Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
97 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
5 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Assessing Web Fingerprinting Risk (2403.15607v1)

Published 22 Mar 2024 in cs.CR and cs.CY

Abstract: Modern Web APIs allow developers to provide extensively customized experiences for website visitors, but the richness of the device information they provide also make them vulnerable to being abused to construct browser fingerprints, device-specific identifiers that enable covert tracking of users even when cookies are disabled. Previous research has established entropy, a measure of information, as the key metric for quantifying fingerprinting risk. However, earlier studies had two major limitations. First, their entropy estimates were based on either a single website or a very small sample of devices. Second, they did not adequately consider correlations among different Web APIs, potentially grossly overestimating their fingerprinting risk. We provide the first study of browser fingerprinting which addresses the limitations of prior work. Our study is based on actual visited pages and Web APIs reported by tens of millions of real Chrome browsers in-the-wild. We accounted for the dependencies and correlations among Web APIs, which is crucial for obtaining more realistic entropy estimates. We also developed a novel experimental design that accurately and efficiently estimates entropy while never observing too much information from any single user. Our results provide an understanding of the distribution of entropy for different website categories, confirm the utility of entropy as a fingerprinting proxy, and offer a method for evaluating browser enhancements which are intended to mitigate fingerprinting.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (29)
  1. The web never forgets: Persistent tracking mechanisms in the wild. In Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, pages 674–689, 2014.
  2. Rohit Agrawal. Finite-sample concentration of the multinomial in relative entropy. IEEE Trans. Inf. Theory, 66(10):6297–6302, 2020.
  3. Fpselect: low-cost browser fingerprints for mitigating dictionary attacks against web authentication mechanisms. In Annual Computer Security Applications Conference, pages 627–642, 2020.
  4. “guess who?” Large-Scale Data-Centric study of the adequacy of browser fingerprints for web authentication. In Innovative Mobile and Internet Services in Ubiquitous Computing, pages 161–172. Springer International Publishing, 2021a.
  5. A large-scale empirical analysis of browser fingerprints properties for web authentication. ACM Transactions on the Web (TWEB), 16(1):1–62, 2021b.
  6. Convergence properties of functional estimates for discrete distributions. Random Structures & Algorithms, 19(3-4):163–193, 2001.
  7. A survey on web tracking: Mechanisms, implications, and defenses. Proceedings of the IEEE, 105(8):1476–1510, 2017.
  8. Optimal algorithms for testing closeness of discrete distributions. In Proceedings of the twenty-fifth annual ACM-SIAM symposium on Discrete algorithms, pages 1193–1203. SIAM, 2014.
  9. C. Chow and C. Liu. Approximating discrete probability distributions with dependence trees. IEEE Transactions on Information Theory, 14(3):462–467, 1968.
  10. Google Chrome. Google Chrome Privacy Notice. https://www.google.com/chrome/privacy/, 2022. Last accessed: 2023-06-28.
  11. Reducing the bandwidth of sparse symmetric matrices. In Proceedings of the 1969 24th national conference, pages 157–172, 1969.
  12. Disconnect. Our new approach to address the rise of fingerprinting, jul 2020. URL https://blog.disconnect.me/our-new-approach-to-address-the-rise-of-fingerprinting/. Invasive fingerprinting list retrieved on 2023-11-06.
  13. Sam Dutton. Topics api overview, aug 2023. URL https://developer.chrome.com/en/docs/privacy-sandbox/topics/overview/.
  14. Peter Eckersley. How unique is your web browser? In Privacy Enhancing Technologies: 10th International Symposium, PETS 2010, Berlin, Germany, July 21-23, 2010. Proceedings 10, pages 1–18. Springer, 2010.
  15. Cluster analysis. John Wiley & Sons, 2011.
  16. Fingerprinting web users through font metrics. In Financial Cryptography and Data Security: 19th International Conference, FC 2015, San Juan, Puerto Rico, January 26-30, 2015, Revised Selected Papers 19, pages 107–124. Springer, 2015.
  17. Browser fingerprinting. Master.
  18. Hiding in the crowd: an analysis of the effectiveness of browser fingerprinting at large scale. In Proceedings of the 2018 world wide web conference, pages 309–318, 2018.
  19. Beauty and the beast: Diverting modern web browsers to build unique browser fingerprints. In 2016 IEEE Symposium on Security and Privacy (SP), pages 878–894. IEEE, 2016.
  20. Browser fingerprinting: A survey. ACM Trans. Web, 14(2):1–33, April 2020.
  21. Who touched my browser fingerprint? a large-scale measurement study and classification of fingerprint dynamics. In Proceedings of the ACM Internet Measurement Conference, pages 370–385, 2020.
  22. João Pedro Figueiredo Correia Rijo Mendes. nophish–anti-phishing system using browser fingerprinting, 2011. https://estagios.dei.uc.pt/cursos/mei/relatorios-de-estagio/?id=279.
  23. Pixel perfect: Fingerprinting canvas in html5. Proceedings of W2SP, 2012, 2012.
  24. Liam Paninski. Estimation of entropy and mutual information. Neural Comput., 15(6):1191–1253, 2003.
  25. Tranco: A research-oriented top sites ranking hardened against manipulation. arXiv preprint arXiv:1806.01156, 2018. Ranking retrieved on 2023-08-25.
  26. Long-term observation on browser fingerprinting: Users’ trackability and perspective. Proc. Priv. Enhancing Technol., 2020(2):558–577, 2020.
  27. Combining features in browser fingerprinting. In Advances on Broadband and Wireless Computing, Communication and Applications, pages 671–681. Springer International Publishing, 2019.
  28. Minimax rates of entropy estimation on large alphabets via best polynomial approximation. IEEE Transactions on Information Theory, 62(6):3702–3720, 2016.
  29. A survey of browser fingerprint research and application. Wireless Communications and Mobile Computing, 2022, 2022.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (6)
  1. Enrico Bacis (2 papers)
  2. Igor Bilogrevic (6 papers)
  3. Robert Busa-Fekete (15 papers)
  4. Asanka Herath (1 paper)
  5. Antonio Sartori (12 papers)
  6. Umar Syed (19 papers)

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now