Exposed information includes the underlying operating system, CPU architecture, information about privacy-enhancing plugins, and the exact browser version being used.
Used in conjunction with two new side-channel exploits, an attacker to gain even more information.
The tool reveals information sets similar to those exposed by the Electronic Frontier Foundation’s Panopticlick tool, Michael Schwarz tells The Daily Swig, but with some additions – certain privacy extensions, for example, can be found automatically rather than manually.
The two new side-channel attacks detect the instruction-set architecture and the memory allocator being used. These differences can then be used to deduce further information about the system, software, and hardware.
“As a result, we cannot only ease the creation of fingerprints, but we gain the advantage of having a more precise picture for targeted exploitation,” the researchers write.
“If a property of such a template stays the same on one system but differs on a different system, we found an environment-dependent property,” they explain.
The exploit was effective with Firefox, Chrome, Edge, and Tor for mobile.
“For major browsers, it is often more important to provide functionality and convenience rather than privacy,” says Schwarz, who is calling on browser makers to take the findings into account.
As the authors point out, their findings have implications not only for criminals but also for whistleblowers and activists who may have less protection than they believe.
“Luckily, there are extensions for privacy-concerned users which can help prevent fingerprinting to a certain degree,” says Schwarz.
The open source tool can be found on GitHub.