Scientists Develop New Browser Tracking Method

A team of researchers from Graz University of Technology in Austria has developed an automated system for creating browser profiles using two new side-channel attacks. These attacks allow the collection of information about the software and hardware in use, making it easier and more effective to track browsers online.

The results of the study were presented in a paper titled “JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits.” According to the researchers, this new method simplifies browser tracking, helps bypass several anti-tracking techniques, and demonstrates that privacy-focused browser extensions “leak more information than they can mask.”

Browser fingerprinting involves collecting data about a user’s browser, such as associated software and hardware, browser type, operating system, various headers, cookies, extensions, screen resolution, and more. This information can be gathered using JavaScript.

The method developed by the scientists is fairly straightforward. In the first stage, a browser profile is created based on a list of properties available from JavaScript objects. In the second stage, data is collected again from a different environment (such as an alternative browser or operating system). The two profiles are then merged into a single template, which is used to search for variations. These variations reveal environment-specific properties in Chrome, Edge, Firefox, and the mobile version of Tor, allowing identification of the operating system, processor, installed privacy plugins, and browser version.

The researchers’ findings once again highlight how difficult it is to achieve complete anonymity online, even when using the Tor browser, which is specifically designed to protect against tracking. As the experts explained, the measures implemented in Tor to mask digital fingerprints may prove ineffective when additional data is taken into account.