Dull captaincy or how the Tor Project fights browser fingerprinting
The article, known in certain circles, Hovav Shacam and Keaton Mowery from 2012, described a new at the time of generating a browser and system identifier directly from JavaScript - Canvas Fingerprinting. The method allowed to distinguish, including equipment ...
The essence of the method is that on different systems in different browsers the text is rendered differently (and not only the text), since many different components are responsible for this at different levels, which may have different settings for the components of the underlying level.
The article describes a method using the getImageData API , which returns a pixel-by-pixel image. The use of WebGL is also considered: different systems and 3D scenes are rendered differently.
')
The article recommended the use of purely software rendering, without using OS components and other software installed on a PC, noise, and other protection techniques. In the Tor Project, the ability to create fingerprints was patched by asking for permissions on getImageData and replacing random fonts with a fallback font (so we take measurements 10 times).
There are other APIs with current information. For example, the text measurement API. If the text is rendered differently, then the dimensions should be slightly different. Check this hypothesis using the measureText API for the same canvas and the DOM getBoundingClientRect API.
Clone the repository , run the latest (or not the last) TBB on your computer, open the HTML file from the repository in it, post the result in the comments, and better - make PR . You can also go to fiddle or fullscreen fiddle . In principle, it was not possible to make hashes, it would give more space for data mining, but even in compressed form, a complete set of information about each font takes a lot of space. Therefore we manage with hashes. Who wants to dig deeper, he can uncomment a few lines in the source.
First run on Firefox stable and nightly versions.
Give the same prints.
Now on the seven
As you can see, the prints are different.
Now let's play with the parameters. The game with the ClearType parameters did not give anything, as well as the inclusion of DirectWrite , but the inclusion of e10s changed the imprint and completely ruined the rendering (all pages were rendered in a black rectangle).
To start in Chrome, you need to change the source code - it does not understand type = "application / javascript; version = 1.7", and for some reason it is not recorded in cookies. In TBB, on the contrary, it is not recorded in Storage, it may be disabled. Since we are talking about compatibility, I’ll say that the compatibility with ES6 implementations in browsers is just a problem: one does not support generating functions with a star, the other without a star, the other needs to be written ...
... and even wrap in an anonymous function - otherwise strict mode will not turn on in this browser, and ES6 along with it, the third one does not support arrow functions (therefore there are no results for it, a browser that does not support the latest standards or at least their drafts are not needed) ). Firefox behaved better, it needs only type = "application / javascript; version = 1.7".
Also starius published their results .
Do not forget Android
The TBB version A print on Win 8.1 PARTIALLY coincides with the Firefox Nightly print with e10s enabled. In particular, prints for Courier New, Georgia and System do not match.
Go to another computer with Win XP, check what gives out there.
Let's try another version of TBB.
Disable fonts.
As you can see, now you can extract information only about the Fallback font.
Intermediate starius results
You can see that the prints for the fonts are the same as those for IceWeasel.
As we see, depending on the environment, the prints are different. One way to solve this and a number of other problems is to use Linux distributions, specifically designed for anonymous work.
Consider TAILS and Whonix .
Let's see what TBB gives to TAILS.
Now let's see what IceWeasel gives out on Whonix
Finally TBB on Whonix
It coincides with the intermediate results of starius , which is good. The TBB and IceWeasel prints almost coincide: IceWeasel has 1 more font available. There is a difference between the TAILS, Whonix and TBB prints on different systems, which is bad. That is, you can distinguish OSes.
Check on one of the distributions of Linux.
Does not match the results of starius .
I copied several fonts from Windows, installed and observed strange things: it looks like the fonts depend on each other.
Installed Consolas. Everything has changed.
Installed Constantia.
I installed a bunch of fonts (except Times New Roman and Arial). Everything has changed, except Consolas. By some miracle, Inconsolata appeared, although I did not install it.
Installed Times New Roman. Everything has changed ... Inconsolata has disappeared ...
Installed Arial. Only he and sans-serif have changed.
A little offtopic: in the course of this part of the study, it turned out that many fonts contain a comment with recommendations for its use. It is a pity that in text editors they are not shown on hover.
After the publication of this article, gk from the Tor Project bug tracker prompted an interesting article.
PriVaricator: Deceiving Fingerprinters with Little White Lies. Nikiforakis N., Joosen W., Livshits B .. Several tracking scripts are mentioned in it, in particular, at least Bluecava BCAC5.js and tagv22.pkmin.js (the implementations are the same) use almost the same technique (though they extract less information on the font, they have a greater likelihood of collisions, and they are only interested in the list fonts) to create prints. A table with direct addresses of fingerprinting scripts can be found in this article .
