Lukas Z's Blog


There’s a post on Hacker News today about talking about user tracking without them even logging in, accepting any cookies and so forth. It’s accomplished by using a fingerprinting-technique.

Fingerprints are information about your browser that seem to be quite unique (or their combination). Thus, once you enter your information on any website that uses fingerprint tracking, you can be identified on any other website doing the same.

Anyway, there’s a page that shows how this might work:

I just wondered over coffee, if I could manipulate some or all of the values this displays using a browser-extension. Turns out it’s easy to manipulate the things that seem to be most selective when it comes to uniquness: User Agent, Browser Plugins and Fonts.

Anyway, this is just a quick hack, it removes the Flash object that gets the fonts, it spoofs the User-Agent field in the HTTP-Request and nullifies the navigator.plugins-array.

I don’t want to spend more time on it now (I must do other things), but if you like you can continue what I’ve started. Here’s the code.

P.S.: You can follow me on Twitter.