Changing Browser Is Not Enough To Escape The Advertising Sneaks

Researchers have created a Javascript code capable of generating a unique fingerprint from the graphic and sound characteristics of the computer. The user remains identifiable even if he launches another browser.

If you are a public phobic user, maybe you have already adopted a whole series of tools and reflexes in order to avoid advertising trackers , those programs that seek to know who you are and what you are doing on Internet. So you only use the private browsing mode, you have checked the box that automatically rejects third-party cookies, you have installed an extension that blocks the most common cookies, you use different browsers for different tasks, etc. .
All this is very good, unfortunately it is not enough. US researchers have just shown in a study that it is possible to uniquely identify a surfer based on the characteristics of the operating system and the underlying hardware. They have created a Javascript code which, embedded in a web page, will launch a whole series of graphic and sound rendering functions: character font, alpha transparency, curves, coding and compression, textures, antialiasing, sampling frequency, And screen ratio, etc.

DR Principle of cross browser fingerprinting
The code will then generate a fingerprint that will have the advantage of not depending on the browser, but only the characteristics of the machine. Result: even if the user opens another browser, it will still be identified as the same user. That is why researchers call this the cross-browser fingerprinting . And it works almost every time. The study shows that the success rate of this identification is 99.24%. You can test this evil code yourself by visiting .

Few Solutions

Can we protect ourselves against this type of spy? Yes, but it’s binding. A first method is to use the Tor browser which blocks by default a good part of the graphics rendering functions. The creation of fingerprints can therefore only rely on a few characteristics such as the audio context or the ratio of the screen. This will not necessarily be enough to create a unique footprint. Alternatively, run your browser in a virtual machine, such as VirtualBox, and in a standard, standardized configuration. In this case, the Javascript code can not create a reliable fingerprint either.
This is not the first time that this type of tracking is analyzed. By May 2016, US researchers had already pointed to the tracking by Javascript rendering . They had shown that this kind of method was already used on many websites. More recently, security researchers have pinned advertisers to use ultrasonic tracking .


Leave a Reply