New Online Fingerprinting Threats

by Adam Gill

Online companies will never stop looking for ways to track Internet users because each one is a potential shopper that they can feed ads to and make a few bucks. Most netizens are fully aware of cookies and the other usual trackers, and there are a slew of browser plugins and extensions that can block them. Advertisers have therefore developed two new ways of tracking users so that they can identify them even as they try to move around the Web undetected. We are looking at battery fingerprinting and audio fingerprinting, which move away from browsers to your computer’s unique system to differentiate it from other computers.

Battery Fingerprinting

Battery fingerprinting uses the battery status API that came with HTML5 to take note of the percentage of battery remaining on a user’s computer or other device when he or she visits a website. This feature allows websites to follow users as they browse the web by following the logs of remaining power in their batteries. This technique just uses a simple third-party script to find the pattern created by discharging rate and charging rate as well as battery levels. Website visits to different sites can also be tracked this way because the battery usage rates leave a distinct trail.

We find this tracking method mind-blowing because it is genius and just shows how hungry companies are for user data. Even though we know that they really need our data to survive, we would never have imagined the development of a tracking method that involved monitoring people’s battery levels. The API was certainly not added when HTML5 came out so that marketers could benefit, but genius coders found a way to leverage it for tracking. Our Internet-enabled devices today are so diverse, each model having different behaviors because of the different software components and user habits that they use up battery at strikingly different rates. This little factoid that no one outside of a computer lab would ever pay attention to is now being taken advantage of on a large scale to boost advertising profits.

AudioContext Fingerprinting

AudioContext fingerprinting is a type of audio fingerprinting that uses the API of the JavaScript AudioContext to find a user’s distinct trail. Instead of listening to the sound produced by a device and a browser, which can be used by hundreds of people at least, AudioContext fingerprinting listens to the sounds made by the machine, which is unique because of its components.

Our computers, tablets and smartphones are so different from each other because of the varied hardware components that go into each model, even from the same manufacturer. This makes each device emit a unique sound, made even more unique by the different software that is installed on them. These audio signals are what are recorded and tracked from the machine’s audio stack to identify users by the device that they are using. AudioContext fingerprinting is fairly new, but it is coming into widespread use as other tracking methods become more commonly blocked by users.

We do not have a test for checking a device’s battery fingerprint, but there is an audio fingerprint test on This test was developed by the Web Privacy Measurement (OpenWPM) researchers from Princeton Web Transparency Research who analyzed AudioContext fingerprinting.

Closing In

Online companies that rely on advertising to continue operations are using a combination of clever and original tracking methods to make sure that we consumers do not get away from them. When we load up more than one browser plugin and run privacy tools that work against trackers, they just have to work harder to succeed. Even the most privacy-conscious of us cannot defeat them easily when they are running multiple trackers on us.

Popular ad blockers Ghostery, and EasyPrivacy and EasyList working together have been studied and have shown a combined success rate of 85% when it comes to blocking canvas fingerprinting and its offshoot canvas font fingerprinting. These tools, however, are only blocking less than 25% of the scripts that are used by websites to track users. We hope that these tools will soon catch as these new methods become more popular so that they can be blocked as well.

We believe that a person’s device and how he or she uses it is a private matter, and so no one should be allowed to create these tracking methods that pick up on unique signals so they can stalk these people. But it is happening right under our noses, and all we can do about it at this time is find ways to get them off our trails. We use ad blockers to stop them from tracking us, and we believe that this sends advertisers a very clear message. The websites that we visit, however, do not care that we are rejecting their attempts to monitor our browsing habits. They don’t want to ask permission because they know that many of us would opt out of being tracked. They have therefore decided to keep going about it in a very sneaky way, and we just have to keep vigilant and apply updated blocking techniques.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: