Abstract

Browser fingerprinting is a growing technique for identifying and tracking users online without traditional methods like cookies. This paper gives an overview by examining the various fingerprinting techniques and analyzes the entropy and uniqueness of the collected data. The analysis highlights that browser fingerprinting poses a complex challenge from both technical and privacy perspectives, as users often have no control over the collection and use of their data. In addition, it raises significant privacy concerns as users are often tracked without their knowledge or consent.

Methods of Browser Fingerprinting

  • A. HTTP Header Attributes
  • B. Enumeration of Browser Plugins
  • C. Canvas Fingerprinting
  • D. WebGL Fingerprinting
  • E. Audio Fingerprinting
  • F. Font Fingerprinting
  • G. Screen Fingerprinting
  • H. WebRTC Fingerprinting
  • I. CSS Fingerprinting
  • J. Additional JavaScript Attributes
  • K. Advanced Techniques Using Machine Learning
  • refalo@programming.dev
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    2 days ago

    Why is TLS fingerprinting not mentioned? This is what CloudFlare uses and it’s highly effective (unfortunately). It doesn’t even require any use of HTML, CSS or JavaScript, and so can even identify non-browser things.

  • lurch (he/him)@sh.itjust.works
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    2 days ago

    those values are in no way random enough to be sure you’re tracking a single user. it could be one or 1000 you’re tracking. just because there’s theoretically enough bits, doesn’t mean they are all used. you can’t use it to log people in, for example, you’ll end up with people in other peoples accounts occasionally. IMO it’s just a big scare.

    • lad@programming.dev
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 days ago

      Because when you collect tracking data for sale you don’t care about every specific data point. You sell the data that is clean enough and scrap the rest, that’s why tor browser recommends using the same window size for everyone, for instance, to make you indistinguishable and useless as a data point

      • lurch (he/him)@sh.itjust.works
        link
        fedilink
        arrow-up
        1
        ·
        1 day ago

        but you don’t know how clean it is.

        it will never be completely useless tho. it just means all tor browser users who use this window size will get the same ads. for advertisers it’s still better than not knowing anything. they know there’s a group of people and some of them are into dragon dildos and some like to buy used underwear for example and then everyone in the group gets related ads if an advertiser decides to use it.

        • lad@programming.dev
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 day ago

          Personally, I’m okay with getting average ads, the less targeted ads are, the less chance it will have any effect. If course, it’s better to use blocker to not see ads at all, but I don’t always use it