What is browser fingerprint?
①, browser fingerprint refers to only through a variety of browser information, such as system font, screen resolution, browser plug-in, without cookies and other technologies, can almost absolutely locate a user, even if the use of the browser’s private window mode, can not be anonymous. This is a passive way of identifying. That is to say, if you visit a website, the website can recognize you, although you don’t know who you are, but you have a unique fingerprint. It will be very convenient for advertising, precise push, and other things about privacy in the future. Also, don’t be superstitious about cloaking mode. The Chrome and Firefox extensions continuously record your browser fingerprint, allowing you to observe changes.
What are the browser fingerprint implementation technologies?
0) General fingerprints
①, Cookie ②, Session ③, Evercookie ④, Flash Cookies
- Basic fingerprint
A basic fingerprint is a characteristic identifier that any browser has, Hardware type (Apple), operating system (Mac OS), User Agent (User Agent), system font, language, screen resolution, browser plug-ins (Flash, Silverlight, Java, Etc), Browser extensions, Browser Settings (do-not-track, etc), time zone Offset (Browser GMT Offset) and many other information. These fingerprint information is “similar” to human height and age, and has a high probability of conflict, so it can only be used as auxiliary identification. Basic features of the local browser can be viewed at www.whatismybrowser.com/
What is a browser fingerprint? (Four fingerprint descriptions of browser fingerprints)
- Senior fingerprint
Basic fingerprint is like a person’s appearance features, which can be distinguished by men and women, height and weight. However, these characteristics cannot uniquely identify a person, nor can they uniquely determine a client using only basic fingerprint. Many advanced fingerprints based on HTML5 provide a new idea for this.
Canvas fingerprint
Speaking of advanced fingerprint, we have to mention Canvas fingerprint. Canvas is a dynamic drawing label in HTML5, which can be used to generate and even process advanced images. The principle of Canvas fingerprint is roughly as follows: The same DRAWING operation of HTML5 Canvas element will produce different picture contents on different operating systems and browsers. In the image format, different browsers use different graphics processing engines, different image export options, different default compression levels, etc. At the pixel level, each operating system uses different Settings and algorithms for anti-aliasing and sub-pixel rendering operations. Even with the same drawing operation, the CRC test for the resulting picture data is not the same. Online testing address: www.browserleaks.com/canvas, to view clear… Compatibility of Canvas: It has been supported by almost all major browsers and can be accessed by most PCS, tablets and smart phones!
② AudioContext fingerprint
HTML5 provides the Audio API for JavaScript programming so that developers can directly operate the original Audio stream data in the code, generate, process and reconstruct it at will, such as improving the tone, changing the tone, Audio segmentation and other operations, and it can even be called the Web version of Adobe Audition. The principles of AudioContext fingerprint are as follows: Method 1: Generate an audio information flow (triangle wave), perform FFT transformation on it, calculate the SHA value as the fingerprint, and clear the audio before it is output to the audio device. Method 2: Generate audio information flow (sine wave), perform dynamic compression processing, and calculate MD5 value. Basic principle of AudioContext fingerprint: Slight differences in hardware or software of hosts or browsers result in differences in audio signal processing. The same browser on the same device generates the same audio output, but the audio output generated by different devices or browsers varies. It can be seen from the above that the principle of AudioContext and Canvas fingerprint is similar. They both make use of differences in hardware or software. The former generates audio, while the latter generates pictures, and then calculates different hash values as identification. Audio fingerprint testing address: audiofingerprint.openwpm.com/
- The hardware fingerprint
Hardware fingerprints obtain information by detecting hardware modules, which supplement software-based fingerprints. Hardware modules include GPU, camera, speaker/microphone, motion sensor, GPS, battery, CPU, network adapter, Bluetooth, and BOIS. For more details: arxiv.org/pdf/1503.01…
- Integrated fingerprint
① Fingerprint collision in the Web world is inevitable. Comprehensive utilization of all the above basic fingerprints and a variety of advanced fingerprints, analysis and calculation of hash values as comprehensive fingerprints can greatly reduce the collision rate and greatly improve the accuracy of client uniqueness identification. Test address: panopticlick.eff.org/
