Are Browser Fingerprinting 2 times better than cookie?

Browser fingerprinting is to gather details for identification purposes on the device and its surroundings. Internet monitoring is the process by which websites and third-party firms gather details on the user’s online activities but somehow they have to identify users by cookies, browser fingerprinting, sessions, etc. The foundation of monitoring is the precise detection of visitors you are tracked and marked even though you’re only going across a random website that you are not signed in to. The traditional way to incorporate detection and monitoring is by saving site cookies to the user’s client. But if so where browser fingerprinting comes in?

Before we dive into browser fingerprinting, let talk about some traditional ways!

How does cookie-based tracking work?

Suppose the consumer Elsa visits an online shop and places a T-shirt in her bin. Throughout this time, Elsa’s user ID and the T-shirt’s product ID were saved to the server as a cookie, ensuring that Elsa’s basket contents are identified at the checkout tab. Instead, it is enough to transfer just the user ID to the client if the user ID/product ID pair is stored in the online store’s folder.

The situation above sounds very natural, but cookies may also be used for monitoring purposes. Just suppose Alice will read on a medical website about antidepressants. Then third-party marketers who monitor a limited region of the internet placed a cookie in the browser of Alice and report that they learn about the drug XY at a time T. Assume, Alice is also visiting a completely unrelated website with the same advertising company. The Cookie monitors the past behaviors and anti-depressant advertisements show on the opposite page as a disagreeable disappointment.

The explanation below illustrates that third-party cookies serve as a risky activity that breaches the privacy of consumers. Big apps have started to counter this activity already. After 2017, Safari has been by default banning third party cookies. This has been done by Firefox since 2019 too, and Chrome plans to also join.

Cookies can be blocked, what’s next?

As the detection of cookies is easier, the monitoring firm utilizes multiple technologies, for example, browser fingerprinting.

The concept behind browser fingerprinting is to gather details for identification purposes on the device and its surroundings.

The application form and update, OS, language, timezone, extensions, enabled fonts, screen size, CPU level, system power, and many other configurations are provided. The attributes are connected to a long string and the fingerprint is specified as the string’s hash value.

You may wonder how special the fingerprints of the browsers are. In the majority of instances, it turned out that they are also special. Interested readers can check it on amiunique.org for their browser. When a fingerprint client is special, it may be specific when paired with the IP address of the user. In other terms, client fingerprints may recognize users in whole or in part when cookies are disabled.

Excavated Browser Fingerprinting

Let’s glance at several websites to see real-life users in practice. In particular, I will use Chrome Mode Incognito to turn off all extensions. While I am attempting to present reproducible experiments, remember that browser fingerprinting can depend on the browser or the location, or that it can only be activated for an arbitrary subset of IP addresses. Furthermore, sometimes a version update comes in the fingerprinter scripts. There is, therefore, no guarantee of 100% reproducibility.

So let’s access the mobile.de website. The developer tools of the application include a performance analyzer that indicates which JavaScript functions were called upon after the web page was enabled. In the call tree, if we look for “fingerprint,” an important call feature will appear.

The script is loaded from https://script.ioam.de/iam.js. Here is the source code of the function:

function fingerprint() {
    var nav = window.navigator,
        t = nav.userAgent;
    t += getScreen();
    if (nav.plugins.length > 0) {
        for (var i = 0; i < nav.plugins.length; i++) {
            t += nav.plugins[i].filename + nav.plugins[i].version + nav.plugins[i].description;
        }
    }
    if (nav.mimeTypes.length > 0) {
        for (var i = 0; i < nav.mimeTypes.length; i++) {
            t += nav.mimeTypes[i].type;
        }
    }
    if (/MSIE (\d+\.\d+);/.test(nav.userAgent)) {
        try {
            t += activeXDetect();
        } catch (e) {
            // ignore
        }
    }
    return hash(t);
}

The t variable has the fingerprint string accumulated. The fingerprint ‘s components are the User-agent string, the version number of installed plug-ins, the browser-reconnu MIME types, and the related ActiveX information, if you’re using the browser.

Browser fingerprinting

Fingerprinting (FP) codeWebsite
https://ssp.rambler.ru/sapirs_sync.js :5925rambler.ru
https://ad.adverticum.net/scripts/ qoa3/main/2.13.8b16/goa3.js :5959index.hu
https://static.chartbeat.com/js/chartbeat.js :170washingtonpost.com
https://c.go-mpulse.net/boomerang/W8234-EWWKH-SQWJU-EAC6K-7AE5Z :7270washingtonpost.com (the FP code is loaded from an iframe)
https://a.espncdn.com/prod/scripts/yield_v2.js :3435 (FP computation)

https://mb.moatads.com/yi.js (the FP is sent to here)

espn.com
https://assets.bounceexchange.com/assets/smart-tag/versioned/lis all modules/213fddfbbc1169863d807cdfa80dac05.js:4080cnn.com
https://j.adlooxtracking.com/ads/js/tfav_adl_134.js :2140cnn.com (the FP code is loaded from an iframe within an iframe)
https://beacon.s-onetaq.com/beacon.min.js: 779 (FP computation)

https://metrics-collector.s-onetaq.com/metrics (the FP is sent to here)

reuters.com
https://scdn.cxense.com/cx.js: 743adevarul.ro
https://www.googleadservices.com/pagead/conversion async.js :884telekom.de
https://www.nbcsports.com/sites/all/modules/custom/nbcs sitecatalyst/js/nbnbcs_adobe.js :2277 (FP computation)

https://nbcume.sc.omtrdc.net/b/ss/nbcuolympics2020mtkq/1/JS-1.7.0/s59340117763467 (the FP is sent to here)

colympics.com

 

Browser fingerprint countermeasures

Like most people, we agree that everyone should be able to use some sort of site surveillance, even fingerprinting from the browser. That’s why we use algorithms to detect activities of browser fingerprinting.

Known cases of browsers fingerprinting are collected and analyzed and patterns based on these are identified. The usual detection method is to match these patterns with web sites and find those that use known methods of fingerprinting. However, artificial intelligence can do more. An AI-based fingerprint detector can inaccurately match patterns and detect new printing methods. Therefore users get a stronger defense from fingerprinting of browsers.

Leave a Reply