How can I know if an application reads my hardware fingerprint?


I would like to know (for security and privacy reasons) if a certain Windows 7 desktop program actually reads my hardware fingerprint including hard drive serial number, CPU serial number, or any other unique information (Windows product PID, for example) which can be used to identify a given computer. Can Process Monitor do it? If so, how? If not, is there some other program or method I can use to find out?


Posted 2013-08-11T21:07:59.747

Reputation: 33



As a programmer myself, I cannot imagine that such a program would, or even could exist. I’ll explain why.

There is no single hardware ID; rather, as you said, there are various other unique identifiers that can be used to build a unique profile (much like how online advertisers build a profile by collecting individual bits of information like website visits).

Any program can read any or all of that information (access limitations notwithstanding), and what any given program (or more specifically, its developers) consider sufficiently unique is arbitrary. One developer may consider a Windows PID enough while another (*cough*Microsoft*cough*) will use several. There is really no way to know exactly when a program is taking a hardware fingerprint. There are legitimate reasons that a program may access pretty much any of those bits of information, so it would be difficult to determine whether it is taking a fingerprint or just doing some work.

That said, it could be possible to detect a fingerprint attempt by heuristics. For example, you could detect if a program makes an attempt (or has code) to read multiple pieces of unique data. If so, then you could tell the user about it and let them decide whether it is trying to fingerprint the system or just doing its work (like how anti-malware programs have to allow the user to make a decision about potentially suspect, but not provably guilty software behaviors). Of course even then, the readings could be spread out and thus be even less likely to be detected.

You could manually observe a program, but there are not tools to monitor and log access to every kind of unique information that a program could read (in fact, it is conceivable that it could use a unique piece of uniquely identifying information (i.e., one that is not well known or generally used in that way).

(I can’t help but ponder that it might be possible to get a better reading of fingerprinting attempts by using a VM, especially with a custom OS like ReactOS…)

In summary, there is no fool-proof way to know when a program is fingerprinting a system. You can try observing access to common information, but that doesn’t guaranteed detection of an attempt to fingerprint by any stretch of the imagination.

If you have concerns about a program, your best bet is simply to research that specific program to see if others have already discovered that it takes a system fingerprint (like how Windows WPA was dissected), or at least to raise the flag so that security experts can disassemble the code, analyze it, and find out.


Posted 2013-08-11T21:07:59.747

Reputation: 63 242