Different from the past, the fingerprint browser has become a cross-border tool that cross-border sellers are very familiar with. However, this "browser fingerprinting" technique is just getting started. In 2010, a study by the Electronic Frontier Foundation (EFF) found that the vast majority of web browsers allow users to leave a unique "fingerprint" that can be used to track who they are surfing the web.
1. The nature of browser fingerprinting
Browser fingerprinting captures the user's browser type, screen size and color depth, browser plug-ins, default time zone settings, fonts installed by the user, etc. as characteristic parameters to identify fingerprints. At the same time, browser fingerprints can accurately identify browsers, and the browser fingerprint recognition rate is as high as 94.2% on devices with Flash and Java installed.
Peter Eckersley's paper begins with a comprehensive description of how browser fingerprinting collects, identifies, and tracks changes, and how browser fingerprinting technology can effectively identify and identify users and track users without using storage mechanisms such as cookies.
2. Convenience and hidden dangers of browser fingerprinting
The emergence of browser fingerprinting has not only brought convenience to our lives, but also buried the hidden danger of leaking personal privacy. On the one hand, browser fingerprints can be used for identity authentication, helping Web application service providers to better identify user identities and better protect user information. Browser fingerprinting can also help web application service providers to complete and use statistical results. By analyzing the behavior habits of different users and improving user experience, advertisers can deliver more targeted advertisements to help users find what they need more accurately.
On the other hand, many researchers have begun to worry about the threat of browser fingerprinting technology to user privacy, and are also discussing the impact of browser fingerprinting technology on user privacy. For example, Nikiforakis et al. analyzed in detail the technologies and applicable scenarios provided by three browser fingerprinting companies. Obviously, if enough browsing histories of users can be collected, it is possible to accurately deduce each user's age, gender, marital status, income status, etc.
Therefore, while browser fingerprinting brings certain convenience to life, it also has hidden dangers. In fact, you don't need to use browser fingerprinting indefinitely, disable it completely, or limit the use of browser fingerprinting.
3. How to limit the use of browser fingerprinting?
The characteristic parameters obtained through browser fingerprinting include UserAgent, time zone, screen information, language setting, plug-in list installed on the browser, fonts installed on the system, geographical location, including MIMEType list, mobile device accelerator noise signal. and Gyroscope, Canvas/WebFont/WebGL implementations.
The easiest way to get a browser fingerprint is to use Fingerprintjs directly. It uses Fingerprintjs to calculate the browser's fingerprint, and then uses ajax to send the fingerprint information to the server. This allows the server to fingerprint the browser without the user's knowledge. More sophisticated methods also include traditional Trojan horse implants and virus software.
There are many ways to obtain browser fingerprints, but if you restrict the acquisition of characteristic parameters related to browser fingerprints, you can restrict the acquisition of browser fingerprints from the source, but it is still relatively difficult to implement.
First of all, some information cannot be restricted, such as the required fields in the HTTP message (User-Agent, Accept-Encoding, Accept-Charset, Host, etc.). These parameters are not enough to calculate browser fingerprints, but they are important characteristic parameters of browser fingerprints. The server needs these parameters to identify the browser and check page rendering. Browser fingerprinting also partly reflects flaws in HTTP itself.
Second, the retrieval of parameters that restrict browser capabilities requires corresponding software support. The most basic of these is browser support. Some researchers have suggested, to limit browser fingerprinting, FP detection systems. The system uses a modified Chromium browser. Browsers log calls to scripts on websites to frequently use interfaces in browser fingerprinting, such as calls to navigator.plugins. Powered by CasperJS and Selenium, the system can automatically detect whether a website is tracking user behavior using browser fingerprinting. Other ways to limit browser fingerprinting include using the Tor network, using your browser's private mode, etc.
Now, some people on the Internet have proposed methods to avoid the influence of browser fingerprinting, such as "multiple instances", "multiple browsers", "multiple virtual machines" and "dynamic user agents". These methods prevent browser fingerprinting by modifying the user-agent field. Changing the user agent field will not affect the normal use of the browser under normal circumstances, but these methods bring great inconvenience to the user, and even affect the successful retrieval of the browser fingerprint by the application. The purpose is not to limit the browser fingerprint.
The most basic solution to this problem is to design a browser like the FPDetect system to monitor and record calls to browser fingerprinting-related scripts within websites, and to ensure that websites use browser fingerprinting technology. It is to automatically detect whether you are tracking users to use sites that require browser fingerprinting and set rights management at the same time. After the user agrees, it can be added to the trust list, and the user's browser fingerprint can be corrected in time. Changed to improve security.
The bit fingerprint browser is designed and developed based on the most effective browser fingerprint collection FPDetect system. In addition to proactively maintaining browser fingerprint security, Zhanlian Fingerprint Browser has also optimized hundreds of FPDetect systems to comprehensively improve web browsing speed.
Adhering to the concept of "cloud security", we deeply integrate cross-border ecological core media, tools and traffic resources, and continue to provide one-stop services for thousands of cross-border trading companies and individual industrial and commercial households, striving for rapid creation. Accurate solutions for cross-border e-commerce operations to speed up the safety of cross-border travel.