Now sites can fingerprint you online even when you use multiple browsers

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: February 14, 2017 at 7:32:22 AM EST
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Now sites can fingerprint you online even when you use multiple browsers
> Reply-To: dewayne-net () warpspeed com
>
> Now sites can fingerprint you online even when you use multiple browsers
> Online tracking gets more accurate and harder to evade.
> By Dan Goodin
> Feb 14 2017
> <https://arstechnica.co.uk/security/2017/02/now-sites-can-fingerprint-you-online-even-when-you-use-multiple-browsers/>
>
> Researchers have recently developed the first reliable technique for websites to track visitors even when they use 
> two or more different browsers. This shatters a key defense against sites that identify visitors based on the digital 
> fingerprint their browsers leave behind.
>
> State-of-the-art fingerprinting techniques are highly effective at identifying users when they use browsers with 
> default or commonly used settings. For instance, the Electronic Frontier Foundation's privacy tool, known as 
> Panopticlick, found that only one in about 77,691 browsers had the same characteristics as the one commonly used by 
> this reporter. Such fingerprints are the result of specific settings and customizations found in a specific browser 
> installation, including the list of plugins, the selected time zone, whether a "do not track" option is turned on, 
> and whether an adblocker is being used.
>
> Until now, however, the tracking has been limited to a single browser. This constraint made it infeasible to tie, 
> say, the fingerprint left behind by a Firefox browser to the fingerprint from a Chrome or Edge installation running 
> on the same machine. The new technique—outlined in a research paper titled (Cross-)Browser Fingerprinting via OS and 
> Hardware Level Features—not only works across multiple browsers. It's also more accurate than previous single-browser 
> fingerprinting.
>
> Fingerprinting isn't automatically bad and, in some cases, offers potential benefits to end users. Banks, for 
> instance, can use it to know that a person logging into an online account isn't using the computer that has been used 
> on every previous visit. Based on that observation, the bank could check with the account holder by phone to make 
> sure the login was legitimate. But fingerprinting also carries sobering privacy concerns.
>
> "From the negative perspective, people can use our cross-browser tracking to violate users' privacy by providing 
> customized ads," Yinzhi Cao, the lead researcher who is an assistant professor in the Computer Science and 
> Engineering Department at Lehigh University, told Ars. "Our work makes the scenario even worse, because after the 
> user switches browsers, the ads company can still recognize the user. In order to defeat the privacy violation, we 
> believe that we need to know our enemy well."
>
> The new technique relies on code that instructs browsers to perform a variety of tasks. Those tasks, in turn, draw on 
> operating-system and hardware resources—including graphics cards, multiple CPU cores, audio cards, and installed 
> fonts—that are slightly different for each computer. For instance, the cross-browser fingerprinting carries out 20 
> carefully selected tasks that use the WebGL standard for rendering 3D graphics in browsers. In all, 36 new features 
> work independent of a specific browser.
>
> [snip]
>
> Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170214095411:6F8A2F36-F2C5-11E6-B0D6-8A5367B5B232
Powered by Listbox: http://www.listbox.com