FPFlow: Detect and Prevent Browser Fingerprinting with Dynamic Taint Analysis

Li, Tianyi; Zheng, Xiaofeng; Shen, Kaiwen; Han, Xiao

doi:10.1007/978-981-16-9229-1_4

Cited by 3 publications

(4 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[40] If the script initiates a web request that delivers contamination (fingerprint), DTA can block this request. Li et al developed FPFlow [48], which monitors taint propagation in JavaScript objects during web page visits and intercepts related requests. Research using FPFlow confirmed that 66.6% of the top 10,000 websites on Tranco use fingerprinting.…”

Section: Javascript Dynamic Taint Analysismentioning

confidence: 99%

“…FPFlow [48] JavaScript Taint Analysis FPFlow checks for taint propagation between JavaScript objects in scripts during web page visits and intercepts requests.…”

Section: Fp-inspector [38]mentioning

confidence: 99%

“…To this end, we surveyed the characteristics of the most commonly used browsers, including Brave Browser, Chrome, Edge, Firefox, Opera, Samsung Internet, Safari, and Tor Browser. Additionally, we conducted literature research on tracking measurement tools such as FourthParty [49], FPDetective [18], OpenWPM [30], FP-Crawler [67], FP-Radar [20], and OmniCrawl [23], as well as studies on tracking prevention tools and solutions such as FP-Guard, UniGL [68], AdGraph [39], WebGraph [61], and FPFlow [48], which are web tracking mechanisms. We systematically analyze and compare defense approaches to provide an overview of the current anti-tracking ecosystem.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Tracking the Web Tracking: Methods, Countermeasures, and Future Directions

Sim,

Heo,

Cho

2023

Preprint

View full text Add to dashboard Cite

A hidden shadow world that tracks Internet users' behaviors lies behind everyday websites. Web tracking analyzes online behaviors based on collected data and provides content that may interest the user. Web tracking collects vast amounts of data for various purposes, from sensitive personal information to trivial information such as settings and preferred information types, including the user's IP address, device, and search history. Although web tracking is largely a legitimate technology, there is a steady increase in illegal user tracking, data leakage, and illegal sale of data. Therefore, the need for techniques capable of detecting and preventing web trackers is becoming more important. This paper introduces a general description of web tracking technology, related research, and a website measurement tool that can identify web-based tracking. It also introduces techniques for preventing web tracking and discusses future research directions.

show abstract

Section: Javascript Dynamic Taint Analysismentioning

confidence: 99%

“…FPFlow [48] JavaScript Taint Analysis FPFlow checks for taint propagation between JavaScript objects in scripts during web page visits and intercepts requests.…”

Section: Fp-inspector [38]mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Tracking the Web Tracking: Methods, Countermeasures, and Future Directions

Sim,

Heo,

Cho

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…There is a growing body of work exploring browser fingerprinting [51] and the ways it can be augmented by the virtually-unlimited combinations of potentially installed extensions [12,17,50]. Additionally, much work has been conducted on devising defensive and mitigatory measures [7,9,14,15,22,25,31,49]. Finally, literature has focused on the utilisation of fingerprinting as a tool for streamlining user authentication [1,37,38], although, some have highlighted the security limitations of such methods [26,27].…”

Section: Browser Fingerprintingmentioning

confidence: 99%

From Manifest V2 to V3: A Study on the Discoverability of Chrome Extensions

Bucci,

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Browser extensions allow users to customise and improve their web browsing experience. The Manifest protocol was introduced to mitigate the risk of accidental vulnerabilities in extensions, introduced by inexperienced developers. In Manifest V2, the introduction of webaccessible resources (WARs) limited the exposure of extension files to web pages, thereby reducing the potential for exploitation by malicious actors, which was a significant risk in the previous unrestricted access model. Building on this, Manifest V3 coupled WARs with match patterns, allowing extension developers to precisely define which websites can interact with their extensions, thereby limiting unintended exposures and reducing potential privacy risks associated with websites detecting user-installed extensions. In this paper, we investigate the impact of Manifest V3 on WAR-enabled extension discovery by providing an empirical study of the Chrome Web Store. We collected and analysed 108,416 extensions and found that Manifest V3 produces a relative reduction in WAR detectability ranging between 4% and 10%, with popular extensions exhibiting a higher impact. Additionally, our study revealed that 30.78% of extensions already transitioned to Manifest V3. Finally, we implemented X-Probe, a live demonstrator showcasing WAR-enabled discovery. Our evaluation shows that our demonstrator can detect 22.74% of Manifest V2 and 18.3% of Manifest V3 extensions. Moreover, within the 1000 most popular extensions, the detection rates rise to a substantial 58.07% and 47.61%, respectively. In conclusion, our research shows that developers commonly associate broad match patterns to their WARs either because of poor security practices, or due to the inherent functional requirements of their extensions.

show abstract

Combating Web Tracking: Analyzing Web Tracking Technologies for User Privacy

Sim,

Heo,

Cho

2024

Future Internet

View full text Add to dashboard Cite

Behind everyday websites, a hidden shadow world tracks the behavior of Internet users. Web tracking analyzes online activity based on collected data and delivers content tailored to users’ interests. It gathers vast amounts of information for various purposes, ranging from sensitive personal data to seemingly minor details such as IP addresses, devices, browsing histories, settings, and preferences. While Web tracking is largely a legitimate technology, the increase in illegal user tracking, data breaches, and the unlawful sale of data has become a growing concern. As a result, the demand for technologies that can detect and prevent Web trackers is more important than ever. This paper provides an overview of Web tracking technologies, relevant research, and website measurement tools designed to identify web-based tracking. It also explores technologies for preventing Web tracking and discusses potential directions for future research.

show abstract

FPFlow: Detect and Prevent Browser Fingerprinting with Dynamic Taint Analysis

Cited by 3 publications

References 24 publications

Tracking the Web Tracking: Methods, Countermeasures, and Future Directions

Tracking the Web Tracking: Methods, Countermeasures, and Future Directions

From Manifest V2 to V3: A Study on the Discoverability of Chrome Extensions

Combating Web Tracking: Analyzing Web Tracking Technologies for User Privacy

Contact Info

Product

Resources

About