AudioContext Fingerprinting

An introduction to AudioContext, and how to protect your browser from being fingerprinted by using the AudioContext Scrambler add-on.

What is AudioContext fingerprinting

Like any method of fingerprinting, the purpose is to create a unique identifier matching your device. AudioContext fingerprinting uses unique features from your device to create this identifier. AudioContext fingerprinting is as efficient as Canvas Fingerprinting, and can, by itself, generate a unique identifier that is identical on both normal and incognito mode. Moreover, it does not require any permission nor user-action to work, and won’t notify the user that he is being fingerprinted.

From my tests, every browser supporting the Web Audio API are vulnerable, including:

• Chromium / Chrome
• Firefox
• Brave
• Opera

All of them were tested on their latest version when this was being written.

Tor Browser has been discussing this issue for over five years now and last time I checked, they had the Web Audio API either disabled, or with artificially added noise.

If you want to try out if this works on your browser, you can use one of the two following websites:

• AudioContext Fingerprint Test page
• WebBrowserTools - AudioContext FingerPrinting

I found out that a lot of websites including link shorteners were using this technique to identify instantanously and precisely users. If you would like more information on how this method is implemented, I recommend you read this detailled explanation from Dawit Urgessa or the source of one of the test website linked above.

Surprisingly, this method of fingerprinting is not anything new, yet no mainstream browser has provided a mitigation. The why is an interesting question, but I have no clues, and the rest of the article won’t be focused on it.

AudioContext Fingerprint Defender

As far as I know, there was only a single add-on able to block this method of fingerprinting. It works by adding random noise to the audio input, hence generating a random hash every time.

While this method is great, AudioContext Fingerprint Defender (I’ll call it AFD) does not work as intended. First of all, it injects attributes and a script in the DOM. This means that it is easy to detect without even trying to fingerprint.

More importantly, both writing attributes and injecting a script node in the DOM creates critical weaknesses in AFD. I won’t go into details, or post my PoC in this article, but a malicious individual (or tracker) can:

• Write data-acxscriptallow itself then use an iframe to create your fingerprint
• Use CSP unsafe-inline which will block the script loaded by AFD

Both methods will make AFD fail silently.

Unfortunately, I did not find a Github link so I was not able to provide a patch. This is actually why I created my own project.

Introducing AudioContext Scrambler

Unlike AFD, AudioContext Scrambler does not inject anything in the DOM. That does not make it undetectable, but that should prevent anyone from blocking it.

At the time of writing, I am using the same random noise amplitude as AFD, so my implementation is indistinguishable from the original AFD.

AudioContext Scrambler is currently available only on Firefox (Download the add-on), and there is still work to be done. If you have some spare time and you would like to help me, feel free to fork or create issues on the AudioContext Scrambler Project on GitHub.

Notes

It is easy to detect if you are lying about your AudioContext fingerprint. However, it is still way better than leaking a unique identifier. I’d like to work on a version that always return the same wrong data but I’d like to have feedback first as it will break the Analyzer Node.