The article proposes a way to randomize the values that can be fingerprinted, in order to prevent tracking, but we have already seen with the example of TBB how successful this randomization is. I believe that randomization for each site is useless, since it can always be bypassed. If, as suggested in the article, the random values cache is used (random values are saved and random values will be the same for this site when you restart the fingerprint printer)
Using a cache that is common to all sites and changing only during a new session is one of the options. This will allow you to track sessions in pedelah, but will not allow you to create an identifier that persists between sessions.
Article
The essence of the method is that on different systems in different browsers the text is rendered differently (and not only the text), since many different components are responsible for this at different levels, which may have different settings for the components of the underlying level.
- There may be trite different (with a different set of characters, with slightly different glyphs, with different ligatures and kerning ...) fonts.
- Different parameters for calling library functions in different browsers.
- Different versions of libfreetype and other rendering libraries.
- Different implementations in the OS and different OS settings (for example, different versions of ClearType and different screen resolutions).
- Different graphics drivers.
- Miscellaneous graphic iron.
The article describes a method using the getImageData API , which returns a pixel-by-pixel image. The use of WebGL is also considered: different systems and 3D scenes are rendered differently.
')
The article recommended the use of purely software rendering, without using OS components and other software installed on a PC, noise, and other protection techniques. In the Tor Project, the ability to create fingerprints was patched by asking for permissions on getImageData and replacing random fonts with a fallback font (so we take measurements 10 times).
Defective by design
There are other APIs with current information. For example, the text measurement API. If the text is rendered differently, then the dimensions should be slightly different. Check this hypothesis using the measureText API for the same canvas and the DOM getBoundingClientRect API.
Clone the repository , run the latest (or not the last) TBB on your computer, open the HTML file from the repository in it, post the result in the comments, and better - make PR . You can also go to fiddle or fullscreen fiddle . In principle, it was not possible to make hashes, it would give more space for data mining, but even in compressed form, a complete set of information about each font takes a lot of space. Therefore we manage with hashes. Who wants to dig deeper, he can uncomment a few lines in the source.
results
Different browsers
First run on Firefox stable and nightly versions.
Firefox 35.0 and Firefox Nightly 37.0a1 @ Windows 8.1
{ "Impact" : "16b207dfaab7643d19dfa45c", "Courier New" : "7cdc70fc5acdb4fdfbf91150", "Bookman Old Style" : "87bccbb4027b44c3ccec316e", "Consolas" : "2f15e176ec12eedab6a2964c", "MS Gothic" : "83bd03a90697218616b392ec", "Constantia" : "e520f8ba166cc561aafa1bfa", "Calibri" : "e7be39be54baeea86efe204d", "Cambria" : "364950a4a4e688d3a455a0a3", "Wingdings" : "f1ec609eb0ee165edcca0852", "Webdings" : "d6cb6d13744445a8052abf9f", "Symbol" : "472d3c8f99a96b8d182889b5", "Ubuntu Mono" : "dd9b8aa29b7744ad8d5a58f0", "Inconsolata LGC" : "bce92cecba3e4646c2e2720d", "Source Code Pro" : "baebc2fcd75bd7b72d6745b4", "Lucida Handwriting" : "d802c472637db0c3c35f7dc0", "Georgia" : "7eb28794ff6a47f9d4617ea5", "serif" : { "d" : "6f5646f292ff59c85e828f7d", "fonts" : ["Times New Roman", "Droid Sans", "DejaVu Sans", "Inconsolata", "System", "vgaoem"] }, "sans-serif" : { "d" : "6b043ec519448e8dac79e4ee", "fonts" : ["Arial"] } } Give the same prints.
