As they say, there is no such thing as privacy online. Everyone has been taught when are looking up sensitive or personal information, to open a private browser on your laptop or even use a different browser all together. But what happens when your online identity isn’t tied to the cookies in one browser on your device but your computer as a whole? I will tell you:
Or at least that’s what I imagine from the findings of a 15-page research paper titled Cross-Browser Fingerprinting via OS and Hardware Level Features written by Yinzhi Cao and Song Li in the Security Lab at Lehigh University along with Erik Wijmans at Washington University in St. Louis. Erik contributed to this project when he was a Research Experience Undergraduate student at Lehigh University. They are going to present their findings at the Network and Distributed System Security Symposium in San Diego, California, scheduled to run from February 26 through March 1 of this year.
The paper explains that by using the specific hardware and software cues from the device, that a user could be tracked online across different browsers with up to 99.24% successful identification versus the standard single browser which only identified 90.84% of users in the same test data. They acquired this data by using Amazon Mechanical Turk and MacroWorkers and collected over 3,615 fingerprints from 1,903 users within 3 months.
The Cross-Browser Fingerprinting works by using specific code and scripts to identify the exact hardware such as the CPU and the graphics card for example. All told, the algorithm runs over 20 different test to produce a 32-digit string to identify the browser used and a separate 32-digit string to identify the computer used.
Here are my results just to give you a Real World taste of why our privacy is going out the window soon:
Chrome - Browser Unique Identifier - c3eddf2fd0cc10170bfeff04db37355e Computer Unique Identifier - f9c0ce01e2d1d70ec2dc16d6940806ee Chrome (Incognito) - Browser Unique Identifier - 020b9e14cfbca11ef98454537ba853e2 Computer Unique Identifier - f9c0ce01e2d1d70ec2dc16d6940806ee Internet Explorer 11 - Browser Unique Identifier - 4456d6bef4fc73c9dd574db68694b0b6 Computer Unique Identifier - f9c0ce01e2d1d70ec2dc16d6940806ee
Now you may look at this and go so what? But remember, their main goal is to use a unique identifier to identify the DEVICE that a user is using. And there isn’t a device out there today that can’t open a website. Look at the Computer Unique Identifier each test, the one ending in “…806ee”. That’s my Unique COMPUTER identifier. Notice how it didn’t matter what browser I used, the Unique Computer Fingerprint always matched up. Very soon, there could be a day where banner ads refer to you by name and show all of your private information. That’s a future that is always portrayed in Sci-Fi movies but it may be closer than we think.
“John, just buy the shoes already. You been looking at the page 33 times in the last 6 weeks. She will enjoy the surprise.”
– Future Banner Ads of 2020