is it increasing your internet security in terms of privacy/tracking/fingerprinting, if you are surfing with your web browser in a virtual machine enviroinment (virtual box + vpn)? Instead of surfing from your normal windows operating system…
Or is a virtual machine not helping you in fingerprinting cases? I just want to understand if you can use a virtual machine as a additional privacy tool and if yes, on what aspects would it have an impact (ip address, virus infections, fingerprinting, etc.)?
In a same fashion, is there a risk (for one’s privacy) that if someone shares a single photo somewhere on the web, then we can find all photos shared by the same person on internet?
Indeed, photos metadata (EXIF) are sometimes present on photos that people upload to their website (people sometimes don’t remove them), containing:
- name of the device (ok, many people in the world have the same device)
- maybe firmware version (then the number of people having the exact same version is lower) or OS version?
- sometimes geolocation
- other unique IDs?
Then won’t using a service like images.google.com (or a similar tool which offer metadata advanced search) allow anyone to find all photos uploaded by the same user?
More precisely: given a set of metadata coming from a photo, can people easily search all photos on internet made by the same device (thus creating a privacy risk)? Or do major image search engines prevent this to happen (by rejecting metadata search)?
Example for a photo:
---- File ---- FileName : ... Directory : ... FileSize : ... FileModifyDate : ... FilePermissions : ... FileType : JPEG MIMEType : image/jpeg ExifByteOrder : Little-endian (Intel, II) ImageWidth : ... ImageHeight : ... EncodingProcess : Baseline DCT, Huffman coding BitsPerSample : 8 ColorComponents : 3 YCbCrSubSampling : YCbCr4:2:0 (2 2) ---- EXIF ---- ImageWidth : ... ImageHeight : ... Make : ... Model : ... Orientation : Rotate 180 XResolution : 72 YResolution : 72 ResolutionUnit : inches Software : Ai0j1i567fs ModifyDate : ... YCbCrPositioning : Centered ExposureTime : ... FNumber : ... ExposureProgram : Program AE ISO : ... ExifVersion : 0220 DateTimeOriginal : ... CreateDate : ... ComponentsConfiguration : Y, Cb, Cr, - ShutterSpeedValue : 1/132 ApertureValue : ... BrightnessValue : ... ExposureCompensation : 0 MaxApertureValue : ... MeteringMode : Center-weighted average LightSource : Unknown Flash : Fired FocalLength : ... UserComment : ... FlashpixVersion : 0100 ColorSpace : sRGB ExifImageWidth : ... ExifImageHeight : ... InteropIndex : R98 - DCF basic file (sRGB) InteropVersion : 0100 SensingMethod : One-chip color area SceneType : Directly photographed ExposureMode : Auto WhiteBalance : Auto FocalLengthIn35mmFormat : 31 mm SceneCaptureType : Standard ImageUniqueID : H07RA02XP GPSVersionID : 18.104.22.168 ImageWidth : 512 ImageHeight : 288 Compression : JPEG (old-style) Orientation : Rotate 180 XResolution : 72 YResolution : 72 ResolutionUnit : inches ThumbnailOffset : ... ThumbnailLength : ... ---- MakerNotes ---- MakerNoteVersion : 0100
As a follow-on to these questions:
What unique fingerprinting information can an iOS7 app collect?
What unique device fingerprinting information can an iOS8 app collect?
What unique device fingerprinting information can an iOS9 app collect?
What unique fingerprinting information can an iOS 10 app collect?
What unique device fingerprinting information can an iOS 11 app collect?
re: Motion Sensors (accelerometer, gyroscope, magnetometer): “On iOS 12 12.2, Apple adopted our suggestion (§VI) and added random noise to the ADC outputs. Apple also removed access to motion sensors from Mobile Safari by default.” SENSORID: Sensor Calibration
Fingerprinting for Smartphones
In iOS 12, Apple has introduced device fingerprinting protections in Safari “by only sharing a simplified system profile”. However, the extent of these protections, and the extent to which they carry over to app web views or other app system profile access, is not known.
As always there is basic system info available similar to what any web page can access: IP address, HTTP headers, etc. Many of these are low entropy or can be changed by the user through various means, but it may be possible to combine enough for a reasonable identification. Or for reasonable enough correlation for cross-device tracking.
It appears that apps can only get enhanced information about a Wi-Fi hotspot with a special entitlement from Apple (it’s not clear to the layperson exactly what information). However, there does appear to be a way to obtain network name of the current Wi-Fi network, which is a problem because it can allow location tracking and therefore also correlations to other people or sensitive places.
What uses exist of persistent data stores by apps, or by apps across an app group, that survive app (or app group) deletion? Are there any persistent data stores that survive device erase and restore, that can be accessed by an app after restore?
Are there any other fingerprinting vectors or open questions?
In general, what remaining device fingerprinting privacy / security vulnerabilities still exist as of iOS 12, particularly those that have no user settings or user actions that can thwart them?
I was reading about Schengen visa requirements and have stumbled upon the following text in the Biometric Requirement Schengen Visa:
As of November 2, 2015 it is required that applicants for a Schengen visa type C ( Duration less than 90 days) will need to provide biometric data (fingerprints) when submitting an application. The biometric data of persons applying for a Schengen visa will be stored in a new Visa Information System (VIS).
Exemptions from the obligation of fingerprinting are provided for the following categories of applicants only:
- Children under 12,
- Persons for whom the collection of fingerprints is physically impossible;
- Sovereigns and other senior members of a royal family, Heads of State and members of the national Governments (with their official delegations and spouses) if they travel for official purposes.
I can think of some reasons for the first category and can surely understand the reason for the second one. But why do royal family and members of national governments are not required to take fingerprints? Is it some sort of national security issue or just simplified process?
I am an online survey provider, and due to the nature of my business, I get lots of fraud and duplicate users for my surveys which I can’t control by cookie restrictions.
I wish to implement Digital fingerprint tracking so that I can track the uniqueness of the respondent and can block unwanted respondents.
I want to know which technology should I use for this project (Which can handle 1000 – 1500 requests per second, or more). I also want to know what development strategy should I use for this project.
So far I’ve tried Fingerprint JS, Ever Cookie sort of examples, but based on my Traffic that is close to 1 million per day, this can’t work right now.
All kind of suggestions and advise are welcome and if this is not the right place to ask this kind of question, kindly let me know, where to ask it.