Now on the seven
Firefox 35.0 @ Windows 7
{ "Impact" : "2e32f50e863bc9a085666248", "Courier New" : "aff48e3be26cc0dc507cff3c", "Bookman Old Style" : "6e1b8cc3a60c648c763ccb43", "Consolas" : "156930f3a699c3d4744de1b5", "MS Gothic" : "4d3972114ab839313eb6b86f", "Constantia" : "b22efe989907bbb968cd028d", "Calibri" : "abb1c5868a80896c0c65ee13", "Cambria" : "f364822f7f8f4fd170f2e1e0", "Wingdings" : "66e3a81068bbba59e439235e", "Webdings" : "c22c781324f8365781b359e6", "Symbol" : "7073f323f33a6861b2368641", "Lucida Handwriting" : "7953cc9b88bac85bb5637189", "Georgia" : "8046fa72d901874f1d44c4f5", "serif" : { "d" : "4e9edc58576ac6e25485aeda", "fonts" : ["Times New Roman", "Ubuntu Mono", "Droid Sans", "DejaVu Sans", "Inconsolata", "Inconsolata LGC", "Source Code Pro", "System", "vgaoem"] }, "sans-serif" : { "d" : "0c5aeb3d64c4564e6cfe613f", "fonts" : ["Arial"] } } As you can see, the prints are different.
Now let's play with the parameters. The game with the ClearType parameters did not give anything, as well as the inclusion of DirectWrite , but the inclusion of e10s changed the imprint and completely ruined the rendering (all pages were rendered in a black rectangle).
Firefox Nightly 37.0a1 with e10s enabled @ Windows 8.1
{ "Impact" : "004c408dbbbdb9c9910c4352", "Courier New" : "d1a0a33b5a8fc28faf6586f7", "Bookman Old Style" : "fe957ed9b9d3d352564b832d", "Consolas" : "74831d1303efc9733ab93cb1", "MS Gothic" : "ed7dbb5235608f4c2b38157f", "Constantia" : "c70150a0ed768f5e58196f96", "Calibri" : "94311fb530817035c6d0e67b", "Cambria" : "0013175b346f8ff058a53e16", "Wingdings" : "547a5121752201d862bea0bc", "Webdings" : "a98b6f18a2464e8f4ac0c06b", "Symbol" : "be2745f60719b4350900e044", "Ubuntu Mono" : "7456b9713327556503f5f3df", "Inconsolata LGC" : "49b5231c4cf98df7b253feba", "Source Code Pro" : "12e997bcc449b894550266f9", "Lucida Handwriting" : "d293b8185d9fdb4060403a73", "Georgia" : "5c7d4b20b601096c0f742e01", "System" : "3b0cd6cc6c88c08c7130c0c5", "serif" : { "d" : "c42ce0f2eadd307131c36cdb", "fonts" : ["Times New Roman", "Droid Sans", "DejaVu Sans", "Inconsolata", "vgaoem"] }, "sans-serif" : { "d" : "143b02c39843a1106a4b88ad", "fonts" : ["Arial"] } } To start in Chrome, you need to change the source code - it does not understand type = "application / javascript; version = 1.7", and for some reason it is not recorded in cookies. In TBB, on the contrary, it is not recorded in Storage, it may be disabled. Since we are talking about compatibility, I’ll say that the compatibility with ES6 implementations in browsers is just a problem: one does not support generating functions with a star, the other without a star, the other needs to be written ...
"use strict"; ... and even wrap in an anonymous function - otherwise strict mode will not turn on in this browser, and ES6 along with it, the third one does not support arrow functions (therefore there are no results for it, a browser that does not support the latest standards or at least their drafts are not needed) ). Firefox behaved better, it needs only type = "application / javascript; version = 1.7".
Chrome 39.0.2171.95 @ Windows 8.1
{ "Impact" : "ca3644b7c3b3df328e01cd65", "Courier New" : "1c6c9dd10a5d5bfc8c30ef13", "Bookman Old Style" : "f19f6085ebd1849e84df7a64", "Consolas" : "01c0b01b4b9cd5241a17e5bd", "MS Gothic" : "fbe20d8bed3884f64e27392e", "Constantia" : "f5fc044902baf27fe5dbf32c", "Calibri" : "563c352880c610c0b6d72e5d", "Cambria" : "23ba75fc6063e9b3c56361e2", "Wingdings" : "a65dba96053acacee4518c91", "Webdings" : "bacd52be46fac7bb0bb344e4", "Symbol" : "2323f362e066eaaa6f378187", "Ubuntu Mono" : "a6f4eb9ebd660f0fb218ccb7", "Inconsolata LGC" : "1ba935514f2187f7c4e8b944", "Source Code Pro" : "219562b8e6b7c0a9ef9ae154", "Lucida Handwriting" : "0a3ee60ebecbf1db68813fc5", "Georgia" : "1b20860fcc7ffa79ee0db0d8", "serif" : { "d" : "5fca6b682556b887fe5b91c2", "fonts" : ["Times New Roman", "Droid Sans", "DejaVu Sans", "Inconsolata", "System", "vgaoem"] }, "sans-serif" : { "d" : "5cc93cfaa34d66e6afbf133c", "fonts" : ["Arial"] } } Also starius published their results .
