Cross Browser Tracking Techniques
Web tracking has been evolving quickly. The first generation tracking technique adopts stateful, server-set identifiers, such as cookies and evercookie. After that, the second-generation tracking technique called fingerprinting emerges, moving from stateful identifiers to stateless— i.e., instead of setting a new identifier, the second-generation technique explores stateless identifiers like plug-in versions and user agent that already exist in browsers. The second generation technique is often used together with the first to restore lost cookies. Both first and second generation tracking are constrained in a single browser, and nowadays people are developing third-generation tracking technique that tries to achieve cross-device tracking.
Three researchers from Lehigh University and Washington University from St.Louis published a paper named ‘(Cross-)Browser Fingerprinting via OS and Hardware Level Features’. Their idea is to fingerprint a computer along with it’s user based on many novel operating system and hardware level features such as graphics cards, CPU, audio stack and installed writing scripts along with other well discussed browser specifics (plugins, extensions, add-ons and other).
They performed a test which involved 3,615 fingerprints and 1,903 users and found that their method successfully identified 99.2% of users. Their implementation is available and open source on github.
Information used to Compose a Fingerprint
This section contains the well known fingerprinting techniques first (ending with the ‘Installed writing scripts’), followed by researchers’ newly discovered techniques.
Number of CPU Virtual Cores – The core number can be obtained by a new browser feature called hardwareConcurrency, which provides the capability information for Web Workers. One can monitor the finishing time of payload when increasing the number of Web Workers. When the finishing time increases significantly at a certain level of web workers, the limit of hardware concurrency is reached, making it useful to fingerprint the number of cores.
Audio Context – AudioContext provides a bundle of audio signal processing functionalities from signal generation to signal filtering with the help of audio stack in the OS and the audio card. The wave in the frequency domain differs from one browser to another on the same machine. However, we find that peak values and their corresponding frequencies are relatively stable across browsers. This fact can be used with a list of bins with small steps on both the frequency and value axes. Mapping the peak frequencies and values to the corresponding bins helpes in cross-browser tracking.
Line, curve, and anti-aliasing – line and curve are 2D features supported by both Canvas (2D part) and WebGL. Anti-aliasing is a computer graphics technique used to diminish aliasing by smoothing jaggies, i.e., jagged or stair-stepped lines, in either single line/curve object or the edge of a computer graphics model. There are many existing algorithms for anti-aliasing, such as first-principles approach, signal processing approach, and mipmapping, which make anti-aliasing fingerprintable.
Vertex shader – a vertex shader, rendered by GPU and the driver, converts each vertex in a 3D model to its coordinate in a 2D clip-space. In WebGL, a vertex shader may accept data in 3 ways: attributes from buffers, uniforms that always stay the same, and texture from fragment shader. Combined with the next property, it makes a viable information for fingerprinting.
Fragment shader. A fragment shader, rendered by GPU and the driver as well, processes a fragment, such as a triangle outputted by the rasterization, into a set of colors and a single depth value.
Installed writing scripts (languages) – writing scripts, or commonly known as written languages, such as Chinese, Korean, and Arabic, require the installation of special libraries to display due to the size of the libraries and locality of the languages. Browsers do not provide APIs to access the list of installed languages, however such information can be obtained via a side channel. Specifically, a browser with a particular language installed will display the language correctly, and otherwise show several boxes. That is, the existence of boxes can be used to fingerprint the presence of that language.
Modeling and multiple models – specifically, 3D modeling is a computer graphics process of mathematically describing an object via three-dimensional surfaces. The vertexes of a model are handled by the vertex shader, and the surface by the fragment shader. Different objects are represented by different models, and may interact with each other especially when techniques below, such as lighting, exist.
Lighting and shadow mapping – Lighting is the simulation of light effects in computer graphics, and shadow mapping is to test whether a pixel is visible under a certain light and add corresponding shadows. There are many types of lighting, such as ambient lighting, directional lighting, and point lighting, which differ in the sources of the light. Additionally, many effects are accompanied by lights, such as reflection, translucency, light tracing, and indirect illumination, when lights interact with one computer graphics model or multiple models.
Camera – specifically, pinhole camera model, maps 3D points in a space onto 2D points in an image. In WebGL, a camera is represented by a camera projection matrix handled by the vertex and fragment shaders, and can be used to rotate and zoom in and out an object.
Clipping Planes – clipping restricts the rendering operations within a defined region of interest. In 3D rendering, a clipping plane is some distance away from and perpendicular to the camera so that it can prevent rendering surfaces that are too far from the camera. In WebGL, clipping planes are performed by the vertex and fragment shaders with additional provided algorithms. Once again vertex and fragment shaders give out fingerprintable information.
As you may have noticed, the majority of new techniques rely on vertex and fragment shaders. They are perfect for fingerprinting because a lot of computer specifics have effect on them.
If you want to know exactly what tasks are used to get these information, or how to compose a fingerprint out of gathered information, check out the original paper.