Mechanism of ``audio fingerprinting'' that identifies and tracks individuals by having the browser generate audio files

Unique information such as the IP address, OS type, and browser type of users viewing a website is called a fingerprint , and website administrators can collect fingerprints to identify individuals. can be identified. Fingerprint , which provides a fingerprint collection service, explains the method and workaround for ``audio fingerprinting,'' which involves ``generating an audio file in the user's browser and identifying individuals based on slight differences'' among fingerprints. doing.

How the Web Audio API is used for audio fingerprinting
https://fingerprint.com/blog/audio-fingerprinting/

How We Bypassed Safari 17's Advanced Audio Fingerprinting Protection
https://fingerprint.com/blog/bypassing-safari-17-audio-fingerprinting-protection/

Audio fingerprinting is a technology that allows a browser to perform a process that generates audio, and identifies individuals based on slight differences in the generated audio files. The audio generation process differs slightly depending on the browser type and version, OS type, CPU type, etc., and there are slight differences in the generated files, so the hash value of the generated file A personal identifier can be generated by calculating the following.

With audio fingerprinting, the same identifier is generated if the browser and OS type are the same. For this reason, audio fingerprinting alone cannot accurately identify a person. Therefore, website administrators use audio fingerprinting to collect information such as ``time zone,'' ``language settings,'' and ``number of extensions installed on the browser,'' and combine multiple pieces of information to identify individuals. Masu.

Fingerprinting is a convenient mechanism for website administrators who want to identify individuals, but from a user's perspective, it can be said to be an undesirable mechanism from a privacy perspective. For this reason, many browsers incorporate mechanisms to protect users from fingerprint collection. For example, in June 2023, Apple added a mechanism to Safari that ``adds randomness to the process to randomly vary the identifier generated by audio fingerprinting''.

Apple announces powerful new privacy and security features - Apple (Japan)
https://www.apple.com/jp/newsroom/2023/06/apple-announces-powerful-new-privacy-and-security-features/

However, Fingerprint reports that it has devised a ``method to collect audio fingerprinting by circumventing Safari's protection functions'' in Safari 17, the latest version at the time of article creation. According to Fingerprint, Safari 17's audio fingerprinting protection technology can be circumvented by ``generating a large amount of audio and finding the average noise'' or ``using audio whose generated results differ significantly depending on the browser.'' Fingerprint also claims that its new algorithm for evading protection technology can complete the process in a few milliseconds to tens of milliseconds.

In addition, Fingerprint publishes the code used for audio fingerprinting at the link below.

fingerprintjs/src/sources/audio.ts at c411aff111e5c79cdc37608d42632d4a66a8c1dc · fingerprintjs/fingerprintjs · GitHub
https://github.com/fingerprintjs/fingerprintjs/blob/c411aff111e5c79cdc37608d42632d4a66a8c1dc/src/sources/audio.ts