Slashdot Mirror

← Back to Stories (view on slashdot.org)

A New Use For Browser Fingerprints: Defeating Spoofing (browserprint.info)

Posted by EditorDavid on from the busted-by-behavior dept.

AnonymousCube writes: Researchers at the University of Adelaide have found a new use for browser fingerprints: uncovering and defeating spoofing by web browsers. By using machine learning on browser fingerprints they were able to correctly guess the OS or browser family of a browser 90% of the time, and defeat operating system and browser family spoofing 76% of the time. This was done with small training sets of less than 1000 fingerprints, so accuracy with a much larger training set, like the size of the EFF's Panopticlick database should give even better results; you can help prove this, and see what their site thinks your browser family and OS is, by submitting your fingerprint to their site.

3 of 64 comments (clear)

  1. Why would I want to help defeat spoofing? by scrib · · Score: 5, Interesting

    If a user has gone to the trouble of configuring a browser (or plugin) to spoof which browser they are using, why would I want to help researchers circumvent that?

    If there's a good reason to defeat an intentional user choice, I'd love to hear it.

    --
    Help! Help! I'm being repressed!
  2. Re:You built the better mouse trap. by BarbaraHudson · · Score: 4, Interesting

    Problem is, they can't produce a unique fingerprint for every user's browser. And ANY browser fingerprint can be mimicked - in the end it's just bits and bytes coming down the wire.

    So what if they know you're faking the checksum if millions of other people are faking it as well, and giving different bogus checksums for every page load. Or returning all zeroes, along with millions of other people doing the same? No need for an add-on that produces the same fingerprint as all other users of that add-on. You're overthinking the problem. What are they going to do, block users who don't let their browsers return fingerprints? We saw how well that worked with paywalls and not allowing ad-blockers. People just go elsewhere.

    It's the internet - it was designed to route around such brain-damage.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  3. Re:You built the better mouse trap. by Vairon · · Score: 4, Interesting

    By comparing the behavior of the two clients.

    When w3m requests a web page it sends the following:
    GET / HTTP/1.0
    User-Agent: w3m/0.5.3+git20161120
    Accept: text/html, text/*;q=0.5, image/*
    Accept-Encoding: gzip, compress, bzip, bzip2, deflate
    Accept-Language: en;q=1.0
    Host: www.website.com

    When lynx, with a w3m user agent, requests a web page it sends the following:
    GET / HTTP/1.0
    Host: www.website.com
    Accept: text/html, text/plain, text/css, text/sgml, */*;q=0.01
    Accept-Encoding: gzip, bzip2
    Accept-Language: en
    User-Agent: w3m/0.5.3+git20161120