Cross-browser tracking vulnerability tracks you via installed apps

silversurfer

Level 84
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,565
Researchers have developed a way to track a user across different browsers on the same machine by querying the installed applications on the device.

Certain applications, when installed, will create custom URL schemes that the browser can use to launch a URL in a specific application. [...]
A researcher from one of the most well-known fingerprinting scripts, FingerprintJS, has disclosed a vulnerability that allows a website to track a device's user between different browsers, including Chrome, Firefox, Microsoft Edge, Safari, and even Tor.

"Cross-browser anonymity is something that even a privacy conscious internet user may take for granted. Tor Browser is known to offer the ultimate in privacy protection, though due to its slow connection speed and performance issues on some websites, users may rely on less anonymous browsers for their every day surfing," explains a new vulnerability report by FingerprintJS' Konstantin Darutkin.

"They may use Safari, Firefox or Chrome for some sites, and Tor for sites where they want to stay anonymous. A website exploiting the scheme flooding vulnerability could create a stable and unique identifier that can link those browsing identities together."
 

Stopspying

Level 14
Verified
Top poster
Well-known
Jan 21, 2018
624
This website lists the some of the apps that can be used to track you with this vulnerability.
Cross browser tracking.PNG

Of the three apps this site claims I have Spotify is the only one that is actually installed. Skype remnants may be detected somewhere in the Win 10 system but it is disabled and I do not have Telegram installed, I use Signal for secure messaging on this machine.

I note that some of the more popular VPN providers - Express and Nord are on the list of other apps this occurs with.
 

Stopspying

Level 14
Verified
Top poster
Well-known
Jan 21, 2018
624
View attachment 258011

Of the three apps this site claims I have Spotify is the only one that is actually installed. Skype remnants may be detected somewhere in the Win 10 system but it is disabled and I do not have Telegram installed, I use Signal for secure messaging on this machine.

I note that some of the more popular VPN providers - Express and Nord are on the list of other apps this occurs with.
For the above scan by this website my browser was reporting that it was Chrome on Linux. With it set as Firefox on Linux it detects another app - Notion, which I don't have installed either.
Cross browser tracking 2.PNG
Changing the browser settings to imitate Firefox 88 on macOS 10.14 instead of Notion it claims that I have Hotspot Shield installed; there is no chance that I'd install that on any of my devices.

Cross browser tracking 3.PNG

@Opc9 In no way are these comments meant as a reflection on you, I believe that you shared it in good faith and to help MT users understand this issue better. I found it interesting to see what that website made of my installed apps, but it wasn't that accurate with the results for me at least. The last result is apparently a unique one for the scans they have done so far, which is not good news for me if I want to hide on the internet, but the fact that it is not accurate is possibly re-assuring!
 

The_King

Level 12
Verified
Top poster
Well-known
Aug 2, 2020
561
@Stopspying the web link I posted is from the original article the OP posted. I have noticed that many people don't follow
the source article and usually miss out on important information by just reading what is posted here.

I have also tested the site out with Firefox and Edge and got identical results with the same number of apps detected
as well has the exact same identifier tracking code. So it was able to track me across two browsers without any issues.
 

Stopspying

Level 14
Verified
Top poster
Well-known
Jan 21, 2018
624
@Stopspying the web link I posted is from the original article the OP posted. I have noticed that many people don't follow
the source article and usually miss out on important information by just reading what is posted here.

I have also tested the site out with Firefox and Edge and got identical results with the same number of apps detected
as well has the exact same identifier tracking code. So it was able to track me across two browsers without any issues.
I mentioned you as you'd highlighted the schemeflood.com site that had been linked to in the Bleeping Computer article.

I've run the scan again, indicating that I'm using Firefox on Ubuntu and the results are the same as after the original scan - claiming that I have Skype, Spotify and Telegram installed. Apparently 10 scans have shown that combination so far, when I got these results the first time it said there had been 3 results like that. If that is the case then I am part of a small group of users with that result, which is better than being unique as I was in another scan, just!
 

plat1098

Level 27
Verified
Top poster
Well-known
Sep 13, 2018
1,659
Even one app is one too many...and it's not even formally installed on here. There are so many Skype remnants, not only in the registry but in various locations in File Explorer that it might as well be formally on here. Ridiculous. Installed it to see if those remnants could be removed w/HiBit and no, it's a Store app so I learned a little something.

OK, well the BC article did say Microsoft acknowledged the issue and a fix is prob. coming out sometime.

skype mess.PNG
 

brambedkar59

Level 24
Verified
Top poster
Well-known
Apr 16, 2017
1,313
Well this is scary, it managed to track me across Edge, Brave, Firefox and Tor. I even used VPN with private browser window but it does nothing. It says I have Skype and Spotify. I have same identifier as 320 out of 26K users.
Another old (Dec 2020) article about tracking via browser handlers .
 
Last edited: