160 likes | 417 Views
Using browser properties for fingerprinting. Ralph broenink. User tracking. Alert Drunk terrorist going to put a bomb in a teddy bear. ‘traditional’ cookies. Flash Local Shared Objects. HTTP Cookies. HTML5 Local Storage. ‘Traditional’ cookies. 3u938s24. 3u938s24.
E N D
Using browser propertiesforfingerprinting Ralph broenink
User tracking Alert Drunk terrorist goingto put a bomb in a teddy bear
‘traditional’ cookies Flash Local Shared Objects HTTP Cookies HTML5 Local Storage
‘Traditional’ cookies 3u938s24 3u938s24 3u938s24 3u938s24
“Anyonewho[…] wants to save data in the peripherals of the user, is requiredto […] have obtainedpermissionfrom the user.” – article 11.7a, Telecommunicatiewet (translated) Isn’tthere a new lawagainstit?
Yeah, but ... Host: www.letmetrackyou.org Connection: keep-alive Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.18 (KHTML, like Gecko) Chrome/18.0.1010.1 Safari/535.18 Accept: text/html,application/xhtml+xml, application/xml;q=0.9,*/*;q=0.8 Accept-Encoding:gzip,deflate,sdchAccept-Language:en-GB,en;q=0.8, en-US;q=0.6,nl;q=0.4Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 name version language character set screen resolution operating system timezone font list + order HTTP HEADERS JAVASCRIPT
identical (consistent)? unique? Character set: UTF-8 Resolution: 1280x768 Language: Dutch OS: Windows 7 64-bit Plugins: Flash 10.1, … Fonts: Arial, …
Are fingerprintsunique? >8.47 bits of entropy (of 8.95 possible)
Are fingerprints consistent? Arial Black Calibri Candara Comic Sans MS Consolas Constantia Browser version: 4.0.1 5.0.0 5.0.1 4.0.0 5.0.2 4.1.0 4.0.2 6.0.0 Segoe UI Corbel Franklin Gothic Medium Gabriola Georgia Palatino Linotype Segoe Print Trebuchet MS
Are fingerprints consistent? They are fairly consistent.
Mobile devices X-VF-ACR X-Brand-ID
Whatcanyou do? private browsing mode Tor Browser
Anonymousbrowsing does notexist Ralph broenink