Environment-dependent JavaScript property values allow for user fingerprinting.
Academics have come up with a new technique that leaks data about users' browsers; enough to defeat anti-fingerprinting systems and privacy-preserving browser extensions to provide ways to identify users by their browser and underlying platform in a way that has not been done before.
Called "JavaScript Template Attack," this new technique revolves around the concept of JavaScript properties and the default values that browser engines return for basic JavaScript queries seeking the value of a certain property.
JavaScript environment templates
The researchers, all three from the Graz University of Technology, in Austria, created a system that automates the querying and collection of thousands of JavaScript properties and their default values from a user's environment.
... ...