Researchers claim their automated browser profiling system facilitates browser fingerprinting, overcomes certain anti-fingerprinting methods, and demonstrates that browser privacy extensions “can leak more data than they disguise and can even be semi-automatically circumvented, leading to a false sense of safety.”
Browser fingerprinting includes collecting data about the browser and related software and hardware of an internet user, such as browser type, operating system, headers for different network requests, cookies, extensions, screen resolution, etc.
The results have consequences for anyone under the impression that online privacy or anonymity can be guaranteed, but especially for Tor browser users who have been intended to withstand fingerprints. The study indicates that Tor’s attempt to make users appear to have the same browser fingerprint, thus mixing into the crowd, may fall short when considering extra information points.
The upshot is: this technique won’t unmask you immediately and it isn’t ideal at all, but it could possibly be used to monitor you around the internet and target you with advertisements.
The other includes measuring memory allocator time variations to infer a memory region’s assigned size.
And their study demonstrates that these are much more than covered by formal documentation. This implies that browser fingerprints can be much more comprehensive than they are now–have more information points. For example, Firefox’s Mozilla Developer Network documentation covers 2,247 browser properties. It was possible for scientists to catch 15,709. Although not all of these are fingerprinting usable and some are duplicates, they claim they discovered about 10,000 usable characteristics for all browsers.
Schwarz, Lackner, and Gruss conclude by stating that they hope browser manufacturers will take their results into account as they work to enhance browser extensions and privacy