Yes this is ad network fingerpriting using navigator.mediaDevices.enumerateDevices(). [1] When called without permission it would return something like
> videoinput: id = csO9c0YpAf274OuCPUA53CNE0YHlIr2yXCi+SqfBZZ8=
> audioinput: id = RKxXByjnabbADGQNNZqLVLdmXlS0YkETYCIbg+XxnvM=
> audioinput: id = r2/xw1xUPIyZunfV1lGrKOma5wTOvCkWfZ368XCndm0=
and if the user has allowed access to the camera/mic
> videoinput: FaceTime HD Camera (Built-in) id=csO9c0YpAf274OuCPUA53CNE0YHlIr2yXCi+SqfBZZ8=
Thanks for this, seems to confirm my suspicions. The camera popup happened quite often on Glassdoor, which I remember once blocking me for some time after I blocked their canvas fingerprinting attempts. Just checked and that seems to no longer be there.
It's actually great to have a physical confirmation that such a fingerprint is being generated. This so called cookie-less tracking is not legal in some parts of the world because it bypasses consent which needs to be legally obtained.
It doesn't look too fingerprintable. The ids seems to change once you closed all the tabs belonging to a site (on firefox), on on reload (chromium) so the max they can fingerprint is how many devices of each type you have.
That’s what I thought too as soon as I saw the title of this thread.
My telco uses a heavily obfuscated script where all the variables are just a bunch of hex that uses every conceivable fingerprint technique in the book.
> videoinput: id = csO9c0YpAf274OuCPUA53CNE0YHlIr2yXCi+SqfBZZ8=
> audioinput: id = RKxXByjnabbADGQNNZqLVLdmXlS0YkETYCIbg+XxnvM=
> audioinput: id = r2/xw1xUPIyZunfV1lGrKOma5wTOvCkWfZ368XCndm0=
and if the user has allowed access to the camera/mic
> videoinput: FaceTime HD Camera (Built-in) id=csO9c0YpAf274OuCPUA53CNE0YHlIr2yXCi+SqfBZZ8=
> audioinput: default (Built-in Microphone) id=RKxXByjnabbADGQNNZqLVLdmXlS0YkETYCIbg+XxnvM=
> audioinput: Built-in Microphone id=r2/xw1xUPIyZunfV1lGrKOma5wTOvCkWfZ368XCndm0=
[1] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevice...