There are different reasons why a person’s web activity might need to be tracked. Some of these are good, in terms of enhancing security; whereas others may well be nefarious. For the good, banks, for instance, might which to strengthen their authentication methods. Coming in the middle, depending upon your views on advertising, retailers may wish to track potential customers and to deliver targeted advertising to users who use different web browsers.
Such approaches happen today. The problem is that current methods fall short about one time in every 10. This is where the new approach comes in. The new method is superior to current methods for tracking Internet use, which is based on single-browser fingerprinting techniques. The current approach only secures a 90 percent success rate. The current approach of web fingerprinting is about collecting information that can be used to identify a given user, even when cookies are disabled.
For the new approach, Yinzhi Cao, who works at Lehigh University, has constructed the first cross-browser fingerprinting technique to identify users. In a statement, Professor Cao writes: “Our principal contribution is being the first to use many novel operating systems and hardware features, especially computer graphics ones, in both single- and cross-browser fingerprinting.”
He goes onto describe the success rate of the new technique “our approach with new features can successfully fingerprint 99.24 percent of users.” The new approach can also achieve higher uniqueness rates.
The basis of the new approach is to adopt operating system and hardware levels features including graphic cards exposed by WebGL, audio stack by Audio-Context, and CPU by hardware Concurrency. The approach was tested out through crowdsourcing, asking volunteers to visit the same website via two different web browsers and then incentivizing them to use a third browser.
The new approach has been described in a research paper titled: “(Cross-) Browser Fingerprinting via OS and Hardware Level Features.” The work has also been presented to the Internet Society’s Network and Distributed System Security (NDSS) Symposium, which took place at the end of February 2017 in San Diego.