For example, it's possible to link your Safari visit to your Chrome visit, identify you uniquely and track you across the web. A website exploiting the scheme flooding vulnerability could create a stable and unique identifier to link those browsing identities.Īll major browsers are affected, even if you are not a Tor Browser user.
They may use Safari, Firefox, Chrome, or Tor for sites where they want to stay anonymous. However, due to some websites' slow connection speed and performance issues, users may rely on less anonymous browsers for everyday surfing.
Tor Browser is known to offer the ultimate privacy protection. No cross-browser anonymityĬross-browser anonymity is something that even a privacy-conscious internet user may take for granted. The scheme flooding vulnerability allows for third-party tracking across different browsers and thus violates privacy. The vulnerability uses information about installed apps on your computer to assign you a permanent unique identifier even if you switch browsers, use incognito mode, or use a VPN. We will refer to this vulnerability as scheme flooding, using custom URL schemes as an attack vector. The desktop versions of Tor Browser, Safari, Chrome, and Firefox are all affected. In our research into anti-fraud techniques, we have discovered a vulnerability that allows websites to identify users reliably across different desktop browsers and link their identities together. Test the vulnerability on our live demo site. To help improve it, we have submitted bug reports to all affected browsers, created a live demo, and made a public source code repository available to all. We believe there should be open discussions about such vulnerabilities to help internet browser providers fix them quickly. We focus on stopping fraud and support modern privacy trends for removing third-party tracking entirely. In this article, we introduce a scheme flooding vulnerability, explain how the exploit works across four major desktop browsers and show why it's a threat to anonymous browsing.ĭISCLAIMER: Fingerprint does not use this vulnerability in our products and does not provide third-party tracking services.
0 kommentar(er)
