Abstract
The rich programming interfaces (APIs) provided by web browsers can be diverted to collect a browser fingerprint. A small number of queries on these interfaces are sufficient to build a fingerprint that is statistically unique and very stable over time. Consequently, the fingerprint can be used to track users. Our work aims at mitigating the risk of browser fingerprinting for users privacy by ‘breaking’ the stability of a fingerprint over time. We add randomness in the computation of selected browser functions, in order to have them deliver slightly different answers for each browsing session. Randomization is possible thanks to the following properties of browsers implementations: (i) some functions have a nondeterministic specification, but a deterministic implementation; (ii) multimedia functions can be slightly altered without deteriorating user’s perception. We present FPRandom, a modified version of Firefox that adds randomness to mitigate the most recent fingerprinting algorithms, namely canvas fingerprinting, AudioContext fingerprinting and the unmasking of browsers through the order of JavaScript properties. We evaluate the effectiveness of FPRandom by testing it against known fingerprinting tests. We also conduct a user study and evaluate the performance overhead of randomization to determine the impact on the user experience.
The stamp on the top of this paper refers to an approval process conducted by the ESSoS artifact evaluation committee chaired by Karim Ali and Omer Tripp.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
References
Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS 2014). ACM (2014)
Acar, G., Juarez, M., Nikiforakis, N., Diaz, C., Gürses, S., Piessens, F., Preneel, B.: FPDetective: dusting the web for fingerprinters. In: Proceedings of the Conference on Computer and Communications Security (CCS), pp. 1129–1140. ACM (2013)
Alexa: The top 500 sites on the web. http://www.alexa.com/topsites
Benchmarks for the WebAudio API. https://github.com/padenot/webaudio-benchmark
Boda, K., Földes, Á.M., Gulyás, G.G., Imre, S.: User tracking on the web via cross-browser fingerprinting. In: Laud, P. (ed.) NordSec 2011. LNCS, vol. 7161, pp. 31–46. Springer, Heidelberg (2012). doi:10.1007/978-3-642-29615-4_4
Disconnect’s official webpage. https://disconnect.me/
ECMAScript® 2016 Language Specification. http://www.ecma-international.org/ecma-262/7.0/index.html
Englehardt, S., Narayanan, A.: Online tracking: A 1-million-site measurement and analysis. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1388–1401. ACM, New York (2016)
fingerprintjs2, modern and flexible browser fingerprinting library, a successor to the original fingerprintjs. https://github.com/Valve/fingerprintjs2
Ghostery’s browser extension. https://ghostery.com/our-solutions/ghostery-browser-extension/
Introducing the JetStream Benchmark Suite. https://webkit.org/blog/3418/introducing-the-jetstream-benchmark-suite/
JetStream benchmark. http://browserbench.org/JetStream/
Laperdrix, P., Rudametkin, W., Baudry, B.: Mitigating browser fingerprint tracking: multi-level reconfiguration and diversification. In: 10th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2015), Firenze, Italy, May 2015
Laperdrix, P., Rudametkin, W., Baudry, B.: Beauty and the beast: diverting modern web browsers to build unique browser fingerprints. In: 37th IEEE Symposium on Security and Privacy (S&P 2016) (2016)
Maxmind’s Device Tracking Add-on for minFraud Services. http://dev.maxmind.com/minfraud/device/
Mowery, K., Shacham, H.: Pixel perfect: fingerprinting canvas in HTML5. In: Fredrikson, M. (ed.) Proceedings of W2SP 2012. IEEE Computer Society, May 2012
Nikiforakis, N., Joosen, W., Livshits, B.: Privaricator: deceiving fingerprinters with little white lies. In: Proceedings of the 24th International Conference on World Wide Web, pp. 820–830. International World Wide Web Conferences Steering Committee (2015)
Nikiforakis, N., Kapravelos, A., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: Cookieless monster: exploring the ecosystem of web-based device fingerprinting. In: Proceedings of the Symposium on Security and Privacy, pp. 541–555 (2013)
NoScript’s official webpage. https://noscript.net/
Olejnik, L., Acar, G., Castelluccia, C., Daz, C.: The leaking battery: a privacy analysis of the HTML5 battery status API. IACR Cryptology ePrint Archive, 2015:616 (2015)
Olejnik, L., Janc, A.: Stealing sensitive browser data with the W3C Ambient Light Sensor API. https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
Wrong order in object properties interation - V8 bug tracker. https://bugs.chromium.org/p/v8/issues/detail?id=164
