Uncovering Fingerprinting Networks. An Analysis of In-Browser Tracking
using a Behavior-based Approach
- URL: http://arxiv.org/abs/2210.11300v1
- Date: Mon, 15 Aug 2022 18:06:25 GMT
- Title: Uncovering Fingerprinting Networks. An Analysis of In-Browser Tracking
using a Behavior-based Approach
- Authors: Sebastian Neef
- Abstract summary: This thesis explores the current state of browser fingerprinting on the internet.
We implement FPNET to identify fingerprinting scripts on large sets of websites by observing their behavior.
We track down companies like Google, Yandex, Maxmind, Sift, or FingerprintJS.
- Score: 0.0
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Throughout recent years, the importance of internet-privacy has continuously
risen. [...] Browser fingerprinting is a technique that does not require
cookies or persistent identifiers. It derives a sufficiently unique identifier
from the various browser or device properties. Academic work has covered
offensive and defensive fingerprinting methods for almost a decade, observing a
rise in popularity. This thesis explores the current state of browser
fingerprinting on the internet. For that, we implement FPNET - a scalable &
reliable tool based on FPMON, to identify fingerprinting scripts on large sets
of websites by observing their behavior. By scanning the Alexa Top 10,000
websites, we spot several hundred networks of equally behaving scripts. For
each network, we determine the actor behind it. We track down companies like
Google, Yandex, Maxmind, Sift, or FingerprintJS, to name a few. In three
complementary studies, we further investigate the uncovered networks with
regards to I) randomization of filenames or domains, II) behavior changes, III)
security. Two consecutive scans reveal that only less than 12.5% of the pages
do not change script files. With our behavior-based approach, we successfully
re-identify almost 9,000 scripts whose filename or domain changed, and over 86%
of the scripts without URL changes. The security analysis shows an adoption of
TLS/SSL to over 98% and specific web security headers set for over 30% of the
scripts. Finally, we voice concerns about the unavoidability of modern
fingerprinting and its implications for internet users' privacy since we
believe that many users are unaware of being fingerprinted or have insufficient
possibilities to protect against it.
Related papers
- How Unique is Whose Web Browser? The role of demographics in browser fingerprinting among US users [50.699390248359265]
Browser fingerprinting can be used to identify and track users across the Web, even without cookies.
This technique and resulting privacy risks have been studied for over a decade.
We provide a first-of-its-kind dataset to enable further research.
arXiv Detail & Related papers (2024-10-09T14:51:58Z) - Identified-and-Targeted: The First Early Evidence of the Privacy-Invasive Use of Browser Fingerprinting for Online Tracking [10.98528003128308]
It is imperative to address the mounting concerns regarding the utilization of browser fingerprinting in the realm of online advertising.
This paper introduces a new framework FPTrace'' designed to identify alterations in advertisements resulting from adjustments in browser fingerprinting settings.
Using FPTrace we conduct a large-scale measurement study to identify whether browser fingerprinting is being used for the purpose of user tracking and ad targeting.
arXiv Detail & Related papers (2024-09-24T01:39:16Z) - Unveiling the Digital Fingerprints: Analysis of Internet attacks based on website fingerprints [0.0]
We show that using the newest machine learning algorithms an attacker can deanonymize Tor traffic by applying such techniques.
We capture network packets across 11 days, while users navigate specific web pages, recording data in.pcapng format through the Wireshark network capture tool.
arXiv Detail & Related papers (2024-09-01T18:44:40Z) - Assessing Web Fingerprinting Risk [2.144574168644798]
Browser fingerprints are device-specific identifiers that enable covert tracking of users even when cookies are disabled.
Previous research has established entropy, a measure of information, as the key metric for quantifying fingerprinting risk.
We provide the first study of browser fingerprinting which addresses the limitations of prior work.
arXiv Detail & Related papers (2024-03-22T20:34:41Z) - adF: A Novel System for Measuring Web Fingerprinting through Ads [0.3499870393443268]
adF performs its measurements from code inserted in ads.
We estimate that 66% of desktop devices and 40% of mobile devices can be uniquely fingerprinted with our web fingerprinting system.
To counter web fingerprinting, we propose ShieldF, a simple solution which blocks the reporting by browsers of those attributes.
arXiv Detail & Related papers (2023-11-15T08:30:50Z) - Keep your Identity Small: Privacy-preserving Client-side Fingerprinting [0.0]
Device fingerprinting is a widely used technique that allows a third party to identify a particular device.
One of its most widespread uses is to identify users visiting different websites and thus build their browsing history.
This constitutes a specific type of web tracking that poses a threat to users' privacy.
We propose Privacy-preserving Client-side Fingerprinting (PCF), a new method that allows device fingerprinting on the web, while blocks the possibility of performing web tracking.
arXiv Detail & Related papers (2023-09-14T09:45:29Z) - Hierarchical Perceptual Noise Injection for Social Media Fingerprint
Privacy Protection [106.5308793283895]
fingerprint leakage from social media raises a strong desire for anonymizing shared images.
To guard the fingerprint leakage, adversarial attack emerges as a solution by adding imperceptible perturbations on images.
We propose FingerSafe, a hierarchical perceptual protective noise injection framework to address the mentioned problems.
arXiv Detail & Related papers (2022-08-23T02:20:46Z) - Mobile Behavioral Biometrics for Passive Authentication [65.94403066225384]
This work carries out a comparative analysis of unimodal and multimodal behavioral biometric traits.
Experiments are performed over HuMIdb, one of the largest and most comprehensive freely available mobile user interaction databases.
In our experiments, the most discriminative background sensor is the magnetometer, whereas among touch tasks the best results are achieved with keystroke.
arXiv Detail & Related papers (2022-03-14T17:05:59Z) - Analysis of Longitudinal Changes in Privacy Behavior of Android
Applications [79.71330613821037]
In this paper, we examine the trends in how Android apps have changed over time with respect to privacy.
We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers.
We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
arXiv Detail & Related papers (2021-12-28T16:21:31Z) - TypeNet: Deep Learning Keystroke Biometrics [77.80092630558305]
We introduce TypeNet, a Recurrent Neural Network trained with a moderate number of keystrokes per identity.
With 5 gallery sequences and test sequences of length 50, TypeNet achieves state-of-the-art keystroke biometric authentication performance.
Our experiments demonstrate a moderate increase in error with up to 100,000 subjects, demonstrating the potential of TypeNet to operate at an Internet scale.
arXiv Detail & Related papers (2021-01-14T12:49:09Z) - Keystroke Biometrics in Response to Fake News Propagation in a Global
Pandemic [77.79066811371978]
This work proposes and analyzes the use of keystroke biometrics for content de-anonymization.
Fake news have become a powerful tool to manipulate public opinion, especially during major events.
arXiv Detail & Related papers (2020-05-15T17:56:11Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.