Researchers say HTML5 can be used to track Internet users

Researchers say HTML5 can be used to track Internet users

HTML5 may be the most popular method for creating web pages, but be careful. Thanks to its new features, it is very easy to track Internet users.

Arvind Narayanan, assistant professor of computer science at the Usenix's Enigma 2018 conference in California this week, presented how to leverage some of HTML5's advanced features (such as audio playback) to identify various browser types to understand users' preferences.

For example, different browsers Process audio files in a slightly different way, so you can determine the visitor's browser and operating system version with ulterior motives. By combining it with other details (such as battery power and WebRTC), you can generate fingerprints for a single user.

However, we know that our browsers usually display relevant operating system information when accessing a web site. However, if you use the HTML5 tracking method, you can precisely track data without relying on Javascript and cookies and only the features inherent in HTML5.

Narayanan explained: "HTML5 browsers use a single library for audio processing, but different software stacks can combine other data to generate a unique fingerprint. Similarly, both the battery and WebRTC functions have such problems. "

Narayanan and his team have been monitoring advertising tracker behavior for years. In 2014, they discovered that 100,000 of the five thousand most visited websites in the world used Canvas fingerprint recognition technology to identify and track visitors, and visitors did not know it at all.

Last year's further research found that the ad network was using session replay scripts to track users, and he named this method "steroid analysis ". Narayanan said that he and his team found an ad tracker that tracked visitor information in this way on 8000 websites, including code on the website of American pharmacy chain Walgreens, apparently, they are likely to hand over confidential medical records to advertisers in this way.

After the incident was revealed, This tracing technology was opposed by everyone, and advertisement tracking providers stopped their services. However, advertising tracing companies still track people around the Internet and find out what they are interested in, in order to provide them with targeted ads and special discounts. Narayanan is a member of the Do Not Track browser function team.

The only solution is that browser developers have taken protective measures from the very beginning to prohibit advertisers from tracking users, But browser vendors often do not want to participate.

Browser vendors tend to choose to be neutral and allow users to solve the problem on their own. But in fact, this is similar to the case where email providers do not block spam software, saying they should stay neutral.

The good news is that the Brave browser has built the anti-tracking function, and Firefox, Safari, and Chrome are also working hard.

However, the most fundamental thing is that we need to rethink the anti-tracking function, so that we do not want websites to record information. To popularize this concept, we can give a special warning like https.

Privacy is vital to society. If we can be tracked all the time, privacy will be lost if we are monitored.

* Reference Source: TheRegister, author sphister, reprinted with the source from Freebuf. COM