Bug details

We found several cases in which AudioContext API was used by many fingerprinting scripts. AudioContext was first used to generate audio signals that vary across devices and browsers. Audio fingerprinting has evolved since then. We identify several cases in which fingerprinting scripts used the AudioContext API to capture additional properties such as numberOfInputs, numberOfOutputs, and destination among many others properties. In addition to reading AudioContext properties, we also find cases in which canPlayType is used to extract the audio codecs supported by the device. This additional information exposed by the AudioContext API can potentially leak entropy.

Related bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1288359

Some of the scripts and websites accessing AudioContext APIs

Script URL

https://ccdn.brightedge.com/conv_v3.js , https://trackalyzer.com/trackalyze_secure.js

Websites with script

https://www.aao.org/ , https://www.fromyouflowers.com/ , https://www.sailpoint.com/ , https://www.air-watch.com/ , https://www.idrivesafely.com/ , https://zingaya.com/ , https://www.servicenow.com/

Other APIs access by these scripts (filtered to those also found in fingerprintjs2)

browserLanguage , destination , createProgram , vertexAttribPointer , disconnect , toDataURL , WEBGL_debug_renderer_info , fillRect , fillStyle , enableVertexAttribArray , AudioContext , mimeTypes , WebGLRenderingContext , display , toSource , availHeight , createOscillator , rangeMax , MAX_TEXTURE_MAX_ANISOTROPY_EXT , enumerateDevices , platform , getContext , oncomplete , frequency , context , bindBuffer , getExtension , createBuffer , localStorage , doNotTrack , useProgram , precision , webgl , description , createShader , fonts , OfflineAudioContext , TouchEvent , compileShader , plugins , getShaderPrecisionFormat , EXT_texture_filter_anisotropic , indexedDB , devicePixelRatio , ActiveXObject , setValueAtTime , enable , maxTouchPoints , startRendering , ontouchstart , getSupportedExtensions , renderedBuffer , bufferData , globalCompositeOperation , fillText , textBaseline , multiply , sessionStorage , Float32Array , closePath , systemLanguage , isPointInPath , colorDepth , getData , getContextAttributes , linkProgram , filter , createDynamicsCompressor , userAgent , reduction , attachShader , currentTime , appName , connect , clearColor , Netscape , getChannelData , getAttribLocation , navigator , mediaDevices , suffixes , rangeMin , uniform2f , language , screen , getParameter , deviceMemory , offsetHeight , canvas , beginPath , hardwareConcurrency , languages , productSub , getUniformLocation , availWidth , shaderSource , ARRAY_BUFFER , oscpu , drawArrays , font , userLanguage , component