Iceweasel @ Linux by starius
{ "Times New Roman" : "c2c91d5b3c4fecd9109afe0e", "Arial" : "4917211a76ddf69db033e125", "Courier New" : "eb211de3b75234ea90a50c3f", "Symbol" : "709ab9f882b1808b323e7d09", "Droid Sans" : "fbc25f5e038a28b94454fa13", "DejaVu Sans" : "c0bf2bce71e4313758d1aba8", "serif" : { "d" : "5daa940a38e3b137916aadcb", "fonts" : ["Impact", "Bookman Old Style", "Consolas", "MS Gothic", "Constantia", "Calibri", "Cambria", "Wingdings", "Webdings", "Ubuntu Mono", "Inconsolata", "Inconsolata LGC", "Source Code Pro", "Lucida Handwriting", "Georgia", "System", "vgaoem"] }, "sans-serif" : { "d" : "46a9a2d351881662502ed793", "fonts" : [] } } Do not forget Android
Firefox @ CyanogenMod 11 Nightly
{ "serif" : { "d" : "56c4b3aba5c77853c4a1ed56", "fonts" : [] }, "sans-serif" : { "d" : "dec3163b8630ebcf6d7356b6", "fonts" : ["Times New Roman", "Arial", "Impact", "Courier New", "Bookman Old Style", "Consolas", "MS Gothic", "Constantia", "Calibri", "Cambria", "Wingdings", "Webdings", "Symbol", "Ubuntu Mono", "Droid Sans", "DejaVu Sans", "Inconsolata", "Inconsolata LGC", "Source Code Pro", "Lucida Handwriting", "Georgia", "System", "vgaoem"] } } Tor browser bundle
The TBB version A print on Win 8.1 PARTIALLY coincides with the Firefox Nightly print with e10s enabled. In particular, prints for Courier New, Georgia and System do not match.
TBB version A on Win 8.1
{ "Impact" : "004c408dbbbdb9c9910c4352", "Courier New" : "c061e3c7731e6d18b2b1aee2", "Bookman Old Style" : "fe957ed9b9d3d352564b832d", "Consolas" : "74831d1303efc9733ab93cb1", "MS Gothic" : "ed7dbb5235608f4c2b38157f", "Constantia" : "c70150a0ed768f5e58196f96", "Calibri" : "c18f30a9cc711a1e67a5eb5e", "Cambria" : "0013175b346f8ff058a53e16", "Wingdings" : "547a5121752201d862bea0bc", "Webdings" : "a98b6f18a2464e8f4ac0c06b", "Symbol" : "be2745f60719b4350900e044", "Ubuntu Mono" : "7456b9713327556503f5f3df", "Inconsolata LGC" : "49b5231c4cf98df7b253feba", "Source Code Pro" : "12e997bcc449b894550266f9", "Lucida Handwriting" : "d293b8185d9fdb4060403a73", "Georgia" : "56acda38697db9e55593d004", "System" : "096e5dd0fd64151c7c45633c", "serif" : { "d" : "c42ce0f2eadd307131c36cdb", "fonts" : ["Times New Roman", "Droid Sans", "DejaVu Sans", "Inconsolata", "vgaoem"] }, "sans-serif" : { "d" : "143b02c39843a1106a4b88ad", "fonts" : ["Arial"] } } Go to another computer with Win XP, check what gives out there.
TBB version A on Win XP
{ "Impact" : "570243d5a2a1ad9ecb5eeda5", "Courier New" : "9dca70bba9b272bab8f54e67", "Calibri" : "f5f4ca843390787ff5a58aa5", "Wingdings" : "29a0d5b485267d624068b451", "Webdings" : "ac90955ff27cddfd470630a7", "Symbol" : "dbf4640208e822cdce25b7a5", "serif" : { "d" : "eb8f5ca8f335bab71807f6c1", "fonts" : ["Times New Roman", "Bookman Old Style", "Consolas", "MS Gothic", "Constantia", "Cambria", "Ubuntu Mono", "Droid Sans", "DejaVu Sans", "Inconsolata", "Inconsolata LGC", "Source Code Pro", "Lucida Handwriting", "Georgia", "System", "vgaoem"] }, "sans-serif" : { "d" : "4c574db8e9969363d70d0d25", "fonts" : ["Arial"] } } Let's try another version of TBB.
