Researchers from universities in Australia, France and Israel have teamed up to delve deeper into an important point of online surveillance: the hardware component. Because not only digital IDs reveal details about you to providers, but also certain markers of your graphics card. That makes it easier for them online tracking via the browser you are using.
Online tracking thanks to hardware
The association carried out an extensive crowd-sourcing experiment. To date, around 2,250 devices with a total of 1,605 different GPU configurations have taken part. Using this sample, the team demonstrated a method they call DrawnApart. This is a GPU fingerprinting method. That means: The scientists identify devices and consequently people based on the unique properties of their GPU stacks. This can be used for online tracking, for example.
Compared to the most modern methods, this process is said to increase the tracking time by up to 67 percent.
In concrete terms, DrawnApart runs graphic calculations via the WebGL graphic interface, which is common in various browsers. The software logs a number of parameters that are used to identify the respective hardware. With the demonstrated effectiveness, the team emphasizes one thing above all: If you use common browsers, your data protection settings are more or less superfluous.
Disable WebGL
The international research association recommends using safer alternatives. For example, filter lists would block resources that pose a threat to your privacy. However, the authors’ experiment shows that these lists are not complete either. To block DrawnApart, “the graphics stack could map each website to a single EU [Execution Unit; dt.: Ausführungseinheit] limit or turn off hardware-accelerated rendering altogether”. However, the user-friendliness would suffer massively as a result.
A realistic way to avoid online tracking is to disable the WebGL API in browsers. It is currently only used on a small percentage of websites. Khronos, the organization responsible for WebGL, is working on a possible workaround.
This works in Google Chrome as follows:
- Type chrome://flags/ into your browser’s address bar.
- Search for “WebGL”.
- Change the status of the corresponding entry to “Disabled”.
“Privacy is Dignity”
“Privacy is dignity. It’s a human right. When browsing the Internet, the right to privacy should prevent websites from tracking users’ browsing activities without their consent. This is especially true for cross-site tracking, where website operators work together to create surfing profiles across multiple websites over extended periods of time.”
T. Laor et al. (via arXiv.org)
Source: “DRAWNAPART: A Device Identification Technique based on Remote GPU Fingerprinting” (2022, arXiv)