High Resolution Time Level 2 (JavaScript Performance API). https://www.w3.org/TR/hr-time/#dom-domhighrestimestamp
The Design and Implementation of the Tor Browser - Cross-Origin Fingerprinting Unlinkability. https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
Torres, C.F., Jonker, H., Mauw, S.: FP-Block: usable web privacy by controlling browser fingerprinting. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 3–19. Springer, Cham (2015). doi:10.1007/978-3-319-24177-7_1
Tor bug tracker - math routines are OS fingerprintable. https://trac.torproject.org/projects/tor/ticket/13018
Codepage layout - ISO/IEC 8859-1. https://en.wikipedia.org/wiki/ISO/IEC_8859-1#Codepage_layout
Cao, S.L.Y., Wijmans, E.: (Cross-)browser fingerprinting via OS and hardware level features. In: Proceedings of the 2017 Network and Distributed System Security Symposium, NDSS 2017 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Analyzing Differences in the AudioContext API
In order to have a better understanding of the diversity of audio fingerprints on the web, we deployed the AudioContext script found by Englehardt et al. on the AmIUnique.org website (used in our Beauty and the Beast study [14]). After discarding more than 1,000 fingerprints from browsers that did not implement the AudioContext API, we collected in total 19,468 audio fingerprints on a period of 100 days between June and September 2016. The results of this study can be found in Table 3. We use the Shannon entropy in bits to better represent the probability distribution of each of the attributes. The higher the entropy is, the more diversity is exhibited between devices.
Most of the collected attributes have a single value and do not provide any ground to distinguish one device from another. From the collected audio fingerprints, only 3 attributes have an entropy superior to a single bit:
-
acSampleRate is the default sample rate of a created track when using the AudioContext API. The most common values are 44,1 kHz (49,0% of collected fingerprints) and 48 kHz (48,5%) but some browsers still present some unusual ones (1,7% have 192 kHz and 0,7% 96 kHz).
-
audioDynSum is the sum of 500 frames generated by a very specific audio processing (compressed audio from an oscillator). The precision of each frame is up to 15 decimal digits. The large majority of values are really close to each other with differences only appearing from the 6th or 7th decimal digit.
-
audioDynHash is similar to audioDynSum as it takes the exact same output but it covers the entirety of the rendered track instead of a few hundreds frames. As it covers a larger space, the entropy is a little higher and this test exhibits more diversity than all other collected attributes.
With these results, we decided to focus only on the differences created by the audio processing performed inside audio nodes. Especially, we want to introduce random noise in the computed frames so that each run of the same test produces different variations. Other values like the default sample rate are still interesting to change but they can easily be modified and they are not the focus of this work.
B Example of String Comparison When Ordering JavaScript Properties
Figure 5 illustrates the comparison mechanism between the appVersion and the appName strings. The engine starts with the ‘a’ letter on both strings. Translating this letter to their corresponding Latin-1 code points yields the decimal numbers ‘97’. Subtracting 97 from 97 results in 0. As no difference is detected, the engine continues but faces the exact same result for both the second and third characters in each string as they are identical ‘p’ letters. However, the behavior is different from the fourth character. The first string presents a ‘V’ and the second an ‘N’. Translating to their decimal code points yields ‘86’ and ‘78’. This time, since the subtraction \(86-78=8\) does not give a zero, it informs the engine that a difference has been detected. As the result is positive, appName is placed before appVersion. If the result of the subtraction were to be negative, it would have been the opposite order.
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Laperdrix, P., Baudry, B., Mishra, V. (2017). FPRandom: Randomizing Core Browser Objects to Break Advanced Device Fingerprinting Techniques. In: Bodden, E., Payer, M., Athanasopoulos, E. (eds) Engineering Secure Software and Systems. ESSoS 2017. Lecture Notes in Computer Science(), vol 10379. Springer, Cham. https://doi.org/10.1007/978-3-319-62105-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-62105-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-62104-3
Online ISBN: 978-3-319-62105-0
eBook Packages: Computer ScienceComputer Science (R0)