Re: [tor-talk] Audio fingerprinting

[Flipchan]

Isnt it block java? As simple as that

"mrnob...@mail-on.us"  skrev: (26 maj 2016 08:23:34 CEST)
>http://techcrunch.com/2016/05/19/audio-fingerprinting-being-used-to-track-web-users-study-finds/
>
>A wide-scale study of online trackers carried out by researchers at
>Princeton University has identified a new technique being used to try
>to
>strip web users of their privacy, as well as quantifying the ongoing
>usage of some better-known tracking techniques.
>
>The new technique unearthed by the study is based on fingerprinting a
>machine’s audio stack via the AudioContext API. So it’s not collecting
>sound played or recorded on a machine but rather harvesting the audio
>signature of the individual machine and using that as an identifier to
>track a web user.
>
>I understand that these methods are not possible without javascript,
>are
>they?
>The example provided in the webpage:
>https://audiofingerprint.openwpm.com/
>uses fingerprintjs2 library.
>
>Any thoughts?
>
>
>
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Audio fingerprinting

[Jonathan Wilkes]

> So it’s not collecting sound played or recorded on a machine but rather 
> harvesting the audio signature of the individual machine and using that as an 
> identifier to track a web user.
"Audio signature" seems a bit broad.  From what I can tell it could be doing 
about three things:1) Fingerprint the browser by looking at the antialiasing 
method its 
audiocontext implementation uses2) If the browser is branching the antialiasing 
method based on the 
machine/processor/etc., then the miner can infer that by looking at the 
output.3) Measuring the time it takes the machine to generate the output.
It's a javascript api, and if you have javascript turned on there are already 
way easier ways to get #1 and #2.  Plus I doubt #3 would ever be the 
determining factor in positively ID'ing a machine.
But it's still another bit of data.  When GCC adds a line to output a caret 
showing the exact column where an error starts, I go, "Oh, that's very nice!" 
I'm sure the folks at the other end of your request do the same.
-Jonathan
 
 


 On Friday, June 3, 2016 5:40 PM, "mrnob...@mail-on.us"  
wrote:
 

 Actually meant if some of you anon folks knew if it was possible to
perform this deanonymisation without javascript. The "fuck javascript"
part that i know :)

juan:
> On Thu, 26 May 2016 06:23:34 +
> "mrnob...@mail-on.us"  wrote:
>
>
>> uses fingerprintjs2 library.
>>
>> Any thoughts?
>     fuck javascript?
>
>


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


  
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Audio fingerprinting

[mrnob...@mail-on.us]

Actually meant if some of you anon folks knew if it was possible to
perform this deanonymisation without javascript. The "fuck javascript"
part that i know :)

juan:
> On Thu, 26 May 2016 06:23:34 +
> "mrnob...@mail-on.us"  wrote:
>
>
>> uses fingerprintjs2 library.
>>
>> Any thoughts?
>   fuck javascript?
>
>




signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Audio fingerprinting

[mrnob...@mail-on.us]

http://techcrunch.com/2016/05/19/audio-fingerprinting-being-used-to-track-web-users-study-finds/

A wide-scale study of online trackers carried out by researchers at
Princeton University has identified a new technique being used to try to
strip web users of their privacy, as well as quantifying the ongoing
usage of some better-known tracking techniques.

The new technique unearthed by the study is based on fingerprinting a
machine’s audio stack via the AudioContext API. So it’s not collecting
sound played or recorded on a machine but rather harvesting the audio
signature of the individual machine and using that as an identifier to
track a web user.

I understand that these methods are not possible without javascript, are
they?
The example provided in the webpage:
https://audiofingerprint.openwpm.com/
uses fingerprintjs2 library.

Any thoughts?


signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk