinting #scripts #privacy

FP-Inspector

Artifact release for our IEEE Symposium on Security and Privacy 2021 paper entitled Fingerprinting the Fingerprinters

👀 👉🏼 Fingerprinting the Fingerprinters:Learning to Detect Browser Fingerprinting Behaviors (PDF)
https://umariqbal.com/papers/fpinspector-sp2021.pdf

👀 👉🏼 https://github.com/uiowa-irl/FP-Inspector

#fpinspector #fingerprinting #browser #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Introducing Cover Your Tracks!

Today, we’re pleased to announce Cover Your Tracks, the newest edition and rebranding of our historic browser fingerprinting and tracker awareness tool Panopticlick. Cover Your Tracks picks up where Panopticlick left off. Panopticlick was about letting users know that browser fingerprinting was possible; Cover Your Tracks is about giving users the tools to fight back against the trackers, and improve the web ecosystem to provide privacy for everyone.

Over a decade ago, we launched Panopticlick as an experiment to see whether the different characteristics that a browser communicates to a website, when viewed in combination, could be used as a unique identifier that tracks a user as they browse the web. We asked users to participate in an experiment to test their browsers, and found that overwhelmingly the answer was yes—browsers were leaking information that allowed web trackers to follow their movements.

n this new iteration, Cover Your Tracks aims to make browser fingerprinting and tracking more understandable to the average user. With helpful explainers accompanying each browser characteristic and how it contributes to their fingerprint, users get an in-depth look into just how trackers can use their browser against them.

👀 👉🏼 https://www.eff.org/deeplinks/2020/11/introducing-cover-your-tracks

#eff #tool #coveryourtracks #panopticlick #tracking #fingerprinting
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

How anti-fingerprinting extensions tend to make fingerprinting easier

Do you have a privacy protection extension installed in your browser? There are so many around, and every security vendor is promoting their own. Typically, these will provide a feature called “anti-fingerprinting” or “fingerprint protection” which is supposed to make you less identifiable on the web. What you won’t notice: this feature is almost universally flawed, potentially allowing even better fingerprinting.

I’ve seen a number of extensions misimplement this functionality, yet I rarely bother to write a report. The effort to fully explain the problem is considerable. On the other hand, it is obvious that for most vendors privacy protection is merely a check that they can put on their feature list. Quality does not matter because no user will be able to tell whether their solution actually worked. With minimal resources available, my issue report is unlikely to cause a meaningful action.

That’s why I decided to explain the issues in a blog post, a typical extension will have at least three out of four. Next time I run across a browser extension suffering from all the same flaws I can send them a link to this post. And maybe some vendors will resolve the issues then. Or, even better, not even make these mistakes in the first place.

👉🏼 Contents 👈🏼

— How fingerprinting works
— How anti-fingerprinting is supposed to work
— Barking the wrong tree
— Catching all those pesky frames
— Timing woes
— The art of faking

https://palant.info/2020/12/10/how-anti-fingerprinting-extensions-tend-to-make-fingerprinting-easier/

#fingerprinting #extensions #privacy #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

The Elephant In The Background: Empowering Users Against Browser Fingerprinting

Tracking users is a ubiquitous practice in the web today. User activity is recorded on a large scale and analyzed by various actors to create personalized products, forecast future behavior, and prevent online fraud. While so far HTTP cookies have been the weapon of choice, new and more pervasive techniques such as browser fingerprinting are gaining traction. Hence, in this talk, we describe how users can be empowered against fingerprinting by showing them when, how, and who is tracking them using JavaScript fingerprinting.

https://media.ccc.de/v/rc3-113142-the_elephant_in_the_background

#ccc #rc3 #browser #fingerprinting #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox