Top websites secretly track web users using audio fingerprinting
May 23, 2016
Shah Sheikh (1294 articles)

Top websites secretly track web users using audio fingerprinting

Researchers from Princeton University have found a new technique that is used to take privacy away from internet users. In the study, the Princeton researchers carried out a privacy survey of the Alex top one million web sites, and discovered a variety of tracking and identification methods in use, including a novel tactic that uses audio signals to fingerprint machines and browsers.

In other words, the new technique is based on fingerprinting a machine’s audio stack “via the AudioContext API.” Basically, it is gathering the audio signature of the individual machine and using that as an identifier to track a web user and not collecting sound played or recorded on a machine.

The technique doesn’t need access to a device’s microphone, but rather depends on the way a signal is processed.

A third-party tracker uses the AudioContext API to send low-frequency sounds to a user’s computer and then measures how the computer processes the data, creating a unique fingerprint based on the hardware and software capabilities of the user’s computer.

“In the simplest case, a script from the company Liverail checks for the existence of an AudioContext and OscillatorNode to add a single bit of information to a broader fingerprint. More sophisticated scripts process an audio signal generated with an OscillatorNode to fingerprint the device. This technique appears conceptually similar to that of canvas fingerprinting. Audio signals processed on different machines or browsers may have slight differences due to hardware or software differences between the machines, while the same combination of machine and browser will produce the same output,” the Princeton study says.

The researchers, Assistant Professor Arvind Narayanan and graduate student Steven Englehardt, have published a test page to demonstrate what your browser’s audio fingerprint looks like.

“Using the AudioContext API to fingerprint does not collect sound played or recorded by your machine. An AudioContext fingerprint is a property of your machine’s audio stack itself,” they note on the test page.

The researchers have created a website where you can see your computer’s audio fingerprint as well as snippets of the relevant code. Further, the researchers ensure to highlight that this is not a widespread tracking tactic.

The researchers said they used a custom piece of an open-source software called OpenWPM to carry out measurements to track the trackers, which loads sites in Chrome, Firefox and Internet Explorer, gathering data on the tracking loaded on each page.

Further, based on the HTML Canvas API and WebRTC local IP discovery, another method that is widely used to track online users is fingerprinting technique.

Several websites and third-party trackers for the last few years are making use of the fingerprinting power of HTML5 Canvas, which is a HTML element used to dynamically generate an image in your browser’s web page.

For the detailed study, you can read this full PDF full here.

Source | TechWorm