Browser Fingerprinting

@article{Laperdrix2020BrowserF,
  title={Browser Fingerprinting},
  author={Pierre Laperdrix and Nataliia Bielova and Beno{\^i}t Baudry and Gildas Avoine},
  journal={ACM Transactions on the Web (TWEB)},
  year={2020},
  volume={14},
  pages={1 - 33}
}
With this article, we survey the research performed in the domain of browser fingerprinting, while providing an accessible entry point to newcomers in the field. We explain how this technique works and where it stems from. We analyze the related work in detail to understand the composition of modern fingerprints and see how this technique is currently used online. We systematize existing defense solutions into different categories and detail the current challenges yet to overcome. 

Figures, Tables, and Topics from this paper

Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors
TLDR
FP-Inspector, a machine learning based syntactic-semantic approach to accurately detect browser fingerprinting performs well, allowing it to detect 26% more fingerprinting scripts than the state-of-the-art, and an API-level fingerprinting countermeasure is shown to help reduce website breakage.
FPSelect: Low-Cost Browser Fingerprints for Mitigating Dictionary Attacks against Web Authentication Mechanisms
TLDR
This work proposes FPSelect, an attribute selection framework allowing verifiers to tune their browser fingerprinting probes for web authentication, and finds out that in the experimental settings, the framework selects attribute sets of lower usability cost.
Browser Fingerprint Coding Methods Increasing the Effectiveness of User Identification in the Web Traffic
TLDR
New algorithms for coding and comparing fingerprints are presented, in which the values of parameters with low stability and low entropy are especially taken into account.
A Large-scale Empirical Analysis of Browser Fingerprints Properties for Web Authentication
TLDR
This article makes the link between the digital fingerprints that distinguish browsers, and the biological fingerprint that distinguish Humans, to evaluate browser fingerprints according to properties inspired by biometric authentication factors, and concludes that their browser fingerprints carry the promise to strengthen web authentication mechanisms.
Towards the Design of a Covert Channel by Using Web Tracking Technologies
TLDR
The aim is to analyze and design a steganographic system in order to create a covert channel between two communicating peers through the HTTP protocol to provide a mechanism for protecting user privacy by creating hidden communication channels.
BrFAST: a Tool to Select Browser Fingerprinting Attributes for Web Authentication According to a Usability-Security Trade-off
TLDR
BrFAST is an attribute selection platform that includes FPSelect, an algorithm that rigorously selects the attributes according to a trade-off between security and usability, and BrFAST helps visualize the exploration of the possibilities during the search of the best attribute set to use.
After You, Please: Browser Extensions Order Attacks and Countermeasures
TLDR
This paper demonstrates how this order can be exploited by an unprivileged malicious extension to get access to any private information that other extensions have previously introduced and proves soundness and robustness of the approach under reasonable assumptions.
OmniCrawl: Comprehensive Measurement of Web Tracking With Real Desktop and Mobile Browsers
Abstract Over half of all visits to websites now take place in a mobile browser, yet the majority of web privacy studies take the vantage point of desktop browsers, use emulated mobile browsers, or
Towards a Personal Identity Code Respecting Privacy
TLDR
A method to generate (non-cryptographics) identity-based signatures computed from collection of data from user biomet-rics, computer configuration, web browser fingerprinting, data pre-processing, and protection of personal information through generation of a binary code (the authors' signature).
Design and implementation of a stealthy OpenWPM web scraper
  • 2020
OpenWPM [EN16] is a scraper framework designed to take privacy measurements on the web, for example to investigate online tracking. Jonker et al. [JKV19] identified that websites can detect web
...
1
2
3
...

References

SHOWING 1-10 OF 161 REFERENCES
(Cross-)Browser Fingerprinting via OS and Hardware Level Features
TLDR
This paper proposes a browser fingerprinting technique that can track users not only within a single browser but also across different browsers on the same machine, and can achieve higher uniqueness rate than the only cross-browser approach in the literature with similar stability.
Unnecessarily Identifiable: Quantifying the fingerprintability of browser extensions due to bloat
TLDR
To protect users against unnecessary extension fingerprinting due to bloat, the design and implementation of an in-browser mechanism that provides coarse-grained access control for extensions on all websites are described.
Hiding in the Crowd: an Analysis of the Effectiveness of Browser Fingerprinting at Large Scale
TLDR
The key insight is that the percentage of unique fingerprints in the dataset is much lower than what was reported in the past: only 33.6% of fingerprints are unique by opposition to over 80% in previous studies.
XHOUND: Quantifying the Fingerprintability of Browser Extensions
TLDR
It is shown that an extension's organic activity in a page's DOM can be used to infer its presence, and XHound, the first fully automated system for fingerprinting browser extensions is developed, is developed.
Pixel Perfect : Fingerprinting Canvas in HTML 5
TLDR
A new system fingerprint is proposed, inspired by the observation that browser behavior varies depending on the behavior of resources, which is consistent, high-entropy, orthogonal to other fingerprints, transparent to the user, and readily obtainable.
Countering Browser Fingerprinting Techniques: Constructing a Fake Profile with Google Chrome
While Web browsers are fundamental components in the Internet nowadays, the widespread availability of several techniques that can be used to detect the individual browser connected to a server
Web Browser Fingerprinting Using Only Cascading Style Sheets
TLDR
A method of fingerprinting that employs only CSS is proposed and the effectiveness of this method is discussed.
Disguised Chromium Browser: Robust Browser, Flash and Canvas Fingerprinting Protection
TLDR
This work demonstrates the first anti-fingerprinting strategy, which protects against Flash fingerprinting without deactivating it, provides robust and undetectable anti-canvas fingerprinting, and uses a large set of real word data to hide the actual system and browser properties without losing usability.
User Tracking on the Web via Cross-Browser Fingerprinting
TLDR
It is shown that a part of the IP address, the availability of a specific font set, the time zone, and the screen resolution are enough to uniquely identify most users of the five most popular web browsers, and that user agent strings are fairly effective but fragile identifiers of a browser instance.
Morellian Analysis for Browsers: Making Web Authentication Stronger with Canvas Fingerprinting
TLDR
This paper presents the first fingerprinting-based authentication scheme that is not vulnerable to trivial replay attacks, and performs an in-depth analysis of all parameters that can be used to generate canvas challenges, demonstrating that canvas fingerprinting is a suitable mechanism for stronger authentication on the web.
...
1
2
3
4
5
...