Advertisement

Not All Browsers are Created Equal: Comparing Web Browser Fingerprintability

  • Nasser Mohammed Al-FannahEmail author
  • Wanpeng Li
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10418)

Abstract

Browsers and their users can be tracked even in the absence of a persistent IP address or cookie. Unique and hence identifying pieces of information, making up what is known as a fingerprint, can be collected from browsers by a visited website, e.g. using JavaScript. However, browsers vary in precisely what information they make available, and hence their fingerprintability may also vary. In this paper, we report on the results of experiments examining the fingerprintable attributes made available by a range of modern browsers. We tested the most widely used browsers for both desktop and mobile platforms. The results reveal significant differences between browsers in terms of their fingerprinting potential, meaning that the choice of browser has significant privacy implications.

Notes

Acknowledgments

We would like to thank Professor Chris Mitchell for his guidance, encouragement and advice. The second author was supported by the EPSRC, grant number EP/N028554/1.

References

  1. 1.
    Acar, G., Eubank, C., Englehardt, S., Juárez, M., Narayanan, A., Díaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: Ahn, G., Yung, M., Li, N. (eds.) Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, 3–7 November, 2014, pp. 674–689. ACM (2014). http://doi.acm.org/10.1145/2660267.2660347
  2. 2.
    Acar, G., Juárez, M., Nikiforakis, N., Díaz, C., Gürses, S.F., Piessens, F., Preneel, B.: Fpdetective: dusting the web for fingerprinters. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, Germany, 4–8 November 2013, pp. 1129–1140. ACM (2013). http://doi.acm.org/10.1145/2508859.2516674
  3. 3.
    Alaca, F., van Oorschot, P.C.: Device fingerprinting for augmenting web authentication: classification and analysis of methods. In: Schwab, S., Robertson, W.K., Balzarotti, D. (eds.) Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016, Los Angeles, CA, USA, 5–9 December, 2016, pp. 289–301. ACM (2016). http://dl.acm.org/citation.cfm?id=2991091
  4. 4.
    Cao, Y., Li, S., Wijmans, E.: (cross-)browser fingerprinting via os and hardware level features. In: 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, 26 February - 1. The Internet Society (2017). http://yinzhicao.org/TrackingFree/crossbrowsertracking_NDSS17.pdf
  5. 5.
    Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14527-8_1 CrossRefGoogle Scholar
  6. 6.
    Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 1388–1401. ACM (2016). http://doi.acm.org/10.1145/2976749.2978313
  7. 7.
    Fifield, D., Egelman, S.: Fingerprinting web users through font metrics. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 107–124. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-47854-7_7 CrossRefGoogle Scholar
  8. 8.
    Fiore, U., Castiglione, A., Santis, A.D., Palmieri, F.: Countering browser fingerprinting techniques: constructing a fake profile with google chrome. In: Barolli, L., Xhafa, F., Takizawa, M., Enokido, T., Castiglione, A., Santis, A.D. (eds.) 17th International Conference on Network-Based Information Systems, NBiS 2014, Salerno, Italy, 10–12 September 2014, pp. 355–360. IEEE Computer Society (2014). http://dx.doi.org/10.1109/NBiS.2014.102
  9. 9.
    Jakus, G., Jekovec, M., Tomažič, S., Sodnik, J.: New technologies for web development. Elektrotehniški vestnik 77(5), 273–280 (2010)Google Scholar
  10. 10.
    Laperdrix, P., Rudametkin, W., Baudry, B.: Beauty and the beast: diverting modern web browsers to build unique browser fingerprints. In: IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, 22–26 May 2016, pp. 878–894. IEEE Computer Society (2016). http://dx.doi.org/10.1109/SP.2016.57
  11. 11.
    Mowery, K., Shacham, H.: Pixel perfect: fingerprinting canvas in HTML5. In: Fredrikson, M. (ed.) Proceedings of W2SP 2012. IEEE Computer Society, May 2012Google Scholar
  12. 12.
    Nikiforakis, N., Joosen, W., Livshits, B.: Privaricator: deceiving fingerprinters with little white lies. In: Proceedings of the 24th International Conference on World Wide Web, WWW 2015, Florence, Italy, 18–22 May 2015, pp. 820–830. ACM Press (2015). http://doi.acm.org/10.1145/2736277.2741090
  13. 13.
    Nikiforakis, N., Kapravelos, A., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: Cookieless monster: exploring the ecosystem of web-based device fingerprinting. In: 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, 19–22 May, 2013, pp. 541–555. IEEE Computer Society (2013). http://dx.doi.org/10.1109/SP.2013.43
  14. 14.
    Olejnik, Ł., Acar, G., Castelluccia, C., Diaz, C.: The leaking battery — a privacy analysis of the HTML5 battery status API. In: Garcia-Alfaro, J., Navarro-Arribas, G., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA -2015. LNCS, vol. 9481, pp. 254–263. Springer, Cham (2016). doi: 10.1007/978-3-319-29883-2_18 CrossRefGoogle Scholar
  15. 15.
    Perta, V.C., Barbera, M.V., Tyson, G., Haddadi, H., Mei, A.: A glance through the VPN looking glass: Ipv6 leakage and DNS hijacking in commercial VPN clients. PoPETs 2015(1), 77–91 (2015). http://www.degruyter.com/view/j/popets.2015.1.issue-1/popets-2015-0006/popets-2015-0006.xml

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Information Security GroupRoyal Holloway, University of LondonEghamUK
  2. 2.School of Mathematics, Computer Science and Engineering, CityUniversity of LondonLondonUK

Personalised recommendations