Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
The Internet Java Network Security

A Quarter of the Alexa Top 10K Websites Are Using Browser Fingerprinting Scripts (zdnet.com) 13

An anonymous reader quotes a report from ZDNet: A browser fingerprinting script is a piece of JavaScript code that runs inside a web page and works by testing for the presence of certain browser features. In an academic paper published earlier this month, a team of academics from the University of Iowa, Mozilla, and the University of California, Davis, has analyzed how popular browser fingerprinting scripts are used today by website operators. Using a machine learning toolkit they developed themselves and named FP-Inspector, the research team scanned and analyzed the top 100,000 most popular websites on the internet, according to the Alexa web traffic ranking.

"We find that browser fingerprinting is now present on more than 10% of the top-100K websites and over a quarter of the top-10K websites," the research team said. However, the research team also points out that despite the large number of websites that are currently using browser fingerprinting, not all scripts are used for tracking. Some fingerprinting scripts are also used for fraud detection since automated bots tend to have the same or similar fingerprints, and fingerprinting scripts are a reliable method of detecting automated behavior. Additional details about the team's research can be found in a paper named "Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors," set to be presented at the IEEE Symposium on Security and Privacy, next year, in May 2021.
If you're concerned about the findings, you can block fingerprinting scripts by enabling anti-fingerprinting protections in your respective browser settings or by installing an ad blocker extension.
This discussion has been archived. No new comments can be posted.

A Quarter of the Alexa Top 10K Websites Are Using Browser Fingerprinting Scripts

Comments Filter:
  • by bobstreo ( 1320787 ) on Wednesday August 26, 2020 @07:05PM (#60444869)

    "If you're concerned about the findings, you can block fingerprinting scripts by enabling anti-fingerprinting protections in your respective browser settings or by installing an ad blocker extension."

    I'm guessing sites will respect anti-fingerprinting about as much as they do the "Do Not Track" setting.

    Or as much as some search engines respect robots.txt files.

    • Just blocking JS won't work either since there are fingerprinting methods that work despite JS disabled.

      For example eTag tracking [lucb1e.com] does not use JS and survives brower restarts.

      This tracking method works without needing to use:
      - Cookies
      - Javascript
      - LocalStorage/SessionStorage/GlobalStorage
      - Flash, Java or other plugins
      - Your IP address or user agent string
      - Any methods employed by Panopticlick

      Wikipedia has an entry about this issue [wikipedia.org]

      There was a discussion about this problem on Ghacks [ghacks.net]
    • by AmiMoJo ( 196126 )

      Anti-fingerprinting doesn't ask nicely, it fucked up their fingerprints.

      For example one popular technique is to render a small hidden image using an HTML canvas. Every machine renders it slightly differently because of course consistency is too much to ask for. So anti-fingerprinting can either just block access to hidden canvas elements or better still slightly randomize the parameters so that every single one is unique. Their database gets filled with crap and they can't track you with them.

      Another common

  • by bobstreo ( 1320787 ) on Wednesday August 26, 2020 @07:37PM (#60444963)

    The EFF has a nice site to analyze you:

    https://panopticlick.eff.org/ [eff.org]

  • Fingerprinting is annoying as hell, true. But, as we won't know the contents of the paper until next frigging May, this Chicken Little attitude doesn't help.

    For instance, querying WebAudioWorklet, Geolocation and canvas have legitimate uses, namely, is the functionality they provide is available. As a point of data, knowing someone is using Chrome by querying the existence of WebAudioWorklet is distinct overkill when the navigator object can tell you that (Or if you're using Safari. Or Edge. Or Firefox.) as

You can be replaced by this computer.

Working...