|
|
|
|
|
|
by trod123
595 days ago
|
|
|
Fonts are the low hanging fruit. More sophisticated servers run a whole battery of hardware fingerprinting tests. It runs deep. If the device has been powered on for a certain period of time (usually a few minutes), the voltage normalizes and you get a unique clock skew signature based on the defects of the silicon, for each enumerable device that may be available from various JS API calls, or potential zero days, adds another data point for uniqueness. Passive listenings of local network traffic headers will provide a local network topology of metadata of local proximity devices that can often be cross referenced (since cable modems often collect this info as well as other embedded devices). Its a strategy called building a bridge. You start from the device which has an associated profile, that profile only need to be unique and may only start off as an identifier (nothing else) and the endpoint and you meet somewhere in the middle, backfilling information as you go. No personal info needed upfront. CSS previous visited link decorators is another avenue for fingerprinting. It violates same-domain policy, but there was a PoF back in 2021 where you could generate picture squares identical to a captcha asking for specific picture or puzzle that was generated to be tied to the CSS decorator (thus submitting your browser history beacons to that site in its entirety). Think it was varun.ch? |
|
|