Long-Term Observation on Browser Fingerprinting: Users’ Trackability and Perspective

Gaston Pugliese; Christian Riess; Freya Gassmann; Zinaida Benenson

Detalles de publicación y publicación

Detalles de la revista

Formato: Revista
eISSN: 2299-0984
Primera edición: 16 Apr 2015
Calendario de la edición: 4 veces al año
Idiomas: Inglés

Browser fingerprinting as a tracking technique to recognize users based on their browsers’ unique features or behavior has been known for more than a decade. We present the results of a 3-year online study on browser fingerprinting with more than 1,300 users. This is the first study with ground truth on user level, which allows the assessment of trackability based on fingerprints of multiple browsers and devices per user. Based on our longitudinal observations of 88,000 measurements with over 300 considered browser features, we optimized feature sets for mobile and desktop devices. Further, we conducted two user surveys to determine the representativeness of our user sample based on users’ demographics and technical background, and to learn how users perceive browser fingerprinting and how they protect themselves.

Keywords

browser fingerprinting
tracking
privacy

Referencias

[1] P. Eckersley, “How unique is your web browser?,” in Privacy Enhancing Technologies, 10th International Symposium, PETS 2010, Berlin, Germany, July 21-23, 2010. Proceedings, pp. 1–18, 2010.10.1007/978-3-642-14527-8_1Search in Google Scholar

[2] H. Tillmann, “Browser fingerprinting - tracking ohne spuren zu hinterlassen,” Master’s thesis, 2013.Search in Google Scholar

[3] A. Vastel, P. Laperdrix, W. Rudametkin, and R. Rouvoy, “FP-STALKER: Tracking Browser Fingerprint Evolutions,” in 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21-23 May 2018, San Francisco, California, USA, pp. 728–741, 2018.10.1109/SP.2018.00008Search in Google Scholar

[4] P. Laperdrix, W. Rudametkin, and B. Baudry, “Beauty and the Beast: Diverting Modern Web Browsers to Build Unique Browser Fingerprints,” in IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 22-26, 2016, pp. 878–894, 2016.10.1109/SP.2016.57Search in Google Scholar

[5] A. Gómez-Boix, P. Laperdrix, and B. Baudry, “Hiding in the Crowd: An Analysis of the Effectiveness of Browser Fingerprinting at Large Scale,” in Proceedings of the 2018 World Wide Web Conference on World Wide Web, WWW 2018, Lyon, France, April 23-27, 2018, pp. 309–318, 2018.10.1145/3178876.3186097Search in Google Scholar

[6] D. Fifield and S. Egelman, “Fingerprinting Web Users Through Font Metrics,” in Financial Cryptography and Data Security - 19th International Conference, FC 2015, San Juan, Puerto Rico, January 26-30, 2015, Revised Selected Papers, pp. 107–124, 2015.10.1007/978-3-662-47854-7_7Search in Google Scholar

[7] J. R. Mayer, “Any person... a pamphleteer: Internet Anonymity in the Age of Web 2.0,” 2009. Bachelor’s thesis: https://jonathanmayer.org/publications/thesis09.pdf, accessed on August 5, 2019.Search in Google Scholar

[8] Y. Cao, S. Li, and E. Wijmans, “(Cross-)Browser Fingerprinting via OS and Hardware Level Features,” in 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017, 2017.10.14722/ndss.2017.23152Search in Google Scholar

[9] A. Cooper, H. Tschofenig, B. Aboba, J. Peterson, J. Morris, M. Hansen and R. Smith, “RFC 6973: Privacy Considerations for Internet Protocols,” 2013. https://tools.ietf.org/html/rfc6973, accessed on August 7, 2019.Search in Google Scholar

[10] J. R. Mayer and J. C. Mitchell, “Third-Party Web Tracking: Policy and Technology,” in IEEE Symposium on Security and Privacy, SP 2012, 21-23 May 2012, San Francisco, California, USA, pp. 413–427, 2012.10.1109/SP.2012.47Search in Google Scholar