TBB version B on WinXP with browser.display.use_document_fonts = 1 (default)
{ "Impact" : "0a82add690d4353b2730d8ee", "Courier New" : "f2f88522221a2cd46c8e0897", "Calibri" : "166947a8f38924bff8c20df7", "Wingdings" : "71d1ca21e215374130468113", "Webdings" : "3507ade160e9610d45fbdfe3", "Symbol" : "c5b23ac865d492ae2596d17b", "serif" : { "d" : "1f0fec66cf90e8ef39df0209", "fonts" : ["Times New Roman", "Bookman Old Style", "Consolas", "MS Gothic", "Constantia", "Cambria", "Ubuntu Mono", "Droid Sans", "DejaVu Sans", "Inconsolata", "Inconsolata LGC", "Source Code Pro", "Lucida Handwriting", "Georgia", "System", "vgaoem"] }, "sans-serif" : { "d" : "831ea900aa3285fa5747d31b", "fonts" : ["Arial"] } } Disable fonts.
TBB version B on WinXP with browser.display.use_document_fonts = 0
{ "serif" : { "d" : "1f0fec66cf90e8ef39df0209", "fonts" : ["Times New Roman", "Arial", "Impact", "Courier New", "Bookman Old Style", "Consolas", "MS Gothic", "Constantia", "Calibri", "Cambria", "Wingdings", "Webdings", "Symbol", "Ubuntu Mono", "Droid Sans", "DejaVu Sans", "Inconsolata", "Inconsolata LGC", "Source Code Pro", "Lucida Handwriting", "Georgia", "System", "vgaoem"] }, "sans-serif" : { "d" : "1f0fec66cf90e8ef39df0209", "fonts" : [] } } As you can see, now you can extract information only about the Fallback font.
Intermediate starius results
TBB version? @ Linux by starius
{ "it" : 1, "fonts" : { "Times New Roman" : "c2c91d5b3c4fecd9109afe0e", "Arial" : "4917211a76ddf69db033e125", "Courier New" : "eb211de3b75234ea90a50c3f" }, "fontFingerprintingTotalTime" : 2404.465604000002, "serifHash" : "5daa940a38e3b137916aadcb", "sansHash" : "46a9a2d351881662502ed793" } You can see that the prints for the fonts are the same as those for IceWeasel.
Systems for anonymous work
As we see, depending on the environment, the prints are different. One way to solve this and a number of other problems is to use Linux distributions, specifically designed for anonymous work.
Consider TAILS and Whonix .
Let's see what TBB gives to TAILS.
TBB 4.0.2 Tails (on hardware and virtual machines)
{ "Times New Roman" : "be2166d015ec4eeb45a0b798", "Arial" : "a6e6b634440edc0c369bc2e9", "Courier New" : "420ef97e187f6e740f55c365", "serif" : { "d" : "6b4685a844a9ba975363dba5", "fonts" : ["Impact", "Bookman Old Style", "Consolas", "MS Gothic", "Constantia", "Calibri", "Cambria", "Wingdings", "Webdings", "Symbol", "Ubuntu Mono", "Droid Sans", "DejaVu Sans", "Inconsolata", "Inconsolata LGC", "Source Code Pro", "Lucida Handwriting", "Georgia", "System", "vgaoem"] }, "sans-serif" : { "d" : "0873da0f46bd2f66345aba5b", "fonts" : [] } } Now let's see what IceWeasel gives out on Whonix
Iceweasel whonix
{ "DejaVu Sans" : "4fd7fb4babfa17ccd9755508", "serif" : { "d" : "6d0bcd365a1eaade9320ed12", "fonts" : ["Times New Roman", "Arial", "Impact"; "Courier New", "Bookman Old Style", "Consolas", "MS Gothic", "Constantia", "Calibri", "Cambria", "Wingdings", "Webdings", "Symbol", "Ubuntu Mono", "Droid Sans", "Inconsolata", "Inconsolata LGC", "Source Code Pro", "Lucida Handwriting", "Georgia", "System", "vgaoem"] }, "sans-serif" : { "d" : "3a84298716a4bca4cb4f4d0f", "fonts" : [] } } Finally TBB on Whonix
TBB Whonix
{ "serif" : { "d" : "6d0bcd365a1eaade9320ed12", "fonts" : ["Times New Roman", "Arial", "Impact", "Courier New", "Bookman Old Style"; "Consolas", "MS Gothic", "Constantia", "Calibri", "Cambria", "Wingdings", "Webdings", "Symbol", "Ubuntu Mono", "Droid Sans", "DejaVu Sans", "Inconsolata", "Inconsolata LGC", "Source Code Pro", "Lucida Handwriting", "Georgia", "System", "vgaoem"] }, "sans-serif" : { "d" : "3a84298716a4bca4cb4f4d0f", "fonts" : [] } } It coincides with the intermediate results of starius , which is good. The TBB and IceWeasel prints almost coincide: IceWeasel has 1 more font available. There is a difference between the TAILS, Whonix and TBB prints on different systems, which is bad. That is, you can distinguish OSes.
