[ubuntu-uk] Websites and your PC hardware details

Bruno Girin brunogirin at gmail.com
Sun Feb 3 23:19:51 UTC 2013 

On 03/02/13 18:09, Simon Greenwood wrote:
>
>
>
> On 3 February 2013 16:00, Bruno Girin <brunogirin at gmail.com
> <mailto:brunogirin at gmail.com>> wrote:
>
>
>
> That makes sense in context - failed logins combined with the changed
> hardware would trigger an alert. From a service point of view it's
> very frustrating for a bank to freeze an account without some kind of
> notification - my bank have frozen my account after a detecting a
> fraudulent transaction in the past, but they do have the courtesy of
> phoning to tell me that they're going to do it.

Well, yes. When their fraud engine is properly configured, they should
only block your card when there is a very serious fraud risk. Any other
situation, they should notify you of the dodgy transactions and let you
confirm whether they are legit or not.


>
> It would be interesting to know if this system is able to extract
> something from Firefox, Chrome and other browsers available to Ubuntu.
> Most if not all online banking services now work on Linux-based
> systems although we're still the poor cousin in terms of support.

Not quite. All banks I've worked with run on UNIX, typically AIX or
Solaris. Some are considering Linux and in particular RHEL but purely as
an exercise to reduce costs and benefit from commodity x86 hardware (as
opposed to IBM PPC or Oracle SPARC).

Similarly, banks are very benefits focused in terms of what they support
and as long as the Linux share of their web server stats is low, they
won't (explicitly) support it. If I take the example of the one I work
with, their logic is very simple: any browser + OS combination that
shows more than 1% share will be explicitly supported. Interestingly,
the result of this is that the recent rapid version changes in Firefox
have meant that the reported share of FF has dropped because the logs
have shown a fragmentation between different versions. Add to this that
you have many different browsers on Linux and there is absolutely no
chance that any given combination would reach 1% for the time being. On
the other hand, such simple rules have meant that we've recently been
able to drop explicit support for IE6!

With regards to what device fingerprinting is able to extract, this
depends on the browser but there are things that all of them expose.
Panopticlick [1] is a good way to get an idea of the sort of information
that this technique can extract. To come back to the original BBC
article, something as simple as screen size and colour depth could have
changed as a result of changing the motherboard.

[1] https://panopticlick.eff.org/

Bruno

More information about the ubuntu-uk mailing list