An international team of academic researchers from France, Israel, and Australia have developed a new technique that can identify individual users according to their specific, unique graphics card signature otherwise known as GPU fingerprint. This project known as DrawnApart, serves as a proof of concept, that serves as a warning towards more invasive identification measures that websites or ill-intentioned actors could take in order to collect data on individual users’ online activities in real-time.
The significance of the research as stated by the researchers;
DRAWNAPART makes two contributions to the state of the art in browser fingerprinting. On the conceptual front, it is the first work that explores the manufacturing differences between identical GPUs and the first to exploit these differences in a privacy context. On the practical front, it demonstrates a robust technique for distinguishing between machines with identical hardware and software configurations, a technique that delivers practical accuracy gains in a realistic setting.
According to the researchers, the current fingerprinting techniques cannot be used for fingerprinting purposes for a long time. This is because existing techniques basically rely on browser fingerprints, which have a tendency to change over time. Hence, such fingerprints could mix up with other fingerprints sharing hardware or software similarities.
The researchers address this gap by fingerprinting device GPUs. Their technique involves logging the speed variations between the GPU Execution Units (EU). They have shown that such fingerprinting can even distinguish between two fingerprints successfully
Their technique is based on the inherent variations of hardware due to variability in manufacturing processes and individual components. The concept of GPU fingerprinting is similar to human fingerprint which can easily be distinguished from each other.
Although has shown DrawnApart an effective GPU fingerprinting technique, researchers are proposing some ways to prevent such techniques. These include
- Blocking scripts via adblockers or browser settings
- Blocking API
- Disabling hardware-accelerated rendering