Linux and fonts
Check on one of the distributions of Linux.
IceWeasel 24.7.0 @ Linux
{ "Times New Roman" : "862dd27554770f4ac8aee536", "Arial" : "2c5b29ec3f4411b8f86f3068", "Courier New" : "070dbb80d339e0ccb2347141", "Symbol" : "ddc2d84cdddd41003741fe60", "Droid Sans" : "cab2b00f609fdfcea99d68d2", "DejaVu Sans" : "6d377d1282fdaca428a56943", "serif" : { "d" : "6a41b7981b6d6caf6087bfe4", "fonts" : ["Impact", "Bookman Old Style", "Consolas", "MS Gothic", "Constantia", "Calibri", "Cambria", "Wingdings", "Webdings", "Ubuntu Mono", "Inconsolata", "Inconsolata LGC", "Source Code Pro", "Lucida Handwriting", "Georgia", "System", "vgaoem"] }, "sans-serif" : { "d" : "9963bcb1199ea5a24f06963a", "fonts" : [] } } Does not match the results of starius .
I copied several fonts from Windows, installed and observed strange things: it looks like the fonts depend on each other.
Installed Consolas. Everything has changed.
IceWeasel 24.7.0 @ Linux + Consolas
{ "Times New Roman" : "46def84b497dc4e32cdc380f", "Arial" : "b4b350af8fe265ab3458e25c", "Courier New" : "b8df5885586d3f4d442c72db", "Consolas" : "dddaf0069eb3f16516ab3ecb", "Symbol" : "ed43eba4e2a1ff897a2f89c6", "Droid Sans" : "e59f70a6030a0531f1f32240", "DejaVu Sans" : "028b7d4cf2cc37de25453de0", "serif" : { "d" : "e97cbca6063cf04ff00f4867", "fonts" : ["Impact", "Bookman Old Style", "MS Gothic", "Constantia", "Calibri", "Cambria", "Wingdings", "Webdings", "Ubuntu Mono", "Inconsolata", "Inconsolata LGC", "Source Code Pro", "Lucida Handwriting", "Georgia", "System", "vgaoem"] }, "sans-serif" : { "d" : "4f51ffbe1ef1cc3266e3cd19", "fonts" : [] } } Installed Constantia.
IceWeasel 24.7.0 @ Linux + Consolas + Constantia
{ "Times New Roman" : "46def84b497dc4e32cdc380f", "Arial" : "b4b350af8fe265ab3458e25c", "Courier New" : "b8df5885586d3f4d442c72db", "Consolas" : "dddaf0069eb3f16516ab3ecb", "Constantia" : "164bef6a78a302f7b453b555", "Symbol" : "ed43eba4e2a1ff897a2f89c6", "Droid Sans" : "e59f70a6030a0531f1f32240", "DejaVu Sans" : "028b7d4cf2cc37de25453de0", "serif" : { "d" : "e97cbca6063cf04ff00f4867", "fonts" : ["Impact", "Bookman Old Style", "MS Gothic", "Calibri", "Cambria", "Wingdings", "Webdings", "Ubuntu Mono", "Inconsolata", "Inconsolata LGC", "Source Code Pro", "Lucida Handwriting", "Georgia", "System", "vgaoem"] }, "sans-serif" : { "d" : "4f51ffbe1ef1cc3266e3cd19", "fonts" : [] } } I installed a bunch of fonts (except Times New Roman and Arial). Everything has changed, except Consolas. By some miracle, Inconsolata appeared, although I did not install it.
