browser fingerprinting | Breaking Cybersecurity News | The Hacker News

The case for browser fingerprinting: personalizing user experience, improving fraud detection, and optimizing login security Have you ever heard of browser fingerprinting? You should! It's an online user identification technique that collects information about a visitor's web browser and its configuration preferences to associate individual browsing sessions with a single website visitor.  With browser fingerprinting, many pieces of data can be collected about a user's web browser and device, such as screen resolution, location, language, and operating system. When you stitch these pieces together, they reveal a unique combination of information that forms every user's visitor ID or "digital fingerprint." Websites can use the visitor ID in various ways, including personalizing the user's experience, improving fraud detection, and optimizing login security. This article discusses the case for browser fingerprinting and how to use it safely on your websi

Google on Wednesday announced plans to bring its Privacy Sandbox initiatives to Android in a bid to expand its privacy-focused, but also less disruptive, advertising technology beyond the desktop web. To that end, the internet giant said it will work towards building solutions that prevent cross-app tracking à la Apple's App Tracking Transparency ( ATT ) framework, effectively limiting sharing of user data with third-parties as well as eliminating identifiers such as advertising IDs on mobile devices. "The Privacy Sandbox on Android builds on our existing efforts on the web, providing a clear path forward to improve user privacy without putting access to free content and services at risk," Anthony Chavez, vice president of product management for Android security and privacy,  said . Privacy Sandbox , launched in 2019, is Google's umbrella term for a set of technologies that will phase out third-party cookies and curb covert tracking, like  fingerprinting , by redu

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

Researchers have demonstrated a new type of fingerprinting technique that exploits a machine's graphics processing unit (GPU) as a means to persistently track users across the web. Dubbed  DrawnApart , the method "identifies a device from the unique properties of its GPU stack," researchers from Australia, France, and Israel said in a new paper, adding "variations in speed among the multiple execution units that comprise a GPU can serve as a reliable and robust device signature, which can be collected using unprivileged JavaScript." A device fingerprint or machine fingerprint is information that is collected about the hardware, installed software, as well as the web browser and its associated add-ons from a remote computing device for the purpose of unique identification. Fingerprints can be a double-edged sword. On the one hand, a fingerprint algorithm may allow a service provider (e.g., bank) to detect and prevent identity theft and credit card fraud. But

A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed  IndexedDB Leaks , was disclosed by fraud protection software company FingerprintJS, which  reported the issue  to the iPhone maker on November 28, 2021. IndexedDB is a low-level JavaScript application programming interface (API) provided by web browsers for managing a  NoSQL database  of structured data objects such as files and blobs. "Like most web storage solutions, IndexedDB follows a same-origin policy," Mozilla  notes in its documentation  of the API. "So while you can access stored data within a domain, you cannot access data across different domains." Same-origin is a  fundamental security mechanism  that ensures that resources retrieved from distinct  origins  — i.e., a  combination  of the scheme (protocol),

At the company's I/O 2019 developer conference, Google has announced its plan to introduce two new privacy and security-oriented features in the upcoming versions of its Chrome web browser. In an attempt to allow users to block online tracking, Google has announced two new features—Improved SameSite Cookies and Fingerprinting Protection—that will be previewed by Google in the Chrome web browser later this year. Cookies, also referred to as HTTP cookies or browser cookies, are the small pieces of information that websites store on your computer, which play an important role in improving your online experience. Cookies are created by a web browser when a user loads a particular website, which helps the website to remember information about your visit, like your login information, preferred language, items in the shopping cart and other settings. However, cookies are also being widely used to identify users and track their activities not only on the site that issued a cooki

Do you know? Thousands of websites use HTML5 Canvas —a method supported by all major browsers that allow websites to dynamically draw graphics on web pages—to track and potentially identify users across the websites by secretly fingerprinting their web browsers. Over three years ago, the concern surrounding browser fingerprinting was highlighted by computer security experts from Princeton University and KU Leuven University in Belgium. In 2014, the researchers demonstrated how browser's native Canvas element can be used to draw unique images to assign each user's device a number (a fingerprint) that uniquely identifies them. These fingerprints are then used to detect when that specific user visits affiliated websites and create a profile of the user's web browsing habits, which is then shared among advertising partners for targeted advertisements. Since then many third-party plugins and add-ons (ex. Canvas Defender ) emerged online to help users identify and block

You might be aware of websites, banks, retailers, and advertisers tracking your online activities using different Web "fingerprinting" techniques even in incognito/private mode, but now sites can track you anywhere online — even if you switch browsers. A team of researchers has recently developed a cross-browser fingerprinting technique — the first reliable technique to accurately track users across multiple browsers based on information like extensions, plugins, time zone and whether or not an ad blocker is installed. Previous fingerprinting methods usually only work across a single browser, but the new method uses operating system and hardware level features and works across multiple browsers. This new fingerprinting technique ties digital fingerprint left behind by a Firefox browser to the fingerprint from a Chrome browser or Windows Edge running on the same device. This makes the method particularly useful to advertisers, enabling them to continue serving tar

Despite browsing incognito, blocking advertisements, or hiding your tracks, some websites monitor and track your every move online using a new web-tracking technique called Audio Fingerprinting . This new fingerprinting technique can be utilized by technology and marketing companies to deliver targeted advertisements as well as by law enforcement to unmask VPN or Anonymous users, without even decrypting the traffic. Researchers at Princeton University have conducted a massive privacy survey and discovered that Google, through its multiple domains, is tracking users on nearly 80 percent of all Top 1 Million Domains using the variety of tracking and identification techniques. Out of them, the newest tracking technology unearthed by the researchers is the one based on fingerprinting a machine's audio stack through the AudioContext API . "All of the top five third-parties, as well as 12 of the top 20, are Google-owned domains," the researchers note. "In fact, Goog

Webmasters can track all your activities on the Internet – even if you have already cleared your browsing history and deleted all saved cookies. A researcher demonstrated two unpatched flaws that can be exploited to track Millions of Internet users, allowing malicious website owners: List Building: To compile a list of visited domains by users, even if they have cleared their browsing history Tracking Cookies: To tag users with a tracking cookie that will persist even after they have deleted all cookies These two Browser Fingerprinting techniques abuse HTTP Strict Transport Security (HSTS) and Content Security Policy – new security features already built into Mozilla Firefox and Google Chrome, and expected to make their ways to other mainstream browsers in near future. WHAT IF, The Website owners turn these Security features against You? A security researcher has proved exactly the same last weekend at Toorcon security conference in San Diego. Yan Zhu, an