Nasser Mohammed Al-Fannah scite author profile

Mitchell

2018

Browser fingerprinting is a relatively new method of uniquely identifying browsers that can be used to track web users. In some ways it is more privacy-threatening than tracking via cookies, as users have no direct control over it. A number of authors have considered the wide variety of techniques that can be used to fingerprint browsers; however, relatively little information is available on how widespread browser fingerprinting is, and what information is collected to create these fingerprints in the real world. To help address this gap, we crawled the 10,000 most popular websites; this gave insights into the number of websites that are using the technique, which websites are collecting fingerprinting information, and exactly what information is being retrieved. We found that approximately 69% of websites are, potentially, involved in first-party or third-party browser fingerprinting. We further found that third-party browser fingerprinting, which is potentially more privacy-damaging, appears to be predominant in practice. We also describe FingerprintAlert, a freely available browser extension we developed that detects and, optionally, blocks fingerprinting attempts by visited websites.1 Some browser attributes change over time (e.g. browser version) but uniquely identifying browsers is usually still possible [41], and uniquely identifying the hosting platform is also possible if a different browser is used [8].2 The most commonly used browser data was retrieved from https://www. netmarketshare.com/browser-market-share.aspx [accessed on 01/07/2018].3 Firefox has a limited set of options to thwart fingerprinting.

Not All Browsers are Created Equal: Comparing Web Browser Fingerprintability

2017

Browsers and their users can be tracked even in the absence of a persistent IP address or cookie. Unique and hence identifying pieces of information, making up what is known as a fingerprint, can be collected from browsers by a visited website, e.g. using JavaScript. However, browsers vary in precisely what information they make available, and hence their fingerprintability may also vary. In this paper, we report on the results of experiments examining the fingerprintable attributes made available by a range of modern browsers. We tested the most widely used browsers for both desktop and mobile platforms. The results reveal significant differences between browsers in terms of their fingerprinting potential, meaning that the choice of browser has significant privacy implications.

One leak will sink a ship: WebRTC IP address leaks

2017

The introduction of the WebRTC API to modern browsers has brought about a new threat to user privacy. This API causes a range of client IP addresses to become available to a visited website via JavaScript even if a VPN is in use. This a potentially serious problem for users utilizing VPN services for anonymity. In order to better understand the magnitude of this issue, we tested widely used browsers and VPN services to discover which client IP addresses can be revealed and in what circumstances. In most cases, at least one of the client addresses is leaked. The number and type of leaked IP addresses are affected by the choices of browser and VPN service, meaning that privacy-sensitive users should choose their browser and their VPN provider with care. We conclude by proposing countermeasures which can be used to help mitigate this issue.

Making defeating CAPTCHAs harder for bots

2017

Not All Browsers Are Created Equal: Comparing Web Browser Fingerprintability

2017

Preprint