Song-Li
commented
7 years ago Thank you for your attention. Actually, we can fingerprint different device with the same model, but not all of them. The details are in the published paper, I'll briefly explain the reason here.
Let's imagine a situation. I bought two devices at the same time. Does it possible to fingerprint them? I have to give a negative answer. What we can do is, when different users use their devices, they installed some Softwares, these softwares can bring some fonts and can be detected by us. They may also have different versions of drivers, which may lead to a different result of WebGL rendering result. These features can help us fingerprint the devices.
For example, in a Windows 7 device, if you install IE 11 and related frameworks (an update provided by Microsoft), in firefox version 53, we will detect 5 more fonts, the emoji test, canvas test, WebGL test are also different. In firefox version 38, the anti-aliasing related tests are different. These features can be used to fingerprint the device.
For single browser fingerprinting, we can use plugins, agent string and so on to fingerprint. But for cross-browser fingerprinting, we can only use system fonts, GPU rendering results, time zone, the number of CPU cores, installed languages etc. These features can provide a relatively high entropy.
In fact, by our test, we can have a more than 80% accuracy for cross-browser fingerprinting. Why currently we can't have this number in this project? Many reasons. In one word, I don't have time to make this project better.
Currently, I just implemented the very basic functions. Like the data collection, basic simple font mask, simple screen resolution detection and so on. There are many other works to do.
Like fonts, the detected fonts are not 100% accurate, we used another project from github to do this job, but the result is not perfect. The fonts are the combination of Web fonts, browser fonts and system fonts. We need a mask to get the fonts from the OS and get rid of other fonts. We have enough data but I don't have time to generate the proper mask.
Like WebGL result, for different browser pairs, we need to use different tests. Some versions of browsers provide anti-aliasing, some browsers use OpenGL or DriectX anti-aliasing, some browsers use both of them. Different browsers also have different algorithms to do canvas.toDataURL(), to do JPEG texture compressing. We need a lot of work to make them better. For research, I can analyze the data in a perfect way, but for a project.... Oh my god....
Like how to detect the number of CPU cores? How to detect the real screen resolution? A lot of work to do. If I have the collected data and want the fingerprinting accuracy, I can get a good result. But for a project used by the public, currently, I don't have enough time...
Actually, I should replace all the "We" to "I", because I'm the only programmer for this project, I'm a Master student and will be a Ph.D. student. I have another research project also related to browser fingerprinting in progress. This summer, I'll try to do more things about this project, hopefully, I can have a better result.
Thank you again.
mcun0s
nebi-frame
First of all, thanks for share awesome application. This is so useful for our project and we expected to be recognize all of devices.
I expected the fingerprint to be unique on all of devices, but it's not. I have a Macbook and iPhone5S and my co-worker has same thing with me. So, I was trying to get fingerprint using both of same devices. The result is that the fingerprints are same.
I believe the UniqueMachine can recognize model of device. But it seems like can't recognize each devices. I understand the installed languages and fonts can be different on each devices, but I don't believe those factors can make unique fingerprint. Because so many people are using same device model and they can use default setting.
I want to get unique fingerprint even somebody have same device model. If we can't get unique fingerprint on all of devices, I think it's similar with the user agent.
Do you have any good idea on this?