Researchers use GPU fingerprinting to identify and track online users.
Short News:-
Researchers from French, Israeli, and Australian universities investigated the possibility of creating unique fingerprints for persistent web tracking. Large-scale experiment included 2,550 devices with 1,605 distinct CPU configurations. A technique dubbed 'DrawnApart' can significantly increase the median tracking duration by 67 percent. Next-generation GPU APIs may introduce additional methods for fingerprinting internet users. DrawnApart achieved 98 percent classification accuracy in just 150 milliseconds, significantly faster than the 8 seconds required to collect fingerprinting data via the WebGL API. Countermeasures to this fingerprinting method include changing attribute values and preventing parallel execution.
Detailed News:- Researchers use GPU fingerprinting to identify and track online users.
A group of researchers from French, Israeli, and Australian universities investigated the possibility of creating unique fingerprints on individuals' GPUs and using them for persistent web tracking.
The results of their large-scale experiment, which included 2,550 devices with 1,605 distinct CPU configurations, indicate that their technique, dubbed 'DrawnApart,' can significantly increase the median tracking duration by 67 percent when compared to current state-of-the-art methods.
This poses a serious threat to user privacy, which is currently protected by laws that require users to consent to the activation of website cookies.
These laws have prompted unscrupulous websites to collect additional possible fingerprinting elements such as hardware configuration, operating system, timezones, screen resolution, language, and fonts.
This unethical approach is still limited, as these elements change frequently and, even when stable, can only classify users roughly, rather than creating a unique fingerprint.
Identical GPUs printed with identical fingers
The researchers considered the possibility of creating unique fingerprints for tracked systems using WebGL and the GPU (graphics processing unit) of the tracked systems (Web Graphics Library).
WebGL is a cross-platform API for rendering three-dimensional graphics in the browser that is included in all modern web browsers.
The DrawnApart tracking system can use this library to count the number and speed of execution units on the GPU, determine the time required to complete vertex renders, and handle stall functions, among other things.
DrawnApart overcomes the difficulty of having random execution units handle computations by executing short GLSL programs as part of the vertex shader on the target GPU. As a result, workload distribution is predictable and consistent.
The team developed both an on-screen measurement method that performs a limited number of computationally intensive operations and an off-screen measurement method that subjects the GPU to a longer and less intensive test.
This process generates traces comprised of 176 measurements taken from 16 points that serve as the basis for the creation of a fingerprint. Even visual inspection of the individual raw traces reveals differences and distinct timing variations between devices.
The researchers also experimented with swapping out other hardware components on the machines to determine whether the traces remained distinguishable, and discovered that the fingerprints were entirely dependent on the GPU.
Even if a set of integrated circuits is manufactured identically, has the same nominal computational power, the number of processing units, and identical cores and architecture, each circuit is slightly different due to manufacturing variability.
While these distinctions are imperceptible in normal day-to-day operations, they can become useful when used in conjunction with a sophisticated tracking system such as DrawnApart, which is specifically designed to highlight functional aspects that highlight them.
Consequences and considerations
When combined with state-of-the-art tracking algorithms, DrawnApart increases the median tracking duration of a targeted user by 67 percent.
As illustrated in the following diagram, the standalone tracking algorithm can achieve an average tracking time of 17.5 days, but this can be increased to 28 days with the help of GPU fingerprinting.
This assessment was made under the assumption that the GPU's operating temperature range is between 26.4 and 37 degrees Celsius, with no voltage variations.
Apart from these conditions, DrawnApart is unaffected by workload variations, GPU payloads from other web browser tabs, system restarts, and other runtime changes.
The next-generation GPU APIs, most notably WebGPU, include computing shaders in addition to the existing graphics pipeline.
As such, the upcoming API may introduce additional methods for fingerprinting internet users, as well as being significantly faster and more accurate.
When the researchers evaluated compute shaders in the defunct WebGL 2.0 standard, they discovered that DrawnApart achieved 98 percent classification accuracy in just 150 milliseconds, significantly faster than the 8 seconds required to collect fingerprinting data via the WebGL API.
"We believe that once the WebGPU API becomes generally available, a similar method can be found. Before accelerated compute APIs are enabled globally, their impact on user privacy should be considered "This brings the research paper to a close.
Countermeasures to this fingerprinting method include changing attribute values, preventing parallel execution, script blocking, API blocking, and preventing time measurement.
Khronos Group, the developer of the WebGL API, has received the researchers' disclosure and formed a technical study group to discuss possible solutions with browser vendors and other stakeholders.
Post a Comment
Your suggestions and comments are welcome