Web - Browser Fingerprinting

> (World Wide) Web - (W3|WWW) > Web - Browser

1 - About

Fingerprinting a user. By collecting enough characteristics of a user's system, an individual user's browser's “digital fingerprint” can be computed.

Example:

  • fonts a user has installed
  • the exact list of which features a user agents supports.
  • the maximum allowed stack depth for recursion in script.
  • features that describe the user's environment
  • the user's time zone.

See also:

Advertising

3 - Type

3.1 - Device characteristic

Some device characteristic are chosen to create a hash.

3.2 - Canvas Fingerprinting

Canvas fingerprinting is a type of browser or device fingerprinting technique that was first presented by (2012) Mowery and Shacham in 2012 (Pixel Perfect: Fingerprinting Canvas in HTML5) -

The rendering of a canvas is heavily dependent on the device.

Algo: Render a picture on the canvas > To Base64 encoded > digest function to get the fingerprint value.

4 - Implementation

4.1 - Valve fingerprintjs

<script src="//cdn.jsdelivr.net/npm/[email protected]/dist/fingerprint2.min.js"></script>
fingerPrint = function () {
 
	// Options
	var options = {
		fonts: {extendedJsFonts: true}, 
		excludes: {userAgent: true}
	}
 
	// Hash
	Fingerprint2.getV18(options, (result) => console.log('Fingerprint:'+result));
 
	// Browser Characteristic
	Fingerprint2.get(options, function (components) {
	  console.log('Characteristics:');
	  console.log(JSON.stringify(components, null, 2)) // an array of components: {key: ..., value: ...}
	})
}
  • The function call delayed to ensure consistent fingerprints
if (window.requestIdleCallback) {
    requestIdleCallback(function () {
		fingerPrint();
    })
} else {
    setTimeout(function () {
        fingerPrint();
    }, 500)
}

Advertising

4.2 - Browser DNA

4.3 - Aloodo

  • Aloodo is a tracking detection script. (designed to be blocked by all the popular Web privacy tools). You can use it to help your users learn if they are still vulnerable to third-party tracking, and start to do something about it.

See also:

4.4 - panopticlick

Panopticlick, Eckersley’s “open-source” implementation of browser fingerprinting. They take:

  • plugins,
  • fonts,
  • timezone,
  • supercookies,
  • cookies enabled,
  • user agent,
  • http accept
  • and screen resolution
Advertising

5 - Documentation / Reference