Assessing Web Fingerprinting Risk
- URL: http://arxiv.org/abs/2403.15607v1
- Date: Fri, 22 Mar 2024 20:34:41 GMT
- Title: Assessing Web Fingerprinting Risk
- Authors: Enrico Bacis, Igor Bilogrevic, Robert Busa-Fekete, Asanka Herath, Antonio Sartori, Umar Syed,
- Abstract summary: Browser fingerprints are device-specific identifiers that enable covert tracking of users even when cookies are disabled.
Previous research has established entropy, a measure of information, as the key metric for quantifying fingerprinting risk.
We provide the first study of browser fingerprinting which addresses the limitations of prior work.
- Score: 2.144574168644798
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Modern Web APIs allow developers to provide extensively customized experiences for website visitors, but the richness of the device information they provide also make them vulnerable to being abused to construct browser fingerprints, device-specific identifiers that enable covert tracking of users even when cookies are disabled. Previous research has established entropy, a measure of information, as the key metric for quantifying fingerprinting risk. However, earlier studies had two major limitations. First, their entropy estimates were based on either a single website or a very small sample of devices. Second, they did not adequately consider correlations among different Web APIs, potentially grossly overestimating their fingerprinting risk. We provide the first study of browser fingerprinting which addresses the limitations of prior work. Our study is based on actual visited pages and Web APIs reported by tens of millions of real Chrome browsers in-the-wild. We accounted for the dependencies and correlations among Web APIs, which is crucial for obtaining more realistic entropy estimates. We also developed a novel experimental design that accurately and efficiently estimates entropy while never observing too much information from any single user. Our results provide an understanding of the distribution of entropy for different website categories, confirm the utility of entropy as a fingerprinting proxy, and offer a method for evaluating browser enhancements which are intended to mitigate fingerprinting.
Related papers
- FP-Fed: Privacy-Preserving Federated Detection of Browser Fingerprinting [10.671588861099323]
Browser fingerprinting provides an attractive alternative to third-party cookies for tracking users across the web.
Previous work proposed several techniques to detect its prevalence and severity.
We present FP-Fed, the first distributed system for browser fingerprinting detection.
arXiv Detail & Related papers (2023-11-28T16:43:17Z) - A Quantitative Information Flow Analysis of the Topics API [0.34952465649465553]
We analyze the re-identification risk for individual Internet users introduced by the Topics API from the perspective of information- and decision-theoretic framework.
Our model allows a theoretical analysis of both privacy and utility aspects of the API and their trade-off, and we show that the Topics API does have better privacy than third-party cookies.
arXiv Detail & Related papers (2023-09-26T08:14:37Z) - Keep your Identity Small: Privacy-preserving Client-side Fingerprinting [0.0]
Device fingerprinting is a widely used technique that allows a third party to identify a particular device.
One of its most widespread uses is to identify users visiting different websites and thus build their browsing history.
This constitutes a specific type of web tracking that poses a threat to users' privacy.
We propose Privacy-preserving Client-side Fingerprinting (PCF), a new method that allows device fingerprinting on the web, while blocks the possibility of performing web tracking.
arXiv Detail & Related papers (2023-09-14T09:45:29Z) - AFR-Net: Attention-Driven Fingerprint Recognition Network [47.87570819350573]
We improve initial studies on the use of vision transformers (ViT) for biometric recognition, including fingerprint recognition.
We propose a realignment strategy using local embeddings extracted from intermediate feature maps within the networks to refine the global embeddings in low certainty situations.
This strategy can be applied as a wrapper to any existing deep learning network (including attention-based, CNN-based, or both) to boost its performance.
arXiv Detail & Related papers (2022-11-25T05:10:39Z) - mPSAuth: Privacy-Preserving and Scalable Authentication for Mobile Web
Applications [0.0]
mPSAuth is an approach for continuously tracking various data sources reflecting user behavior and estimating the likelihood of the current user being legitimate.
We show that mPSAuth can provide high accuracy with low encryption and communication overhead, while the effort for the inference is increased to a tolerable extent.
arXiv Detail & Related papers (2022-10-07T12:49:34Z) - Uncovering Fingerprinting Networks. An Analysis of In-Browser Tracking
using a Behavior-based Approach [0.0]
This thesis explores the current state of browser fingerprinting on the internet.
We implement FPNET to identify fingerprinting scripts on large sets of websites by observing their behavior.
We track down companies like Google, Yandex, Maxmind, Sift, or FingerprintJS.
arXiv Detail & Related papers (2022-08-15T18:06:25Z) - Mobile Behavioral Biometrics for Passive Authentication [65.94403066225384]
This work carries out a comparative analysis of unimodal and multimodal behavioral biometric traits.
Experiments are performed over HuMIdb, one of the largest and most comprehensive freely available mobile user interaction databases.
In our experiments, the most discriminative background sensor is the magnetometer, whereas among touch tasks the best results are achieved with keystroke.
arXiv Detail & Related papers (2022-03-14T17:05:59Z) - Reinforcement Learning on Encrypted Data [58.39270571778521]
We present a preliminary, experimental study of how a DQN agent trained on encrypted states performs in environments with discrete and continuous state spaces.
Our results highlight that the agent is still capable of learning in small state spaces even in presence of non-deterministic encryption, but performance collapses in more complex environments.
arXiv Detail & Related papers (2021-09-16T21:59:37Z) - SIFN: A Sentiment-aware Interactive Fusion Network for Review-based Item
Recommendation [48.1799451277808]
We propose a Sentiment-aware Interactive Fusion Network (SIFN) for review-based item recommendation.
We first encode user/item reviews via BERT and propose a light-weighted sentiment learner to extract semantic features of each review.
Then, we propose a sentiment prediction task that guides the sentiment learner to extract sentiment-aware features via explicit sentiment labels.
arXiv Detail & Related papers (2021-08-18T08:04:38Z) - Responsible Disclosure of Generative Models Using Scalable
Fingerprinting [70.81987741132451]
Deep generative models have achieved a qualitatively new level of performance.
There are concerns on how this technology can be misused to spoof sensors, generate deep fakes, and enable misinformation at scale.
Our work enables a responsible disclosure of such state-of-the-art generative models, that allows researchers and companies to fingerprint their models.
arXiv Detail & Related papers (2020-12-16T03:51:54Z) - Mining Implicit Relevance Feedback from User Behavior for Web Question
Answering [92.45607094299181]
We make the first study to explore the correlation between user behavior and passage relevance.
Our approach significantly improves the accuracy of passage ranking without extra human labeled data.
In practice, this work has proved effective to substantially reduce the human labeling cost for the QA service in a global commercial search engine.
arXiv Detail & Related papers (2020-06-13T07:02:08Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.