Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors

@article{Iqbal2021FingerprintingTF,
  title={Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors},
  author={Umar Iqbal and Steven Englehardt and Zubair Shafiq},
  journal={2021 IEEE Symposium on Security and Privacy (SP)},
  year={2021},
  pages={1143-1161}
}
Browser fingerprinting is an invasive and opaque stateless tracking technique. Browser vendors, academics, and standards bodies have long struggled to provide meaningful protections against browser fingerprinting that are both accurate and do not degrade user experience. We propose FP-Inspector, a machine learning based syntactic-semantic approach to accurately detect browser fingerprinting. We show that FP-Inspector performs well, allowing us to detect 26% more fingerprinting scripts than the… Expand
EssentialFP: Exposing the Essence of Browser Fingerprinting
TLDR
This paper argues that the pattern of gathering information from a wide browser API surface (multiple browser-specific sources) and communicating the information to the network (network sink) captures the essence of fingerprinting, and demonstrates that information flow tracking is an excellent fit for exposing this pattern. Expand
An iterative technique to identify browser fingerprinting scripts
TLDR
This paper proposes a new browser fingerprinting detection technique that relies on both automatic and manual decisions to be both reliable and fast and publicly share the algorithm and implementation to improve the general knowledge on the subject. Expand
A Large-scale Empirical Analysis of Browser Fingerprints Properties for Web Authentication
TLDR
This article makes the link between the digital fingerprints that distinguish browsers, and the biological fingerprint that distinguish Humans, to evaluate browser fingerprints according to properties inspired by biometric authentication factors, and concludes that their browser fingerprints carry the promise to strengthen web authentication mechanisms. Expand
Canvas Deceiver-A New Defense Mechanism Against Canvas Fingerprinting
Browser fingerprinting refers to a collection of techniques used to gather information about a user’s browser attributes. The information gained from a browser fingerprint can be used to partially orExpand
Did I delete my cookies? Cookies respawning with browser fingerprinting
TLDR
This study is the first to detect and measure cookie respawning with browser and machine fingerprinting, and concludes that cookie spawning with browser fingerprinting lacks legal interpretation under the GDPR and the ePrivacy directive, but its use in practice may breach them, thus subjecting it to fines up to 20 million e.g. fines. Expand
A Study of Feasibility and Diversity of Web Audio Fingerprints
TLDR
This systematic study allows browser developers to gauge the degree of privacy invasion presented by audio fingerprinting thus helping them take a more informed stance when designing privacy protection features in the future. Expand
Leaked-Web: Accurate and Efficient Machine Learning-Based Website Fingerprinting Attack through Hardware Performance Counters
  • Han Wang
  • Computer Science
  • ArXiv
  • 2021
TLDR
This work proposes Leaked-Web, a novel accurate and efficient machine learning-based website fingerprinting attack through processor’s Hardware Performance Counters (HPCs), which achieves 91% classification accuracy outperforming the state-of-the-art attacks by nearly 5%. Expand
Machine Learning-Assisted Website Fingerprinting Attacks with Side-Channel Information: A Comprehensive Analysis and Characterization
TLDR
This work presents a comprehensive analysis of state-of-the-art research on applying machine learning techniques on various side-channel features to develop effective website fingerprinting attacks. Expand
SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking
TLDR
SugarCoat is a tool that allows filter list authors to automatically patch JavaScript scripts to restrict their access to sensitive data according to a custom privacy policy, designed to generate resource replacements compatible with existing content blocking tools, including uBlock Origin and the Brave Browser. Expand
The CNAME of the Game: Large-scale Analysis of DNS-based Tracking Evasion
TLDR
A large-scale longitudinal evaluation of an anti-tracking evasion scheme that leverages CNAME records to include tracker resources in a same-site context, which effectively bypasses anti- tracking measures that rely on fixed hostname-based block lists. Expand
...
1
2
...

References

SHOWING 1-10 OF 84 REFERENCES
Hiding in the Crowd: an Analysis of the Effectiveness of Browser Fingerprinting at Large Scale
TLDR
The key insight is that the percentage of unique fingerprints in the dataset is much lower than what was reported in the past: only 33.6% of fingerprints are unique by opposition to over 80% in previous studies. Expand
FP-STALKER: Tracking Browser Fingerprint Evolutions
TLDR
It is shown that browser fingerprints tend to change frequently—from every few hours to days—due to, for example, software updates or configuration changes, yet, despite these frequent changes, it is show thatbrowser fingerprints can still be linked, thus enabling long-term tracking. Expand
XHOUND: Quantifying the Fingerprintability of Browser Extensions
TLDR
It is shown that an extension's organic activity in a page's DOM can be used to infer its presence, and XHound, the first fully automated system for fingerprinting browser extensions is developed, is developed. Expand
FPDetective: dusting the web for fingerprinters
TLDR
The design, implementation and deployment of FPDetective, a framework for the detection and analysis of web-based fingerprinters, are reported on, showing that there needs to be a change in the way users, companies and legislators engage with fingerprinting. Expand
Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies
TLDR
It is demonstrated that FP-SCANNER can also reveal the original value of altered fingerprint attributes, such as the browser or the operating system, and it is believed that this result can be exploited by fingerprinters to more accurately target browsers with countermeasures. Expand
Beyond Cookie Monster Amnesia: Real World Persistent Online Tracking
TLDR
C crawled the 10,000 most popular websites to give insights into the number of websites that are using the technique, which websites are collecting fingerprinting information, and exactly what information is being retrieved. Expand
Fingerprinting Web Users Through Font Metrics
TLDR
It is shown that of the over 125,000 code points examined, it suffices to test only 43 in order to account for all the variation seen in the experiment, andFont metrics, being orthogonal to many other fingerprinting techniques, can augment and sharpen those other techniques. Expand
How Unique Is Your Web Browser?
  • P. Eckersley
  • Computer Science
  • Privacy Enhancing Technologies
  • 2010
TLDR
The degree to which modern web browsers are subject to "device fingerprinting" via the version and configuration information that they will transmit to websites upon request is investigated, and what countermeasures may be appropriate to prevent it is discussed. Expand
(Cross-)Browser Fingerprinting via OS and Hardware Level Features
TLDR
This paper proposes a browser fingerprinting technique that can track users not only within a single browser but also across different browsers on the same machine, and can achieve higher uniqueness rate than the only cross-browser approach in the literature with similar stability. Expand
Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting
TLDR
By analyzing the code of three popular browser-fingerprinting code providers, it is revealed the techniques that allow websites to track users without the need of client-side identifiers and how fragile the browser ecosystem is against fingerprinting through the use of novel browser-identifying techniques. Expand
...
1
2
3
4
5
...