[11] C. Díaz, S. Seys, J. Claessens, and B. Preneel, “Towards Measuring Anonymity,” in Privacy Enhancing Technologies, Second International Workshop, PET 2002, San Francisco, CA, USA, April 14-15, 2002, Revised Papers, pp. 54–68, 2002.10.1007/3-540-36467-6_5Search in Google Scholar

[12] P. Laperdrix, B. Baudry, and V. Mishra, “FPRandom: Randomizing Core Browser Objects to Break Advanced Device Fingerprinting Techniques,” in Engineering Secure Software and Systems - 9th International Symposium, ESSoS 2017, Bonn, Germany, July 3-5, 2017, Proceedings, pp. 97–114, 2017.10.1007/978-3-319-62105-0_7Search in Google Scholar

[13] A. Vastel, W. Rudametkin, and R. Rouvoy, “FP-TESTER: Automated Testing of Browser Fingerprint Resilience,” in 2018 IEEE European Symposium on Security and Privacy Workshops, EuroS&P Workshops 2018, London, United Kingdom, April 23-27, 2018, pp. 103–107, 2018.10.1109/EuroSPW.2018.00020Search in Google Scholar

[14] A. Vastel, P. Laperdrix, W. Rudametkin, and R. Rouvoy, “FP-SCANNER: The Privacy Implications of Browser Fingerprint Inconsistencies,” in 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018., pp. 135–150, 2018.Search in Google Scholar

[15] P. Kumaraguru and L. F. Cranor, Privacy Indexes: A Survey of Westin’s Studies. 2005.Search in Google Scholar

[16] J. B. Lovins, “Development of a Stemming Algorithm,” Mech. Translat. & Comp. Linguistics, vol. 11, no. 1-2, pp. 22–31, 1968.Search in Google Scholar

[17] L. Molina, L. Belanche, and A. Nebot, “Feature Selection Algorithms: A Survey and Experimental Evaluation,” in IEEE International Conference on Data Mining, pp. 306–313, 2002.Search in Google Scholar

[18] A. C. Cameron and P. K. Trivedi, “Microeconometrics using Stata, revised edition,” StataCorp LP, 2010.Search in Google Scholar

[19] M. Schreier, Qualitative Content Analysis in Practice. Sage Publications, 2012.Search in Google Scholar

[20] J. Cohen, “A Coefficient of Agreement for Nominal Scales,” Educational and psychological measurement, vol. 20, no. 1, pp. 37–46, 1960.10.1177/001316446002000104Search in Google Scholar

[21] M. Banerjee, M. Capozzoli, L. McSweeney, and D. Sinha, “Beyond Kappa: A Review of Interrater Agreement Measures,” Canadian journal of statistics, vol. 27, no. 1, pp. 3–23, 1999.10.2307/3315487Search in Google Scholar

[22] A. Datta, J. Lu, and M. C. Tschantz, “Evaluating Anti-Fingerprinting Privacy Enhancing Technologies,” in The World Wide Web Conference, WWW 2019, San Francisco, CA, USA, May 13-17, 2019, pp. 351–362, 2019.10.1145/3308558.3313703Search in Google Scholar

Proceedings on Privacy Enhancing Technologies

Long-Term Observation on Browser Fingerprinting: Users’ Trackability and Perspective

Gaston Pugliese,Gaston PuglieseChristian Riess,Christian RiessFreya Gassmann yFreya GassmannZinaida BenensonZinaida Benenson

Publicado en línea: 08 May 2020

Páginas: 558 - 577

Recibido: 31 Aug 2019

Aceptado: 16 Dec 2019

Keywords

Planifique su conferencia remota con Sciendo

Gaston Pugliese,
Gaston Pugliese
Christian Riess,
Christian Riess
Freya Gassmann y
Freya Gassmann
Zinaida Benenson
Zinaida Benenson