Now this is another interesting attack vector using little bits of data not many people consider. I have heard about this kind of technique before and considered how it’d be done myself.
Finally someone has put together a public version of a tool that can tell you how unique your browser footprint is. As for me I’m using a fairly standard Firefox install with a couple of plugins – but still Panopticlick tells me “Your browser fingerprint appears to be unique among the 764,828 tested so far”.
The people behind it are the EFF or Electronic Frontier Foundation.
Forget cookies — even the ultrasneaky, Flash-based “super cookies.” A new type of tracking may identify you far more accurately than any cookie — and you may never know it was there. The method pulls together innocuous data about your browser, such as plug-ins, system fonts, and your operating system. Alone, they don’t identify you. Together, they’re a digital fingerprint.
It’s like describing a person. Just saying “brown hair” won’t identify anyone. But add in “5 feet, 10 inches tall,” “chipped right front tooth,” “size 12 shoes,” and so on, and soon you have enough information to pull someone out of a crowd, even without their name, Social Security number, or any other of the usual identifiers.
I’d say the technique would work fairly well for tracking people on a large traffic site such as Google, but then again the amount of data that needs to be stored is quite staggering.
Either way it gives some insight into the kind of technology ad agencies or online ad networks could have been gathering about viewers so correlate statistics.
There’s currently no evidence that anyone has actually been using this kind of fingerprinting, but this demo shows it is technologically feasible.
Peter Eckersley, a staff technologist with the EFF, says he and his colleagues decided to create the site when he heard rumors about this kind of tracking. He wanted to see how accurate it might be. Well, it’s pretty accurate. And as it turns out, its use is more than a rumor.
Browser fingerprinting was developed for banks to employ to prevent fraud. But now one company, Scout Analytics, offers it as a service to Web sites, and it collects not just browser data but also data about how you type — things like your typing speed and typing patterns.
As with many things online, your privacy can be protected by running something like NoScript on Firefox.
EFF has provided a full list of how to protect against fingerprinting here – Self Defense.
You can check out the PoC here:
Source: Network World
- Password Manager Security – LastPass, RoboForm Etc Are Not That Safe
- dirs3arch – HTTP File & Directory Brute Forcing Tool
- Hackers Recreate NSA Snooping Kit Using Off-the-shelf Parts
- Tracking Users Via the Browser Cache
- Month of Browser Bugs (MoBB)
- Browser Fuzzer 3 (bf3) – Comprehensive Web Browser Fuzzing Tool
Most Read in Privacy:
- Browse Anonymously at Work or School – Bypass Firewall & Proxy - 175,926 views
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,061 views
- Anonymous Connections Over the Internet – Using Socks Chains Proxy Proxies - 120,692 views