Although browsing in incognito window, hiding tracks or disabling advertisements, there are some precarious websites which monitors web user’s online activities using newly identified web tracking technique known as Audio Fingerprinting. This nefarious technique is mainly working for varieties of technologies and marketing companies to promote intrusive advertisements. Rather than this, it utilizes law enforcement to unmask VPN or Anonymous users.
Audio Fingerprinting techniques is introduced by researchers from Princeton University to steal privacy and credential information of online users. Even, it has been concluded that Google with its multiple domain tracking users activities on Top 1 million domains of nearly 80% using several techniques. It is based on fingerprinting machine’s audio stack via AudioContext API. AudioContext API is not using audio played and recorded on machine but actually but accumulating audio signals to report unique browser and device combo.
For more info, visit this – http://thehackernews.com/2016/05/audio-fingerprint.html
How Audio Fingerprinting via AudioContext API works?
The process of running Audio Fingerprinting is very simple and flexible. In order to measures how computer data processed, unknown tracker uses AudioContext API to send low frequency sounds for designing a unique fingerprinting based on its hardware and software strength of the user’s computer.
Princeton researchers ran number of measurements on the home pages of the Alex top one million sites. Moreover, in order to search typical cookie tracking, the researchers discovered a small number of sites that are using the HTML5 AudioContext API to perform fingerprinting visitors. There are at least two different ways that sites are doing this fingerprinting, including one technique that produces an audio signal and then uses a script to process it. One of the simplest case is that Liverail company uses a script to checks for the presence of an AudioContext and OscillatorNode to insert a single bit of information to a broader fingerprint. This technique appears conceptually similar to that of canvas fingerprinting,” the Princeton study also says. According to the researches done on various sites, it have been concluded to have audio fingerprinting scripts running are Expedia, Hotels.com, Travelocity, and several other travel sites.
Since, Canvass fingerprinting was present on 14,371 sites with scripts loaded from 400 distinct domains. The researchers analysed canvass fingerprinting in 2014 and mention three changes since then.
“The first is the most powerful followers have usually stopped using it, suggesting that the negative public reaction after the study was effective. Second, the total number of domains that use has increased considerably, indicating that knowledge of the technique has been extended and darker trackers are less concerned about public perception. third, the use has shifted from monitoring the behavior for fraud detection, according to the norm of self-regulation the advertising industry regarding acceptable uses fingerprint. “
Fortunately, good news is that Google, Facebook and Twitter, is that the number of third-party trackers that users will encounter on a daily basis is small.
“All of the top five third parties, as well as 12 of the top 20, are Google-owned domains. In fact, Google, Facebook, and Twitter are the only third-party entities present on more than 10 percent of sites,” the researchers note.
The researchers say their data suggest that there has been a consolidation in the market for third-party tracking, which contrasts with the perception that there has been an explosion in third crawlers. And that could be good news in terms of pressuring the industry to make improvements enhance privacy.
“For 100 or more third parties that are prevalent in one percent or more of the sites, we would expect that they are large enough entities that their behavior can be regulated by the pressure of public relations and the possibility of legal action or execution “.
“A script from the company Liverail checks for the existence of an AudioContext and OscillatorNode to add a single bit of information to a broader fingerprint. More sophisticated scripts process an audio signal generated with an OscillatorNode to fingerprint the device. This technique appears conceptually similar to that of canvas fingerprinting. Audio signals processed on different machines or browsers may have slight differences due to hardware or software differences between the machines while the same combination of machine and browser will produce the same output.”