Device fingerprint
Encyclopedia
A device fingerprint is a compact summary of software
and hardware
settings collected from a remote computing device.
Basic web browser
configuration information has long been collected by web analytics
services in an effort to accurately measure real human web traffic
and discount various forms of click fraud
. With the assistance of client-side scripting
languages, collection of much more esoteric parameters is possible. Assimilation of such information into a single string comprises a device fingerprint.
Recently such fingerprints have proven useful in the detection and prevention of online identity theft
and credit card fraud
.
. In the "ideal" case, all web client machines would have a different fingerprint value (diversity), and that value would never change (stability). Under those assumptions, it would be possible to uniquely distinguish between all machines on a network, without the explicit consent of the users themselves.
In practice neither diversity nor stability is fully attainable, and improving one has a tendency to adversely impact the other.
Passive fingerprinting occurs without obvious querying of the client machine. These methods rely upon precise classification of such factors as the client's TCP/IP configuration, OS fingerprint, IEEE 802.11
(wireless) settings, and hardware clock skew
.
Active fingerprinting assumes the client will tolerate some degree of invasive querying. The most active method is installation of executable code directly on the client machine. Such code may have access to attributes not typically available by other means, such as the MAC address
, or other unique serial number
s assigned to the machine hardware. Such data is useful for fingerprinting by programs that employ Digital Rights Management
. A drawback is that installed software is an easy target for tampering
.
layers.
In normal operation, various network protocols transmit or broadcast packets or headers from which one may infer client configuration parameters. Sorted by layer, some examples of such protocols are:
software) relies on the availability of JavaScript
or similar client-side scripting
language for the harvesting of a suitably large number of parameters. Two classes of users with limited client-side scripting are those with mobile devices and those running privacy software
.
A separate issue is that a single device may have multiple web clients installed, or even multiple virtual operating systems. As each distinct client and OS has distinct internal parameters, one may change the device fingerprint by simply running a different browser on the same machine.
. Computer security
experts may consider the ease of bulk parameter extraction to be a browser security hole.
Computer software
Computer software, or just software, is a collection of computer programs and related data that provide the instructions for telling a computer what to do and how to do it....
and hardware
Computer hardware
Personal computer hardware are component devices which are typically installed into or peripheral to a computer case to create a personal computer upon which system software is installed including a firmware interface such as a BIOS and an operating system which supports application software that...
settings collected from a remote computing device.
Basic web browser
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
configuration information has long been collected by web analytics
Web analytics
Web analytics is the measurement, collection, analysis and reporting of internet data for purposes of understanding and optimizing web usage....
services in an effort to accurately measure real human web traffic
Web traffic
Web traffic is the amount of data sent and received by visitors to a web site. It is a large portion of Internet traffic. This is determined by the number of visitors and the number of pages they visit...
and discount various forms of click fraud
Click fraud
Click fraud is a type of Internet crime that occurs in pay per click online advertising when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target...
. With the assistance of client-side scripting
Client-side scripting
Client-side scripting generally refers to the class of computer programs on the web that are executed client-side, by the user's web browser, instead of server-side...
languages, collection of much more esoteric parameters is possible. Assimilation of such information into a single string comprises a device fingerprint.
Recently such fingerprints have proven useful in the detection and prevention of online identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
and credit card fraud
Credit card fraud
Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also...
.
Essentials
Motivation for the device fingerprint concept stems from the forensic value of human fingerprintsFingerprint
A fingerprint in its narrow sense is an impression left by the friction ridges of a human finger. In a wider use of the term, fingerprints are the traces of an impression from the friction ridges of any part of a human hand. A print from the foot can also leave an impression of friction ridges...
. In the "ideal" case, all web client machines would have a different fingerprint value (diversity), and that value would never change (stability). Under those assumptions, it would be possible to uniquely distinguish between all machines on a network, without the explicit consent of the users themselves.
In practice neither diversity nor stability is fully attainable, and improving one has a tendency to adversely impact the other.
- Diversity requires that no two machines have the same fingerprint. However, large numbers of machines are likely to have exactly the same configuration data and thus the same fingerprint. This is particularly true in the case of factory installed operating systemOperating systemAn operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s. One remedy is to use a scripting language to harvest a large numbers of parameters from the client machine; however, this is likely to reduce stability, as there are more parameters that may change over time.
- Stability requires that fingerprints remain the same over time. However, by definition browser configuration preferences are not tamper proof. For example, if one measured attribute is whether the browser has cookiesHTTP cookieA cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site...
on or off, then a simple change of that setting is sufficient to change the fingerprint. One remedy is to reduce the number of parameters collected to only those that are very unlikely to change; however, this is likely to reduce diversity, as fewer parameters are being measured.
Active vs passive collection
Fingerprinting methods range from passive to active.Passive fingerprinting occurs without obvious querying of the client machine. These methods rely upon precise classification of such factors as the client's TCP/IP configuration, OS fingerprint, IEEE 802.11
IEEE 802.11
IEEE 802.11 is a set of standards for implementing wireless local area network computer communication in the 2.4, 3.6 and 5 GHz frequency bands. They are created and maintained by the IEEE LAN/MAN Standards Committee . The base version of the standard IEEE 802.11-2007 has had subsequent...
