
Cross-Browser Fingerprinting via OS and Hardware Level Features (2017) [pdf] - bookofjoe
http://yinzhicao.org/TrackingFree/crossbrowsertracking_NDSS17.pdf
======
DyslexicAtheist
going off on a tangent despite this being a really cool paper (sorry :)).
There was another one on the topic (just a few days ago) by Amit Klein / Benny
Pinkas: _From IP ID to Device ID and Kaslr Bypass (Extended Version)_ :
[https://arxiv.org/abs/1906.10478](https://arxiv.org/abs/1906.10478)

This IP ID leak affects Windows, Linux (and Android) and allows fingerprinting
across the network (no need for a browser). E.g if you were to switch to a
different network etc. Onion routing (Tor) isn't affected but a MITM could
track individual machines behind NAT or bust you through a VPN etc

Linux implementation of (K)ASLR seems a source of controversy since some time.
grsecurity[¹] has been raving about this for years: grsec: "KASLR: An Exercise
in Cargo Cult Security"
[https://grsecurity.net/kaslr_an_exercise_in_cargo_cult_secur...](https://grsecurity.net/kaslr_an_exercise_in_cargo_cult_security.php)

Most Linux servers are hopefully patched meanwhile. Android phones, or Android
based WiFI/4G routers etc probably not so much.

Patch submitted by Amit Klein to LKML: "inet: update the IP ID generation
algorithm to higher standards":
[https://lkml.org/lkml/2019/4/24/1717](https://lkml.org/lkml/2019/4/24/1717)

___

Edit:

 _They reverse engineered a per host random seed from network traffic on
Windows and Linux, allowing fingerprinting, and more surprising, turned this
into a KASLR break on Linux._

see here: [https://flak.tedunangst.com/post/random-ip-id-
comments](https://flak.tedunangst.com/post/random-ip-id-comments)

