[PLUG] [PLUG-TALK] How do web servers identify visitor devices?
Ted Mittelstaedt
tedm at portlandia-it.com
Sun Feb 26 18:21:21 UTC 2023
Why is this even necessary to look at nonsense like the plugins, both HP, Dell, and Lenovo computers make their motherboard serial numbers available via BIOS calls and those serial numbers are unique. Hard disks also have unique serial numbers and of course the LAN MAC addresses and Bluetooth BD_ADDR are unique. The machine's ARP cache is not protected either so if they really want to fingerprint they can look at the netmask in use, setup a loop and ping every IP in the network then pull all the MAC addresses out of the ARP cache and then if they really want to get clever they can match the MACs and see if any other machines on the local network that they have fingerprints for are online.
The entire hoo-ha over Intel putting serial numbers in it's CPUs a few years back was complete baloney, a red herring to distract the masses.
The clearcode article is just barely scraping the surface and what they say is being collected sounds like amateur hour.
Ted
-----Original Message-----
From: PLUG [mailto:plug-bounces at lists.pdxlinux.org] On Behalf Of Michael Rasmussen
Sent: Saturday, February 25, 2023 10:46 AM
To: Portland Linux/Unix Group <plug at pdxlinux.org>
Subject: Re: [PLUG] [PLUG-TALK] How do web servers identify visitor devices?
Fingerprint computes avail themselfs to a variety of items that, taken together, come close to uniquely identifing your computer.
From:
https://clearcode.cc/blog/device-fingerprinting/#What-information-is-collected-to-create-a-device-fingerprint
They list:
* IP address
* HTTP request headers
* User agent string
* Installed plugins
* Client time zone
* Information about the client device: screen resolution, touch support, operating system and language
* Flash data provided by a Flash plugin
* List of installed fonts
* Silverlight data
* List of mime-types
For more information you can check out the description of it on
Wikipedia:
https://en.wikipedia.org/wiki/Device_fingerprint
* Timestamp
*
--
Michael Rasmussen
Be Appropriate && Follow Your Curiosity
More information about the PLUG
mailing list