The developers of the fingerprintjs library, which allows you to passively generate browser identifiers based on indirect signs, such as screen resolution, WebGL features, lists of installed plugins and fonts, have introduced a new identification method based on an assessment of typical applications installed by the user and working through checking support in the browser additional protocol handlers. The script code with the implementation of the method is published under the MIT license.
The verification is based on the analysis of handlers binding to 32 popular applications. For example, by detecting the presence of the telegram://, slack:// and skype:// URL scheme handlers in the browser, one can conclude that the system has telegram, slack and skype applications, and use this information as a feature when generating a system identifier. Since the list of handlers is the same for all browsers in the system, the identifier does not change when you change the browser and can be used in Chrome, Firefox, Safari, Brave, Yandex Browser, Edge, and even Tor Browser.
The method allows you to generate 32-bit identifiers, i.e. alone does not allow for great accuracy, but makes sense as an additional feature in combination with other parameters. A noticeable disadvantage of the method is the visibility of the identification attempt for the user - when generating an identifier on the proposed demo page, a small but clearly noticeable window opens in the lower right corner in which handlers are sorted for a long time. This minus does not appear in the Tor Browser, in which the identifier can be calculated imperceptibly.
To determine if an application is present, the script tries to open a link associated with an external handler in a pop-up window, after which the browser displays a dialog prompting to open the content in the associated application if the application being checked is present, or displays an error page if the application is not in the system. Through a sequential enumeration of typical external handlers and an analysis of the return of an error, one can conclude that there are programs to be checked in the system.
In Chrome 90 for Linux, the method did not work, and the browser displayed a typical operation confirmation dialog for all attempts to check the handler (in Chrome for Windows and macOS, the method works). In Firefox 88 for Linux, both in normal and incognito mode, the script detected the presence of installed additional applications from the list, and the identification accuracy was estimated at 99.87% (35 such matches out of 26 tests). The Tor Browser running on the same system generated an ID that matched the Firefox test.
Interestingly, the additional protection in Tor Browser played a cruel joke and turned into an opportunity to carry out identification without the user noticing. Due to the disabling of confirmation dialogs for the use of external handlers in the Tor Browser, it turned out that verification requests can be opened in an iframe, and not in a popup window (to distinguish between the presence and absence of handlers, the same-origin rules block access to error pages and allow about:blank pages). Due to flood protection, checking in Tor Browser takes noticeably longer (10 seconds per application).
Source: opennet.ru