While the internet world still suffers from the files we call ‘cookies’, which allow us to be tracked on the internet all the time, a much more serious threat has emerged today. A new study by researchers from the French National Center for Scientific Research, Ben-Gurion University and the University of Lille has revealed that you can be tracked on the Internet even with just your video card.
According to the research published on January 24, thanks to this method called ‘DrawnApart’, your permission on the internet becomes constantly traceable, especially by ‘less rigorous websites’ that set aside existing privacy protections such as cookie permission. The technique detects minor differences in the behavior of your video card and uniquely identifies these differences on the internet.
You can be followed without realizing anything:
The technique in question works not only by tracking the video card and other hardware used by the PC, but also by focusing on the specific features of a particular video card. Researchers can do this by utilizing statistical speed variations of individual execution units on the graphics card to uniquely identify the entire system.
To do this, it basically requires one thing: using WebGL to target the graphics card’s shaders. The result vector, called the ‘track’, reveals a set of timing metrics that the team created. The differences in this measurement enable the identification of video cards in different systems even if they are the same brand and model, and in a way, fingerprints are taken. So much so that with this method, the researchers were able to track individual video cards with an accuracy of 67%.
So what does this mean?
“So what does it mean for this method to be discovered and still working with 67% accuracy in its current form?” If you say so, it would be useful to explain it simply: A user will always be traceable on the internet without any modifications to the requested permissions, without any changes to the runtime assumptions of their browser. The researchers also noted that the new method raises new concerns about privacy.
On the other hand, they listed the measures that can be taken to overcome this potential danger as follows:
- Since the method depends on WebGL, disabling WebGL also disables the method. But this solution spoils the user’s experience on many websites.
- The notorious Tor browser allows WebGL to run in ‘minimum compatibility mode’. This mod makes the ANGLE_instanced_arrays API that the DrawnApart method takes advantage of unavailable.
- The most basic solution is left to the developers of the browsers: blocking parallel execution, sending specifiers and timing measurements.
