Pennsylvania-based computer science professor Yinzhi Cao just unveiled a method that makes “fingerprinting” across multiple web browsers possible — with a striking degree of accuracy, Mashable reports.
That means anyone looking to follow you around the internet — advertisers, credit card companies, or websites — can now do so even if you habitually switch from Firefox to Chrome to Safari.
Browser fingerprinting works by identifying a set of characteristics unique to a computer’s hardware and software, using that information to create a “fingerprint” for the system in question. You may not realize it, but everything from your installed fonts to your screen resolution combines to form a profile of you that is identifiable approximately 91 percent of the time.
This tracking technique used to be defeated by switching browsers. Hop off of Firefox and onto Safari and you were good to go. That defense no longer works with Cao’s new approach, although it is unclear if anyone is using it yet.
What’s worse, a 99-percent success rate means his method is even more accurate than the old single-browser approach.
“From the negative perspective, people can use our cross-browser tracking to violate users’ privacy by providing customized ads,” Cao said. “Our work makes the scenario even worse, because after the user switches browsers, the ads company can still recognize the user. In order to defeat the privacy violation, we believe that we need to know our enemy well.”
Fortunately for the aforementioned enemy, Cao has published the code online. That’s not entirely a bad thing, however: Knowing how it works also allows computer scientists to attempt some sort of defense.
And how does it work? The short answer is that it’s complicated. “Specifically, our approach utilizes many novel OS and hardware level features, such as those from graphics cards, CPU, and installed writing scripts,” the paper reads. “We extract these features by asking browsers to perform tasks that rely on corresponding OS and hardware functionalities.”
Thirty-six tasks, to be precise. These take under a minute to run, and were found to successfully work on many major browsers, such as Chrome, Firefox, Safari, Microsoft Edge, and Opera.
But all is not lost for the privacy-concerned, as this stab at cross-browser fingerprinting is not foolproof.
As with so many things on the internet, the solution is straightforward: Use Tor.