http://www.theregister.co.uk/2017/0...ser_your_machine_can_be_fingerprinted_easily/ But they still need access your machines information through your browser so sandboxing the browser should stop it.
It depends on sandbox implementation. If it prevents browser from reading that information than it could prevent it. If it only prevents from writing to system than it wouldn't help much.
Looks like they are accomplishing this through cookies: http://yinzhicao.org/TrackingFree/crossbrowsertracking_NDSS17.pdf Perhaps blocking cookies might be a better approach.
IIRC, they were trying to improve upon previous work and create a fingerprinting solution that works *across* browsers. Unlike hardware and OS related aspects that can be detected from within multiple browsers (and through at least some sandboxes), cookies would be isolated to each individual browser (regardless of sandboxing). Although their technique and/or demo (which I didn't try) might use cookies for some purpose such as enhancing single browser fingerprinting, the technique itself *shouldn't* rely upon cookies. Oh, and thanks to a reply I see where the other thread was: https://www.wilderssecurity.com/thr...printing-is-possible-researchers-show.391375/
Pretty much what I do now. I use FF on my main install for things I dont care about being tracked on, and use TBB on Whonix for everything else. Qubes would really be best, but I'm concerned with it moving away from Xen in terms of fingerprinting. Im not so worried about being hacked (and am set up pretty well to be safe against them bar being specifically targeted by 3 letter agencies)- profiling and tracking by corporations (and hence the .gov through NSLs) worries me far more. With this talk about how fingerprinting is getting much more sophisticated, virtualization is a must.
@Anonfame1 - personally, I don't do anything on my main (especially browsing) which requires connectivity from the app, because I want that inviolate as possible (a poor Qubes). I view browsers as a primary risk which will always be attacked and are way too complex; so they operate in VMs applicable to the persona I'm operating at the time.
