A Quarter of the Alexa Top 10K Websites Are Using Browser Fingerprinting Scripts (zdnet.com) 13
An anonymous reader quotes a report from ZDNet: A browser fingerprinting script is a piece of JavaScript code that runs inside a web page and works by testing for the presence of certain browser features. In an academic paper published earlier this month, a team of academics from the University of Iowa, Mozilla, and the University of California, Davis, has analyzed how popular browser fingerprinting scripts are used today by website operators. Using a machine learning toolkit they developed themselves and named FP-Inspector, the research team scanned and analyzed the top 100,000 most popular websites on the internet, according to the Alexa web traffic ranking.
"We find that browser fingerprinting is now present on more than 10% of the top-100K websites and over a quarter of the top-10K websites," the research team said. However, the research team also points out that despite the large number of websites that are currently using browser fingerprinting, not all scripts are used for tracking. Some fingerprinting scripts are also used for fraud detection since automated bots tend to have the same or similar fingerprints, and fingerprinting scripts are a reliable method of detecting automated behavior. Additional details about the team's research can be found in a paper named "Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors," set to be presented at the IEEE Symposium on Security and Privacy, next year, in May 2021. If you're concerned about the findings, you can block fingerprinting scripts by enabling anti-fingerprinting protections in your respective browser settings or by installing an ad blocker extension.
"We find that browser fingerprinting is now present on more than 10% of the top-100K websites and over a quarter of the top-10K websites," the research team said. However, the research team also points out that despite the large number of websites that are currently using browser fingerprinting, not all scripts are used for tracking. Some fingerprinting scripts are also used for fraud detection since automated bots tend to have the same or similar fingerprints, and fingerprinting scripts are a reliable method of detecting automated behavior. Additional details about the team's research can be found in a paper named "Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors," set to be presented at the IEEE Symposium on Security and Privacy, next year, in May 2021. If you're concerned about the findings, you can block fingerprinting scripts by enabling anti-fingerprinting protections in your respective browser settings or by installing an ad blocker extension.
Or just block javascript (Score:3)
"If you're concerned about the findings, you can block fingerprinting scripts by enabling anti-fingerprinting protections in your respective browser settings or by installing an ad blocker extension."
I'm guessing sites will respect anti-fingerprinting about as much as they do the "Do Not Track" setting.
Or as much as some search engines respect robots.txt files.
Re: (Score:2)
These are probably the quarter that spy on you, so all is well.
Re: (Score:3)
Killing javascript can make some websites not work.
It will make crappily written web sites not work. HTML is all that you should need to view pages, fill forms in, maybe order & pay for something. Yes: javascript can make a page slicker, nicer to use. But most of it does little to make it better for me. Most of it just slows my web browser down.
If NoScript makes a web site not work then it needs to be really interesting for me to just not go elsewhere but enable some javascript. I will enable scripts from the web site itself (& cloudflare, etc), but
Re: (Score:2)
For example eTag tracking [lucb1e.com] does not use JS and survives brower restarts.
This tracking method works without needing to use:
- Cookies
- Javascript
- LocalStorage/SessionStorage/GlobalStorage
- Flash, Java or other plugins
- Your IP address or user agent string
- Any methods employed by Panopticlick
Wikipedia has an entry about this issue [wikipedia.org]
There was a discussion about this problem on Ghacks [ghacks.net]
Re: (Score:2)
Anti-fingerprinting doesn't ask nicely, it fucked up their fingerprints.
For example one popular technique is to render a small hidden image using an HTML canvas. Every machine renders it slightly differently because of course consistency is too much to ask for. So anti-fingerprinting can either just block access to hidden canvas elements or better still slightly randomize the parameters so that every single one is unique. Their database gets filled with crap and they can't track you with them.
Another common
Oh and if you want to check your browser (Score:5, Insightful)
The EFF has a nice site to analyze you:
https://panopticlick.eff.org/ [eff.org]
Re: (Score:2)
Just ran that site in Safari, Firefox, and Chrome. The results reinforced why I don't use Chrome.
Re: (Score:2)
The URL was not found on the server. https://panopticlick.eff.org/t... [eff.org]
Baby and bathwater (Score:1)
Fingerprinting is annoying as hell, true. But, as we won't know the contents of the paper until next frigging May, this Chicken Little attitude doesn't help.
For instance, querying WebAudioWorklet, Geolocation and canvas have legitimate uses, namely, is the functionality they provide is available. As a point of data, knowing someone is using Chrome by querying the existence of WebAudioWorklet is distinct overkill when the navigator object can tell you that (Or if you're using Safari. Or Edge. Or Firefox.) as
Re: (Score:2)
It doesn't matter how important you think it is. We just have to be able to turn it all off, no questions asked.