How is a site able to track you?

How is a site able to track you?

Hypothetically, say there is a certain site that you access by using the incognito mode on Chrome and through a VPN. What tools might a site have to identify that you've been there before if your IP has changed and there are no cookies/cache to read?

Can sites track hardware? MAC address?

I ask because there was a site I wanted to visit undetected but it realized I had been there before despite masking myself via VPN and incognito mode, so I got curious how it knew who I was.

答案1

Websites cannot track your hardware or your MAC address. What they could track is:

  • Your browser (Chrome, Firefox, Safari, etc.)
  • Your OS (Windows, OS X, etc.)
  • Your language
  • Your screen resolution

Note: This is true of you are visiting a page assuming it's just viewing a normal page without running any flash content, running Java applets, etc. If you are, then it may be possible for websites to track your hardware.

答案2

You'd be surprised at how much information is available to help track you. Panopticlick mentions these notable data:

  • Screen resolution and color depth
  • Canvas fingerprinting, which takes advantage of tiny differences in image rendering - different video stacks will produce slightly different images when used to draw simple shapes on a <canvas>
  • WebGL fingerprinting, which is like the above but uses WebGL, giving the script more control over what goes on in your GPU
  • All Chrome plugins (not extensions) and their versions
  • Time zone (accessible via JavaScript)
  • The HTTP_ACCEPT header, which can include installed languages and their order of preference
  • OS family (e.g. Win32)
  • User agent, which identifies the browser version and can include the exact OS version
  • Whether your device has touch support
  • Some installed fonts (only via Flash - doesn't work in incognito)

Web sites cannot get any hardware details beyond what the browser reports. Your MAC address never leaves your subnet (i.e. never goes beyond your router). In a sense, the canvas and WebGL fingerprints identify your graphics hardware (but not the specific card), since it's differences in the drawing that allow the fingerprinting.

If, however, the site can run arbitrary code on your machine (via a Java applet, usually), it can gather any details it wants, including machine SID, MAC address, a full hardware profile, or any files on the drives.

相关内容