Dictionary

Cross-Browser Fingerprinting

What Is Cross-Browser Fingerprinting?

Cross-browser fingerprinting is a means of identifying a user without relying on their browser – for instance, because they use multiple browsers on their device. It blends techniques of browser fingerprinting and device fingerprinting, using a wealth of data points to be able to pinpoint a returning user across two or more browsers.

That person can thus be tracked, making cross-browser fingerprinting particularly interesting to risk mitigation, fraud prevention and anti-money laundering, as well as marketing, lead generation and adjacent pursuits.

Cross-browser fingerprinting occupies the space between cross-device tracking and traditional device fingerprinting. It is considered to be a 2.5-generation technique – a hybrid approach that delivers results by studying data points linked to both software and hardware such as user agent, graphics card, CPU virtual cores, AudioContext, etc.

Who Invented Cross-Browser Fingerprinting?

Four Hungarian researchers – Boda, Földes, Gulyás and Imre – are credited with first highlighting the potential of cross-browser fingerprinting when they presented their “User Tracking on the Web via Cross-Browser Fingerprinting” paper in NordSec 2011: Information Security Technology for Applications.

The team of researchers experimented with using a range of data points to identify web users across multiple browsers, achieving a success rate of 84.64%. This work was expanded upon in 2017 by Yinzhi Cao, Song Li and Erik Wijmans, who presented an enhanced reliable cross-browser fingerprinting technique.

By setting specific parameters and extracting features from the rendering, the team was able to identify up to 99.24% of users. Their cross-browser stability rate was 91.44%.

Leverage Potent Device Fingerprinting

Learn to leverage this key fraud prevention technique and discover how it protects businesses like yours globally.

Read More

How Does Cross-Browser Fingerprinting Work?

Cross-browser fingerprinting works by logging a range of data points to build a picture of a user’s identity. Much as canvas fingerprinting identifies website users via their HTML5 canvas setup, cross-browser fingerprinting takes dozens of data points and uses them to create a unique picture of a user – which means they can be identified across multiple browsers.

The end goal is to ensure those attempting multi-accounting, money laundering and other fraud cannot fool the system merely by using different browsers or browser profiles.

What Does Cross-Browser Fingerprinting Track?

Boda, Földes, Gulyás and Imre focused on the IP address as a main feature, also examining variables such as:

  • time zone
  • screen resolution
  • installed fonts
  • user agent

Cao’s team wrote a JavaScript code that prompted the browser to render more than 20 WebGL tasks, collecting data points including:

  • user agent
  • AudioContext
  • CPU virtual cores
  • do not track headers
  • graphics cards

Today, techniques that track users across different browsers can look at the above but also go beyond, examining and enriching data from even more sources and focusing more on cross-device fingerprinting rather than cross-browser fingerprinting. For example, digital footprint analysis techniques are able to identify users regardless of device, using someone’s public online activity as an identifier.

How Does Cross-Browser Fingerprinting Help Fight Fraud?

Cross-browser fingerprinting is a powerful weapon in the battle to fraud detection because it can help identify users even when they work across multiple browsers in an attempt to evade detection.

Browser fingerprinting uses data points such as browser type/version, language, local databases and so on to identify users. Cross-browser fingerprinting does this across multiple browsers, looking at data points that will remain constant because they are system-wide. For instance, installed fonts are linked to an operating system, not a browser.

As well as being used to produce risk scores, cross-browser fingerprinting can track users’ online behavior. Again, this is helpful to those undertaking anti-fraud and anti-money laundering work. They can use tracking to glean insights into what users are doing and what they may intend to do next. This tracking and risk scoring work can be used to trigger appropriate responses where a user’s behavior warrants this.

Reduce Fraud Rates by 70–99%

Partner with SEON to reduce fraud in your business with real-time data enrichment, whitebox machine learning, and advanced APIs.

Ask an Expert

Practical Applications of Cross-Browser Fingerprinting

In terms of its practical applications, cross-browser fingerprinting hasn’t been adopted as a standalone technique. Instead, it has merged with other fraud-fighting strategies to create a robust approach to identifying and tracking fraudsters.

Its concepts and techniques have contributed to and become part of modern device fingerprinting – for example, helping to define browser hashes and cookie hashes, and stop fraud in combination with velocity checks and behavioral analysis.

Though the official cross-browser fingerprinting project on GitHub has not been updated in a few years, the spirit of cross-browser fingerprinting – namely the ability to track users despite their browser habits – lives on in the dozens, if not hundreds, of different data points not related to a browser that fraud prevention systems can identify and keep track of.

As such, cross-browser fingerprinting has become an integral part of the fight against fraud and money laundering, even though the term itself is not as commonly used today.