Academics have come up with a new technique that leaks data about users’ browsers; enough to defeat anti-fingerprinting systems and privacy-preserving browser extensions to provide ways to identify users by their browser and underlying platform in a way that has not been done before.
The research team says these templates can be used at a later point to scan a visiting user and detect specific environment details based on the default property values the user’s browser’s returns.
This data can be used for creating user profiles (for traffic/user fingerprinting) that break user anonymity or for devious means, like refining the targeting of zero-day exploits.
A pretty powerful & accurate attack
The research team said tests showed their method was able to distinguish between all 40 tested environments; distinguish browser down to exact version; determine installed extensions based on how they modified native property values; determine even individual extension settings; determine extremely technical details such as the CPU vendor, actual operating system (not the one declared by user agents, which can be faked); determine the presence of a browser private mode; and even if the browser was running from within a virtual machine.
This information might be useful for tracking or might be more useful for refining exploits. It all depends on what the threat actor is trying to do, but the conclusion is that the method is reliable enough to work and bypass even privacy-hardened environments, like Tor on Android.