Shulou(Shulou.com)06/03 Report--

This article mainly introduces "what is the browser fingerprint tracking technology". In the daily operation, I believe that many people have doubts about the browser fingerprint tracking technology. The editor has consulted all kinds of data and sorted out simple and easy-to-use operation methods. I hope it will be helpful for you to answer the doubts about "what is the browser fingerprint tracking technology?" Next, please follow the editor to study!

What is a browser fingerprint?

The fingerprints we often talk about refer to the fingerprints on people's fingers. Because of their uniqueness, they can be used to identify a person's unique identity. Browser fingerprint refers to a string composed of all kinds of information of the browser, such as CPU core number, graphics card information, system font, screen resolution, browser plug-in, etc., which can almost absolutely locate a user, even if the privacy window mode of the browser is used.

This is a passive recognition method. In other words, in theory, if you visit a website, then the website can identify you. Although you don't know who you are, you have a unique fingerprint, whether it's advertising, accurate push, security precautions in the future. or other things about privacy, are very convenient.

Second, what are the technical points for realizing browser fingerprinting?

1. Basic fingerprint

Browser basic fingerprint is the characteristic identification that any browser has, such as screen resolution, hardware type, operating system, user agent (User agent), system font, language, browser plug-in, browser extension, browser setting, time zone difference and so on. These fingerprint information is "similar" to human height, age and so on. It has a high probability of conflict and can only be used as an auxiliary identification. You can view the basic features of the local browser at this URL, https://www.whatismybrowser.com/

2. Advanced fingerprint

The difference between browser advanced fingerprints and basic fingerprints is that basic fingerprints are like human appearance features, which can be distinguished by men and women, height and weight. However, these features cannot uniquely identify a person, and only using basic fingerprints can not determine the uniqueness of the client. Based on many advanced functions of HTML5, advanced fingerprints can be generated.

Canvas fingerprint

When it comes to advanced fingerprints, we have to mention Canvas fingerprints. Canvas (canvas) is a dynamic drawing tag in HTML5 that can be used to generate or even process advanced images.

The principle of Canvas fingerprint is roughly as follows:

With the same HTMLCanvasElement element drawing operation, the image content is not exactly the same in different operating systems and browsers. In terms of image format, different browsers use different graphics processing engines, different image export options, different default compression levels, and so on. At the pixel level, the operating system uses different settings and algorithms for anti-aliasing and sub-pixel rendering. Even with the same drawing operation, the CRC test of the resulting picture data is not the same. Canvas has been supported by almost all major browsers and can be accessed through most PC, tablets and smartphones.

WebGL fingerprint

You can get the Webgl object (canvas.getContext ("webgl") through the HTMLCanvasElement element, through which you can obtain the user's hardware information, such as video card name, video card model, video card manufacturer, etc., such as ANGLE (NVIDIA GeForce GTX 1050 Ti Direct3D11 vs50 ps50), Google Inc.

Because the hardware is generally not replaced at will, some of the hardware has not been replaced when the computer is bought and scrapped, and there are many kinds of computer hardware. Although there is a very large collision rate, it can still be used as part of the user's fingerprint. The more information the user collects, the more it can represent the user's unique fingerprint, which can not be ignored.

AudioContext fingerprint

The Audio API provided by HTML5 for JavaScript programming allows developers to directly manipulate the original audio stream data in the code, to generate, process and recreate it arbitrarily, such as improving the tone, changing the tone, audio segmentation and other operations, or even called the web version of Adobe Audition.

The principle of AudioContext fingerprint is roughly as follows:

Method 1: generate the audio information stream (triangle wave), perform FFT transform on it, and calculate the SHA value as fingerprint.

Method 2: generate audio information stream (sine wave), process it dynamically, and calculate the MD5 value.

Both methods are cleared before the audio is output to the audio device, and the user gets the fingerprint without even knowing it.

Basic principles of AudioContext fingerprint:

Subtle differences in hardware or software of the host or browser lead to differences in the processing of audio signals. The same browser on the same device produces the same audio output, while different machines or different browsers produce different audio outputs.

From the above, we can see that the principles of AudioContext and Canvas fingerprints are very similar, both make use of the differences in hardware or software, the former generates audio, the latter generates pictures, and then calculates different hash values as identification.

WebRTC fingerprint

WebRTC (Web Real-time Communication, Web Real Time Communication), which enables browsers to have the ability of real-time audio and video communication, provides three main API to enable JS to obtain and exchange audio and video data in real time, MediaStream, RTCPeerConnection and RTCDataChannel. Of course, if you want to use WebRTC to gain communication capabilities, the user's real ip will have to be exposed (NAT penetration), so RTCPeerConnection provides such an API, and you can get the user's IP address directly using JS. The user's private network IP address will not change in most cases, so it can also be used as one of the factors of the user's fingerprint.

Comprehensive fingerprint

The above points have mentioned roughly what the browser fingerprint is, but it is only a part of it, but the scattered fingerprint information can not really locate the only user, and can not be used to represent the unique identity of a user (user fingerprint).

Comprehensive fingerprint means that by combining all the user's browser information, you can locate and identify the user with an accuracy of nearly 99%. The comprehensive fingerprint is roughly as follows:

Basic fingerprint (UserAgent, screen resolution, number of CPU cores, memory size, plug-in information, language, etc.)

Advanced fingerprint part (Canvas fingerprint, Webgl fingerprint, AudioContext fingerprint, WebRTC fingerprint, font fingerprint, etc.)

Geographical location, time zone, DNS, SSL certificate and other information.

Combining the above points, you can generate comprehensive fingerprints (user fingerprints), which can reach more than 99% of the users mentioned above and can locate unique users.

How to prevent "user fingerprint" from being generated?

We talked about how a lot of websites use various technologies to "generate" user fingerprints to identify unique users, so let's talk about how to avoid being "generated" unique user fingerprints by the site.

The common means is to prevent the website from getting all kinds of information or return a fake data through the browser's extension, which is realized by executing a piece of JS code before the page is loaded, changing, rewriting, and HOOK the various functions of js, because the flexibility of JS provides the possibility for this way. But this approach is always superficial, using JS modification can prevent most websites from generating unique fingerprints, but there is a means to detect whether they are "cheating".

A better way is to do processing from the bottom of the browser, and modify the API from the bottom of the browser so that the information obtained in the js layer is not unique, and no matter how it is combined, it can not generate a unique fingerprint that represents the user. For example: owl browser

Owl browser is based on chromium code modification and compilation of the browser, from the bottom of a variety of API changes, can be given to the user to customize the return of a variety of data, such as Canvas, Webgl, AudioContext, WebRTC, font, UserAgent, screen resolution, CPU core number, memory size, plug-in information, language and other information, so that you can completely avoid being "generated" unique user fingerprint.

At this point, the study of "what are the browser fingerprint tracking technologies" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.