Googlebot’s JavaScript random() function is deterministic

I wrote about something like this previously[1]<p>Ads often have something like this attached to the end:<p><pre><code> load(&quot;https:&#x2F;&#x2F;adserver&#x2F;track.gif?{stuff}&amp;_=&quot; + Math.random()) </code></pre> My ad server collected multiple tracking pixels -- for various events and after five pixels I could fingerprint the browser (Firefox, Chrome, MSIE, etc) and identify someone fiddling with the user agent string, or using a proxy server to mask this information.<p>[1]: <a href="http:&#x2F;&#x2F;geocar.sdf1.org&#x2F;browser-verification.html" rel="nofollow">http:&#x2F;&#x2F;geocar.sdf1.org&#x2F;browser-verification.html</a>

Seems reasonable to me. My guess is that it&#x27;s not performance, but rather predictability, that matters here. Being able to detect when a page meaningfully changes is probably useful for Google, and a good implementation of Math.random() would potentially thwart that. Especially seeing how many pages have the magic constant in them...<p>Also, probably useful for determining two pages are the same, which may be needed to help prevent the crawler from crawling a million paths into a SPA that don&#x27;t actually exist, for example.

Seems like the expectation on PRNGs being expressed in this thread is a bit unrealistic. They&#x27;re always deterministic. The fact that this PRNG is also always seeded the same makes it easier to fingerprint, but that has no bearing on whether the PRNG is deterministic.

Maybe Googlebot forks its JS-engine from a pre-initialized image. That would explain the unchanging seed.

This is known for a while and used to cause huge problems for our tracking: <a href="https:&#x2F;&#x2F;github.com&#x2F;snowplow&#x2F;snowplow-javascript-tracker&#x2F;issues&#x2F;499" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;snowplow&#x2F;snowplow-javascript-tracker&#x2F;issu...</a>

Nice to see fingerprinting used <i>against</i> Google (instead of <i>by</i> Google). But this is easy to fix, so I don&#x27;t expect this to work for much longer.

Every random() function is kind of deterministic, but still very interesting discovery!

What&#x27;s a plausible real world use case for this if one wanted to exploit this to game SEO? Can it even be exploited in any way?

For those (like me) who are not that familiar with Javascript, the Javascript spec for Math.random says: &quot;....The implementation selects the initial seed to the random number generation algorithm; it cannot be chosen or reset by the user.&quot; Furthermore, the seed usually changes. It seems that Google has modified their Javascript library, perhaps by allowing an explicit Math.Seed function.

I employed a seed-based deterministic random function in a WebWorker once, to noisily but predictably drive an animation. I suppose one could use the same approach to have a decent non-deterministic source alongside Google&#x27;s patched seedrandom.

I guess they used the XKCD method of random number generation: <a href="https:&#x2F;&#x2F;xkcd.com&#x2F;221&#x2F;" rel="nofollow">https:&#x2F;&#x2F;xkcd.com&#x2F;221&#x2F;</a><p>It is actually truly random if you have a fair dice.

def roll(): return 4

This makes me wonder if Chrome Headless has enough entropy for random() if running on a Linux server.

PRNGs are deterministic. Even the PRNG shipped in processors available through the RDSEED&#x2F;RDRND instructions is deterministic.<p>Unless you are using some form of entropy, e.g: dedicated hardware, that will be the case.

The google queries for &quot;roll a dice&quot; and &quot;flip a coin&quot; aren&#x27;t actually random either. They seem to be based off the current time.