Researchers from the Ben-Gurion University (Israel), the University of Lille (France) and the University of Adelaide (Australia) have developed a new technique for identifying user devices by detecting GPU parameters in a web browser. The method is called "Drawn Apart" and is based on using WebGL to obtain a GPU performance profile, which can significantly improve the accuracy of passive tracking methods that work without the use of cookies and without storing an identifier on the user's system.
Methods that take into account the features of rendering, GPU, graphics stack and drivers when identifying were used earlier, but they were limited to the possibility of separating devices only at the level of different video card and GPU models, i.e. could only be used as an additional factor to increase the probability of identification. The key feature of the new βDrawn Apartβ method is that it is not limited to separating different GPU models, but tries to identify differences between identical GPUs of the same model, due to the heterogeneity of the production process of chips designed for massively parallel computing. It is noted that the variations that occur during the production process make it possible to form non-repeating casts for the same device models.
It turned out that these differences can be identified by counting the number of execution units and analyzing their performance in the GPU. As primitives for identifying different GPU models, checks based on a set of trigonometric functions, logical operations, and floating point calculations were used. To identify differences in the same GPU, the number of simultaneously executing threads when executing vertex shaders was estimated. It is assumed that the revealed effect is caused by differences in temperature conditions and power consumption of different chip instances (a similar effect was previously demonstrated for the CPU - the same processors demonstrated different power consumption when executing the same code).
Since operations through WebGL are asynchronous, you cannot directly use the performance.now() JavaScript API to measure their execution time, so three tricks were proposed to measure the time:
- onscreen - rendering the scene in the HTML canvas with the measurement of the response time of the callback function exposed via the Window.requestAnimationFrame API and called after the rendering is completed.
- offscreen - using a worker and rendering the scene into an OffscreenCanvas object with the measurement of the execution time of the convertToBlob command.
- GPU - rendering to an OffscreenCanvas object, but using a WebGL-provided timer to measure the time, which takes into account the duration of the execution of a set of commands on the GPU side.
In the process of creating an identifier, 50 checks are made on each device, each of which covers 176 measurements of 16 different characteristics. The experiment, during which information was collected on 2500 devices with 1605 different GPUs, showed a 67% increase in the efficiency of combined identification methods when adding Drawn Apart support to them. In particular, the combined FP-STALKER method, on average, provided identification within 17.5 days, and in combination with Drawn Apart, the duration of identification increased to 28 days.
- The separation accuracy of 10 systems with Intel i5-3470 (GEN 3 Ivy Bridge) chips and Intel HD Graphics 2500 GPU was 93% in the onscreen test and 36.3% in the offscreen test.
- For 10 Intel i5-10500 (GEN 10 Comet Lake) systems with an NVIDIA GTX1650 graphics card, the accuracy was 70% and 95.8%.
- For 15 Intel i5-8500 (GEN 8 Coffee Lake) systems with Intel UHD Graphics 630 GPU - 42% and 55%.
- For 23 Intel i5-4590 (GEN 4 Haswell) systems with Intel HD Graphics 4600 GPU - 32.7% and 63.7%.
- For six Samsung Galaxy S20/S20 Ultra smartphones with Mali-G77 MP11 GPU in the screen display test, the identification accuracy was 92.7%, and for Samsung Galaxy S9/S9+ smartphones with Mali-G72 MP18 it was 54.3%.
It is noted that the accuracy was affected by the temperature of the GPU, and for some devices, rebooting the system led to a distortion of the identifier. When using the method in combination with other methods of indirect identification, the accuracy can be significantly increased. Accuracy is also planned to be increased through the use of compute shaders after the stabilization of the new WebGPU API.
Intel, ARM, Google, Khronos, Mozilla, and Brave were notified of the problem as early as 2020, but details of the method have only just been revealed. Among other things, researchers have published working examples written in JavaScript and GLSL that can work with and without displaying information on the screen. Also, for systems based on Intel GEN 3/4/8/10 GPUs, data sets have been published for classifying extracted information in machine learning systems.
Source: opennet.ru