IceWeasel 24.7.0 @ Linux + Fonts
{ "Times New Roman" : "037992474b8ee5aa4441582b", "Arial" : "b07d2897b62ea7bf41549bfe", "Impact" : "f2aae8524e25b402319d5e11", "Courier New" : "609d743a8ec951ef2526fb46", "Bookman Old Style" : "53c1a9e42f585b83b5cec59e", "Consolas" : "dddaf0069eb3f16516ab3ecb", "MS Gothic" : "272f6635e43dfa0e06c75fb2", "Constantia" : "5a1775f2f6a78c97c0f0e1be", "Calibri" : "12682e299c0bc5a45be15f8b", "Cambria" : "1b6188f0a37c832b916ea57a", "Wingdings" : "8e8c860e3d6402cc7395e1b3", "Webdings" : "6bf64e72d44f2621b1878cf0", "Symbol" : "890aebb687ec397c53ec9909", "Droid Sans" : "42a2976bd599ee4a51e89a9d", "DejaVu Sans" : "efd4920d05ca755afa95014a", "Inconsolata" : "0d614754d96d99f5da9b858d", "serif" : { "d" : "0e48d7e01ceba457769b6a65", "fonts" : ["Ubuntu Mono", "Inconsolata LGC", "Source Code Pro", "Lucida Handwriting", "Georgia", "System", "vgaoem"] }, "sans-serif" : { "d" : "8f6c32dac2b82d34e5a16954", "fonts" : [] } } Installed Times New Roman. Everything has changed ... Inconsolata has disappeared ...
IceWeasel 24.7.0 @ Linux + Fonts + Times New Roman
{ "Times New Roman" : "1cc93820b8a55ba096c49210", "Arial" : "8ec0dbf49590e3e36e791c9f", "Impact" : "40da74b4288fb7b08c0b4524", "Courier New" : "185eefbb77239792247a60d7", "Bookman Old Style" : "ad3239f54fd2492e7291d443", "Consolas" : "e8770d7d209f02e63145cfa1", "MS Gothic" : "daaef28a5eb5ebc1f252dd98", "Constantia" : "b2f3cf465c7768970c5adaf1", "Calibri" : "d0a95ea4d0591a0846d34fdd", "Cambria" : "7c0669341bdc1a24186506c8", "Wingdings" : "20966ffc0d83cbf58f33258a", "Webdings" : "56e98312e05137ecca9593a1", "Symbol" : "a8b34f82e4198cda66833cba", "Droid Sans" : "aae7141159203f7a7a8ce672", "DejaVu Sans" : "4004c179a3fdecb0e3bdd120", "serif" : { "d" : "583e14d3bd28a2a66f7d8eda", "fonts" : ["Ubuntu Mono", "Inconsolata", "Inconsolata LGC", "Source Code Pro", "Lucida Handwriting", "Georgia", "System", "vgaoem"] }, "sans-serif" : { "d" : "7b9af04baaf04d2492fb7b23", "fonts" : [] } } Installed Arial. Only he and sans-serif have changed.
IceWeasel 24.7.0 @ Linux + Fonts + Times New Roman + Arial
{ "Times New Roman" : "1cc93820b8a55ba096c49210", "Arial" : "f13b1b10bee550cf918a68bd", "Impact" : "40da74b4288fb7b08c0b4524", "Courier New" : "185eefbb77239792247a60d7", "Bookman Old Style" : "ad3239f54fd2492e7291d443", "Consolas" : "e8770d7d209f02e63145cfa1", "MS Gothic" : "daaef28a5eb5ebc1f252dd98", "Constantia" : "b2f3cf465c7768970c5adaf1", "Calibri" : "d0a95ea4d0591a0846d34fdd", "Cambria" : "7c0669341bdc1a24186506c8", "Wingdings" : "20966ffc0d83cbf58f33258a", "Webdings" : "56e98312e05137ecca9593a1", "Symbol" : "a8b34f82e4198cda66833cba", "Droid Sans" : "aae7141159203f7a7a8ce672", "DejaVu Sans" : "4004c179a3fdecb0e3bdd120", "serif" : { "d" : "583e14d3bd28a2a66f7d8eda", "fonts" : ["Ubuntu Mono", "Inconsolata", "Inconsolata LGC", "Source Code Pro", "Lucida Handwriting", "Georgia", "System", "vgaoem"] }, "sans-serif" : { "d" : "1a5d44fe88e3b2aacc43c0c5", "fonts" : [] } } A little offtopic: in the course of this part of the study, it turned out that many fonts contain a comment with recommendations for its use. It is a pity that in text editors they are not shown on hover.
In the wild
After the publication of this article, gk from the Tor Project bug tracker prompted an interesting article.
