Browser Fingerprinting in Action

Posted on April 28, 2020•2 min read

The basis of online tracking is the accurate identification of users – you are detected and identified even when you’re just passing through a random website that you are not signed in to. The conventional solution to implement identification and tracking is saving web cookies to the user’s browser.

However, major browsers have already started to take action against this practice. Safari blocks third party cookies by default since 2017, Firefox also does this since 2019, and Chrome plans to join them, too.

As cookie-based tracking becomes more difficult, the tracking business is moving toward different techniques such as browser fingerprinting browser fingerprinting.

Browser fingerprinting uncovered

The idea behind browser fingerprinting is to collect information about the browser and its environment for the purpose of identification. These attributes include:

browser type and version
operating system
language, time zone
active plugins
installed fonts
screen resolution
CPU class
device memory
and various other settings

The attributes are concatenated into a long string, and the fingerprint is defined as a hash value of the string.

In order to catch real-life browser fingerprinting in action, I’ve analyzed some websites and tried to present reproducible experiments (to some degree – keep in mind that browser fingerprinting can be browser or location-dependent, or it can be turned on only for a random subset of IP addresses).

You can read the complete review of the experiment on TechTalks.

MLSEC 2021 Anti-phishing Evasion Track: Task, Results, and Winning Solutions

By Gabor Takacs

Artificial Intelligence Cybersecurity

January 29, 2021August 27, 2023•8 min read

Building an Advanced Fingerprinting Detector AI

By Gabor Takacs

Artificial Intelligence Privacy

June 29, 2020August 27, 2023•8 min read

Building a Browser Fingerprinting Detector AI

By Gabor Takacs

Artificial Intelligence

Cookie	Duration	Description
cli_user_preference	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
cookielawinfo-checkbox-advertisement	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie records the default button state of the corresponding category & the status of CCPA.
cujo_cerber_*	1 day	These cookies are set by your website's security and anti-spam plugin. Used to provide protection against hackers, provide technical functions.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__Secure-*	6 months	These cookies are set by Google to enable YouTube embedded videos and are used to detect spam, fraud, and abuse to help ensure advertisers are not incorrectly charged for fraudulent or otherwise invalid impressions or interactions with ads, and that YouTube creators in the YouTube Partner Program are remunerated fairly. More information about Google's cookies: https://policies.google.com/technologies/cookies/embedded
AEC	6 months	This cookie is set by Google to enable embedded YouTube videos. The cookie is used to detect spam, fraud, and abuse to help ensure advertisers are not incorrectly charged for fraudulent or otherwise invalid impressions or interactions with ads, and that YouTube creators in the YouTube Partner Program are remunerated fairly. More information about Google's cookies: https://policies.google.com/technologies/cookies/embedded
CONSENT	13 months	These cookies are set by Google to enable embedded YouTube videos. The cookie is used to save information about how the visitor uses the web site. More information about Google's cookies: https://policies.google.com/technologies/cookies/embedded
DV	10 minutes	These cookies are set by Google to enable embedded YouTube videos. The cookie stores the visitor's preferences and other information, including their chosen language, the number of search results shown on a page, as well as the choice of whether the filter Google SafeSearch should be activated or not. More information about Google's cookies: https://policies.google.com/technologies/cookies/embedded
SOCS	13 months	Cookie set by Google used to play embedded YouTube videos. Records the user's cookies choice. More information about Google's cookies: https://policies.google.com/technologies/cookies/embedded
Wp-Settings-*	6 months	Cookie set by WordPress used to store user preferences.

Cookie	Duration	Description
AnalyticsSyncHistory	30 days	A non-necessary cookie used to store information about the time a sync took place. Provider: LinkedIn More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
bcookie	1 year	Browser Identifier cookie to uniquely identify devices. Provider: LinkedIn More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
bscookie	1 year	Used to store logged in users verified by two factor authentication and previously logged in on LinkedIn. Provider: LinkedIn More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
JSESSIONID	session	Cookie set by LinkedIn used for Cross Site Request Forgery (CSRF) protection and URL signature validation. More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
lang	session	Cookie set by LinkedIn used to remember a user's language setting. More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
li_alerts	1 year	Cookie set by LinkedIn used to track impressions of LinkedIn alerts, such as the Cookie Banner and to implement cool off periods for display of alerts. More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
li_gc	6 months	Cookie set by LinkedIn used to store consent of guests regarding the use of cookies for non-essential purpose. More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
li_sugr	3 months	Cookie set by LinkedIn used to make a probabilistic match of a user's identity. More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
lidc	24 hours	Cookie set by LinkedIn used to facilitate data center selection More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table
UserMatchHistory	1 month	Used to provide ad delivery or ad retargeting, syncs the LinkedIn Ads ID. Provider: LinkedIn. More information about LinkedIn's cookies: https://www.linkedin.com/legal/l/cookie-table

Browser Fingerprinting in Action

Browser fingerprinting uncovered

How I Failed Twice… and Finally Passed the Offensive Security OSED 72-hour Exam (EXP-301)

DEF CON Quals CTF 2021: the CHSH Game, Entangled qubits, and Decrypting the Flag

DNS Hijacking Attacks on Home Routers in Brazil

Other posts by Gabor Takacs

MLSEC 2021 Anti-phishing Evasion Track: Task, Results, and Winning Solutions

Building an Advanced Fingerprinting Detector AI

Building a Browser Fingerprinting Detector AI

Solutions

Platform

Company

Press

Browser fingerprinting uncovered

More like this

Subscribe to the CUJO AI newsletter

Other posts by Gabor Takacs

Subscribe to the
CUJO AI newsletter