FP-STALKER: Tracking Browser Fingerprint Evolutions

Vastel, Antoine; Laperdrix, Pierre; Rudametkin, Walter; Rouvoy, Romain

doi:10.1109/sp.2018.00008

Cited by 68 publications

(73 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The upside of stateless approaches is that they cannot be prevented by deleting third-party cookies. However, they are more error-prone as device-specific attributes tend to change over time [16,52].…”

Section: Online Trackingmentioning

confidence: 99%

Beyond the Front Page:Measuring Third Party Dynamics in the Field

Urban¹,

Degeling

Holz

et al. 2020

Proceedings of the Web Conference 2020

View full text Add to dashboard Cite

In the modern Web, service providers often rely heavily on third parties to run their services. For example, they make use of ad networks to finance their services, externally hosted libraries to develop features quickly, and analytics providers to gain insights into visitor behavior.For security and privacy, website owners need to be aware of the content they provide their users. However, in reality, they often do not know which third parties are embedded, for example, when these third parties request additional content as it is common in real-time ad auctions.In this paper, we present a large-scale measurement study to analyze the magnitude of these new challenges. To better reflect the connectedness of third parties, we measured their relations in a model we call third party trees, which reflects an approximation of the loading dependencies of all third parties embedded into a given website. Using this concept, we show that including a single third party can lead to subsequent requests from up to eight additional services. Furthermore, our findings indicate that the third parties embedded on a page load are not always deterministic, as 50 % of the branches in the third party trees change between repeated visits. In addition, we found that 93 % of the analyzed websites embedded third parties that are located in regions that might not be in line with the current legal framework. Our study also replicates previous work that mostly focused on landing pages of websites. We show that this method is only able to measure a lower bound as subsites show a significant increase of privacy-invasive techniques. For example, our results show an increase of used cookies by about 36 % when crawling websites more deeply.

show abstract

Section: Online Trackingmentioning

confidence: 99%

Beyond the Front Page:Measuring Third Party Dynamics in the Field

Urban¹,

Degeling

Holz

et al. 2020

Proceedings of the Web Conference 2020

View full text Add to dashboard Cite

show abstract

“…Vastel et al recently performed a more extensive study with FP-Stalker [111]. Thanks to browser extensions for Firefox and Chrome, they collected fingerprints daily from volunteers and were able to witness first-hand the different changes a browser fingerprint can go through.…”

Section: Canvas Javascriptmentioning

confidence: 99%

Browser Fingerprinting

Bielova²,

et al. 2020

Self Cite

View full text Add to dashboard Cite

With this paper, we survey the research performed in the domain of browser fingerprinting, while providing an accessible entry point to newcomers in the field. We explain how this technique works and where it stems from. We analyze the related work in detail to understand the composition of modern fingerprints and see how this technique is currently used online. We systematize existing defense solutions into different categories and detail the current challenges yet to overcome.

show abstract

“…Figure 1 depicts an overview of FP-TESTER. We split the short and long term fingerprintability evaluations into two components based on the idea, expressed in previous research [11], [12], [13], that fingerprint tracking requires fingerprints to be both unique and relatively stable over time. In particular, Section III-A evaluates the short-term fingerprintability of an extension, which is related to uniqueness, while Section III-B studies how an extension influences long-term fingerprintability by measuring how uniqueness, randomness and instability affect tracking duration.…”

Section: Related Workmentioning

confidence: 99%

“…FP-TESTER applies changes to all fingerprints in P e so that they appear to originate from browsers with the countermeasure (detailed in Section III-C). Using all fingerprints in P , FP-TESTER executes the 2 linking algorithms from FP-STALKER [13], as well as a new algorithm that leverages inconsistencies revealed by a browser to target it more efficiently. This allows comparing the vulnerability to tracking of browsers from P n (without the extension), to browsers from P e (with the extension).…”

Section: B Long-term Fingerprintability Of Browser Extensionsmentioning

confidence: 99%

FP -TESTER : Automated Testing of Browser Fingerprint Resilience

Vastel

Rudametkin

Rouvoy

2018

2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

Self Cite

View full text Add to dashboard Cite

Despite recent regulations and growing user awareness, undesired browser tracking is increasing. In addition to cookies, browser fingerprinting is a stateless technique that exploits a device's configuration for tracking purposes. In particular, browser fingerprinting builds on attributes made available from Javascript and HTTP headers to create a unique and stable fingerprint. For example, browser plugins have been heavily exploited by state-of-the-art browser fingerprinters as a rich source of entropy. However, as browser vendors abandon plugins in favor of extensions, fingerprinters will adapt. We present FP-TESTER, an approach to automatically test the effectiveness of browser fingerprinting countermeasure extensions. We implement a testing toolkit to be used by developers to reduce browser fingerprintability. While countermeasures aim to hinder tracking by changing or blocking attributes, they may easily introduce subtle side-effects that make browsers more identifiable, rendering the extensions counterproductive. FP-TESTER reports on the side-effects introduced by the countermeasure, as well as how they impact tracking duration from a fingerprinter's point-of-view. To the best of our knowledge, FP-TESTER is the first tool to assist developers in fighting browser fingerprinting and reducing the exposure of end-users to such privacy leaks.

show abstract

FP-STALKER: Tracking Browser Fingerprint Evolutions

Cited by 68 publications

References 18 publications

Beyond the Front Page:Measuring Third Party Dynamics in the Field

Beyond the Front Page:Measuring Third Party Dynamics in the Field

Browser Fingerprinting

FP -TESTER : Automated Testing of Browser Fingerprint Resilience

Contact Info

Product

Resources

About