Choose: Simple Style

Fingerprinting Error Messages

║▌║▌│█║▌║│█│█║║║▌│║▌

/Tracking/Fingerprinting/active/error_messages/

  • $ fingerprint@info:~ echo $ERROR-MESSAGES
  • Name:

    Error Messages

    Original feature purpose:

    Error messages help to handle controlled exceptions in an informative way and allow better analysis of unexpected conditions. The Error constructor in JavaScript creates an error object and instances of Error objects are thrown when runtime errors occur. These instances contain more detailed information as well as metadata about the error which has occurred. For more details see, e.g., MDN web docs


    FP-Explanation:

    Error messages are browser-dependent. For example, the Error Object in Firefox supports the attributes 'FileName', 'LineNumber' and 'ColumnNumber'. Firefox based browsers can show different values for 'ColumnNumber'. Internet Explorer is the only browser which has the attribute 'description'.
    All browsers have the 'message' attribute, but with their own message style and content. For example, the message string can start with an uppercase or lowercase letter, or the messages are completely different. But even if the error messages have identical strings, it is likely that the stack output will be different.
    The Error Stack has no standard, but is defined in most browsers. Thus, the format of the stack output varies across browser. For example, a browser may include error name, error message and anchor links in the stack - or not.
    Chrome and Opera share the same error messages, but - depending on the Opera Version - Opera's stack contains the string "('native')" while Chrome's stack does not contain this string. Also the string formatting can vary.
    Non mainstream browsers also handle error messages differently. For example, Midori echos out the complete error-producing code within the error message.
    This code:
    'x'.repeat(500000001);
    will result in this error message:
    undefined is not a function (evaluating ''x'.repeat(500000001)')
    ... and the following code:
    "<img onerror=alert('thats') src='bad'>".repeat(500000001);
    will open an alert-box on page load, if error messages are printed out on a website.


    FP-Type:

    active

    FP-Categories:

    js, js-attrib, software-dependent, consistent

    Counter-measures:

    Unwise counter-measures:

    • Block error message readouts
      Info: All browsers support error message readouts.
      Problem: Thus, only a very small portion of the internet community would block readouts.
    • Spoof error message readouts
      Problem: There are many other browser/version detection methods, so your browser will become more unique.


    Publications/References:


  • $ fingerprint@info:~ run error-messages-demo
  • Demo:

    >> Jump to Error Messages Demo <<


Fingerprint Info:

The fingerprint hash changes, if the URL changes (e.g., URL?future or URL#anchor)
[the URL could be stripped/replaced before hashing to achieve a consistent fingerprint]


Error Messages Fingerprinting: Results

Number of error cases: Tests are running...
Your Error Messages Hash: Tests are running...

Refresh page.




Your error messages output:

Code: 'x'.repeat(500000001);
Your error message:
Line number (if supported):
Column number (if supported):
Filename (if supported):
Stack (if supported):

Example error messages (shown error messages may vary across browser versions):
  • Firefox
    • Error message: repeat count must be less than infinity and not overflow maximum string size
    • Line number: 459
    • Column number number: 11
    • Stack: stack2@http://privacycheck.sec.lrz.de/active/fp_em/fp_error_messages.html:459:11 stack1@http://privacycheck.sec.lrz.de/active/fp_em/fp_error_messages.html:454:5 anonymous@http://privacycheck.sec.lrz.de/active/fp_em/fp_error_messages.html line 474 > Function:3:1 @http://privacycheck.sec.lrz.de/active/fp_em/fp_error_messages.html:475:3
  • Chrome:
    • Error message: Invalid string length
    • Line number: undefined
    • Column number number: undefined
    • Stack: RangeError: Invalid string length at String.repeat () at stack2 (http://privacycheck.sec.lrz.de/active/fp_em/fp_error_messages.html:459:11) at stack1 (http://privacycheck.sec.lrz.de/active/fp_em/fp_error_messages.html:454:5) at eval (eval at (http://privacycheck.sec.lrz.de/active/fp_em/fp_error_messages.html:27:16), :3:1) at http://privacycheck.sec.lrz.de/active/fp_em/fp_error_messages.html:475:3
  • Opera:
    • Error message: Invalid string length
    • Line number: undefined
    • Column number number: undefined
    • Stack: RangeError: Invalid string length at String.repeat (native) at stack2 (http://privacycheck.sec.lrz.de/active/fp_em/fp_error_messages.html:459:11) at stack1 (http://privacycheck.sec.lrz.de/active/fp_em/fp_error_messages.html:454:5) at eval (eval at (http://privacycheck.sec.lrz.de/active/fp_em/fp_error_messages.html:474:16), :3:1) at http://privacycheck.sec.lrz.de/active/fp_em/fp_error_messages.html:475:3
  • Safari:
    • Error message: 'undefined' is not a function
    • Line number: undefined
    • Column number number: undefined
    • Stack: undefined
  • Internet Explorer:
    • Error message: Object doesn't support property or method 'repeat'
    • Line number: undefined
    • Column number number: undefined
    • Stack: TypeError: Object doesn't support property or method 'repeat' at stack2 (http://privacycheck.sec.lrz.de/active/fp_em/fp_error_messages.html:459:7) at stack1 (http://privacycheck.sec.lrz.de/active/fp_em/fp_error_messages.html:454:5) at Function code (Function code:1:1) at Global code (http://privacycheck.sec.lrz.de/active/fp_em/fp_error_messages.html:475:3)


Overview: other error messages

Code: eval('alert("Hello world)');
Your error message:
Example error messages:
  • Firefox error message: unterminated string literal
  • Chrome/Opera error message: Invalid or unexpected token
  • Safari error message: Unexpected EOF


Code: var foo; foo.bar;
Your error message:
Example error messages:
  • Firefox error message: foo is undefined
  • Chrome/Opera error message: Cannot read property 'bar' of undefined
  • Safari error message: 'undefined' is not an object


Code: null.bar;
Your error message:
Example error messages:
  • Firefox error message: null has no properties
  • Chrome/Opera error message: Cannot read property 'bar' of null
  • Safari error message: 'null' is not an object


Code: var x = new Array(-1);
Your error message:
Example error messages:
  • Firefox error message: invalid array length
  • Chrome/Opera error message: Invalid array length
  • Safari error message: Array size is not a small enough positive integer.


Code: x.foo = "bar";
Your error message:
Example error messages:
  • Firefox error message: x is undefined
  • Chrome/Opera error message: Cannot set property 'name' of undefined
  • Safari error message: 'undefined' is not an object


Code: (42).toString(0);
Your error message:
Example error messages:
  • Firefox error message: radix must be an integer at least 2 and no greater than 36
  • Chrome/Opera error message: toString() radix argument must be between 2 and 36
  • Safari error message: toString() radix argument must be between 2 and 36