②, cross-browser fingerprint, the above fingerprint is based on the browser, the same computer different browsers have different fingerprint information. As a result, when the same user uses different browsers on the same computer, the browser fingerprint information collected by the service provider is different, and the user cannot be uniquely identified, and thus the user’s behavior cannot be effectively analyzed and modified. Recently, some scholars have studied a cross-browser browser fingerprint, which relies on the interaction between the browser and the operating system and the underlying hardware to analyze and calculate the fingerprint. This fingerprint is the same for different browsers on the same computer. More technical details please refer to: yinzhicao.org/TrackingFre…
③ WebRTC (Web Real Time Communication) is an open source project designed to enable browsers to provide simple JavaScript interface for real-time Communication (RTC). To put it simply, let browsers provide JavaScript interface for real-time Communication. Let browsers capture and exchange video, audio, and data in real time. WebRTC implements the following apis :MediaStream: The MediaStream API is used to obtain synchronous video and audio streams through the camera and microphone of the device. RTCPeerConnection: RTCPeerConnection is the component WebRTC uses to build a stable and efficient flow between points. RTCDataChannel: RTCDataChannel enables browsers (point-to-point) to establish a high-throughput, low-latency channel for transmitting arbitrary data. Based on the real-time communication function of WebRTC, you can obtain the IP address of the client, including the local Intranet address and the public network address. Its principle is to use RTCPeerConnection API, the general function is as follows: WebRTC can do more than these things, such as using it to detect and scan Intranet information, voice and video communication, more technical details please refer to: net.ipcalf.com diafygi.github.io/webrtc-ips/
Iii. What are the fingerprint implementation technologies of mobile phone or APP?
(1) Use the MAC address of the mobile phone to bind the mobile phone number (2) obtain the hardware parameters to generate the secret key to bind the mobile phone number, or the ID number (3) Token, positioning (4) NFC ⑤, fingerprint recognition ⑥, voice print recognition ⑦, face recognition ⑧, retina recognition ⑨, DNA recognition (gene recognition)
What is the role of browser fingerprint?
(1), similar to people’s appearance and fingerprint, Web client (mainly refers to the browser here) also has a variety of “appearance” information and “fingerprint” information, the comprehensive analysis and calculation of these information, can be unique identification of the client, and then lock, track, understand netizen behavior and privacy data. It is used for advertisement delivery, user interest analysis and so on, and then as the basis of decision making. It is one of the important means to collect and track user behavior by using Web client.
How to implement browser fingerprint?
FingerprintJS is a fast browser fingerprint library implemented purely in JavaScript with no dependencies. By default, the Murmur Hash algorithm returns a 32-bit integer. Hash functions can be easily replaced. Github.com/Valve/finge… Fingerprintjs2 is an updated version of FingerprintJS github.com/Valve/finge…
6. Browser fingerprint detection tool
AmIUnique — Detects your browser fingerprint and displays your Web/Chrome/Firefox history at amiunique.org/ Browserprint. Info / ③, The Panopticlick tool can view the browser’s fingerprint, url: panopticlick.eff.org/
7. Prevent browser fingerprint detection methods
Ghostery, recommended for personal use, official website: www.ghostery.com/try-us/down… Privacy Badger: www.eff.org/privacybadg… UMatrix (Chrome and FireFox only) : addons.mozilla.org/en-us/firef… NoScript (FireFox only) : addons.mozilla.org/en-US/firef… ⑤, Chameleon (Chrome only) : github.com/ghostwords/…
Viii. Anti-client tracking measures
(1) Use stealth mode, which is supported by mainstream browsers. ② disable cookies and JavaScript (this may lead to abnormal page display, use with caution) ③ Disable WebRTC, such as Firefox: Open the about: config, find media. Peerconnection. Enabled, set to false (4), disable Geolocation, Firefox browser: Open about:config, find the value of geo. Enabled, and set it to false. Chrome click On Settings, go to Privacy from Show Advanced Settings and click on Content Settings. Do not allow any site to track your physical Location. Do not allow any site to track your physical Location. Malicious sites can determine whether a user has visited a third-party site by detecting temporal information cached by a browser, including access to and neglect of third-party site resources. ⑥, Firefox browser: Open the about: config, Set dom.enable_resource_timing, dom.enable_user_Timing, and dom.performance. Enable_user_timing_logging to false to prevent these apis from running.