PriVaricator: Deceiving Fingerprinters with Little White Lies. Nikiforakis N., Joosen W., Livshits B .. Several tracking scripts are mentioned in it, in particular, at least Bluecava BCAC5.js and tagv22.pkmin.js (the implementations are the same) use almost the same technique (though they extract less information on the font, they have a greater likelihood of collisions, and they are only interested in the list fonts) to create prints. A table with direct addresses of fingerprinting scripts can be found in this article .
A bit offtopic on randomization
The article proposes a way to randomize the values that can be fingerprinted, in order to prevent tracking, but we have already seen with the example of TBB how successful this randomization is. I believe that randomization for each site is useless, since it can always be bypassed. If, as suggested in the article, the random values cache is used (random values are saved and random values will be the same for this site when you restart the fingerprint printer)
- it can be bypassed again, for example, by implementing an i-frame from another domain, but belonging to the same service in the case of canvas, you can draw the same picture in another picture, the noise will be different, and it can be separated.
- it can be used as an identifier;
- It can be used for DoS attacks. In particular, the article suggests adding noise to the canvas. If this noise is cached
Using a cache that is common to all sites and changing only during a new session is one of the options. This will allow you to track sessions in pedelah, but will not allow you to create an identifier that persists between sessions.
findings
- Modification of the method does not allow extracting information about hardware, but it allows to distinguish operating systems, browsers and font sets (and with them, software, as some fonts come with software, for example Calibri, with the Microsoft Office software package), including TBB running in different environments and different versions of TBB running in the same environment.
- One of the steps that developers want to take is to use the fonts that come with TBB, but this most likely will not help, since the text is rendered differently in different systems, and depends on the browser version.
- JavaScript just needs to be disabled, or at least to disable the fonts and the most dangerous API through about: config.
Neither the one nor the other was done by default in TBB or TAILS, which leads to certain thoughts, especially considering the sources of funding for the Tor Project and the recommendation of their representatives to do
(never do that, at any moment there may be a malicious script at this address, forget about HTTPS - the CA can issue a new certificate). HTTP Public Key Pinning partially helps (against changing the CA, but nothing prevents the existing CA from reissuing the certificate), but it was not included at the time of writing this article.curl https://ooni.torproject.org/install.sh | bash
Tails are still forgivable - the footprint does not depend on the equipment, and the system is the same for everyone (with the same version and without the SWIP , of course).
Disabling features can be detected, so you need to disable them all at once. Post all ideas to the Tor Project bug tracker . Registration is not needed: there is an official multi-user account with the login cypherpunks and the password writecode. - Disabling JS does not help, because there is still CSS (advanced technology for customizing the display of elements, which allows you to even implement simple games on it without a single line of JS code! ), With which you can also extract information about the computer, but this makes it difficult to identify, because less information is available through CSS than through JS, and it is more difficult to collect and send it to the server.
Even if you close the CSS, there are other loopholes.
But this in no way means that it should not be turned off. - There is an urgent need for a standard on the behavior of anonymous browsers.
- Disabling JS is incompatible with today's web, aimed primarily at making money. Business is a business, if for profit (or the absence of changing the company's management and leaving it to cut down the forest) it is necessary to bend under the special services, register in an open or secret registry, track users, analyze their actions, and distribute malware, then this will be done.
Some sites are intentionally made non-functional without JS, on some of them (shitty and in-article, for example) it is clearly written that you cannot use the site without JS (which, however, can sometimes be circumvented).
Conclusion: we don’t have to expect the implementation of work without JS from site owners - it is not in their interests.
Additional materials
- How Unique Is Your Web Browser? Peter eckersley
- Pixel Perfect: Fingerprinting Canvas in HTML5. Keaton Mowery and Hovav Shacham
- User Tracking on the Web via Cross-Browser Fingerprinting. K. Boda, Á. M. Földes, G. Gy. Gulyás, and S. Imre
- FPDetective: Dusting the Web for Fingerprinters. G. Acar, M. Juarez, N. Nikiforakis, C. Diaz, S. Gürses, F. Piessens and B. Preneel.
- PriVaricator: Deceiving Fingerprinters with Little White Lies. Nikiforakis N., Joosen W. and Livshits B.
- Ticket on this issue
- google ("getBoundingClientRect browser fingerprinting")
- Fingerprinting defenses in the Tor Browser
- Poc
- Russian version (latest)
- fiddle
Updates
- Added links to fiddle.
- Added fingerprints for Whonyx, starius and Firefox @ android results.
- Added links to articles and section In The Wild
Source: https://habr.com/ru/post/356632/
All Articles