(wireless) settings, and hardware clock skew
Clock skew
-In circuit design:In circuit designs, clock skew is a phenomenon in synchronous circuits in which the clock signal arrives at different components at different times...
.
Active fingerprinting assumes the client will tolerate some degree of invasive querying. The most active method is installation of executable code directly on the client machine. Such code may have access to attributes not typically available by other means, such as the MAC address
MAC address
A Media Access Control address is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet...
, or other unique serial number
Serial number
A serial number is a unique number assigned for identification which varies from its successor or predecessor by a fixed discrete integer value...
s assigned to the machine hardware. Such data is useful for fingerprinting by programs that employ Digital Rights Management
Digital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...
. A drawback is that installed software is an easy target for tampering
Software cracking
Software cracking is the modification of software to remove or disable features which are considered undesirable by the person cracking the software, usually related to protection methods: copy protection, trial/demo version, serial number, hardware key, date checks, CD check or software annoyances...
.
OSI model fingerprints
Passive collection of device attributes below the web-browser layer may occur at several OSI modelOSI model
The Open Systems Interconnection model is a product of the Open Systems Interconnection effort at the International Organization for Standardization. It is a prescription of characterizing and standardizing the functions of a communications system in terms of abstraction layers. Similar...
layers.
In normal operation, various network protocols transmit or broadcast packets or headers from which one may infer client configuration parameters. Sorted by layer, some examples of such protocols are:
- OSI Layer 7: FTP, HTTP, TelnetTELNETTelnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection...
, TLS/SSLTransport Layer SecurityTransport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
, DHCP - OSI Layer 5: SNMPSimple Network Management ProtocolSimple Network Management Protocol is an "Internet-standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more." It is used mostly in network management systems to monitor...
, NetBIOSNetBIOSNetBIOS is an acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. As strictly an API, NetBIOS is not a networking protocol... - OSI Layer 4: TCPTransmission Control ProtocolThe Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
- OSI Layer 3: IPv4IPv4Internet Protocol version 4 is the fourth revision in the development of the Internet Protocol and the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet...
, IPv6IPv6Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
, ICMPInternet Control Message ProtocolThe Internet Control Message Protocol is one of the core protocols of the Internet Protocol Suite. It is chiefly used by the operating systems of networked computers to send error messages indicating, for example, that a requested service is not available or that a host or router could not be...
, IEEE 802.11IEEE 802.11IEEE 802.11 is a set of standards for implementing wireless local area network computer communication in the 2.4, 3.6 and 5 GHz frequency bands. They are created and maintained by the IEEE LAN/MAN Standards Committee . The base version of the standard IEEE 802.11-2007 has had subsequent... - OSI Layer 2: SMBServer Message BlockIn computer networking, Server Message Block , also known as Common Internet File System operates as an application-layer network protocol mainly used to provide shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network. It also provides an...
, CDPCisco Discovery ProtocolThe Cisco Discovery Protocol is a proprietary Data Link Layer network protocol developed by Cisco Systems. It is used to share information about other directly connected Cisco equipment, such as the operating system version and IP address...
Limitations
Collection of device fingerprints from web clients (browserWeb browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
software) relies on the availability of JavaScript
JavaScript
JavaScript is a prototype-based scripting language that is dynamic, weakly typed and has first-class functions. It is a multi-paradigm language, supporting object-oriented, imperative, and functional programming styles....
or similar client-side scripting
Client-side scripting
Client-side scripting generally refers to the class of computer programs on the web that are executed client-side, by the user's web browser, instead of server-side...
language for the harvesting of a suitably large number of parameters. Two classes of users with limited client-side scripting are those with mobile devices and those running privacy software
Privacy software
Privacy software is software built to protect the privacy of its users. The software typically works in conjunction with Internet usage to control or limit the amount of information made available to third-parties. The software can apply encryption or filtering of various kinds.Privacy software can...
.
A separate issue is that a single device may have multiple web clients installed, or even multiple virtual operating systems. As each distinct client and OS has distinct internal parameters, one may change the device fingerprint by simply running a different browser on the same machine.
Criticisms
Consumers and their advocacy groups may consider covert tracking of users to be a violation of user privacyConsumer privacy
Consumer privacy laws and regulations seek to protect any individual from loss of privacy due to failures or limitations of corporate customer privacy measures...
. Computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
experts may consider the ease of bulk parameter extraction to be a browser security hole.
External links
- Panopticlick, by the Electronic Frontier FoundationElectronic Frontier FoundationThe Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
, gathers some elements of your browser's device fingerprint and estimates how identifiable it makes you - Julia Angwin, Jennifer Valentino-DeVries: Race Is On to 'Fingerprint' Phones, PCs The Wall Street Journal, 29 November 2010
- webFingerprint, online browser fingerprinting test (german)