Assessing Web Fingerprinting Risk

• URL: http://arxiv.org/abs/2403.15607v1
• Date: Fri, 22 Mar 2024 20:34:41 GMT
• Title: Assessing Web Fingerprinting Risk
• Authors: Enrico Bacis, Igor Bilogrevic, Robert Busa-Fekete, Asanka Herath, Antonio Sartori, Umar Syed,
• Abstract summary: Browser fingerprints are device-specific identifiers that enable covert tracking of users even when cookies are disabled. Previous research has established entropy, a measure of information, as the key metric for quantifying fingerprinting risk. We provide the first study of browser fingerprinting which addresses the limitations of prior work.
• Score: 2.144574168644798
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Modern Web APIs allow developers to provide extensively customized experiences for website visitors, but the richness of the device information they provide also make them vulnerable to being abused to construct browser fingerprints, device-specific identifiers that enable covert tracking of users even when cookies are disabled. Previous research has established entropy, a measure of information, as the key metric for quantifying fingerprinting risk. However, earlier studies had two major limitations. First, their entropy estimates were based on either a single website or a very small sample of devices. Second, they did not adequately consider correlations among different Web APIs, potentially grossly overestimating their fingerprinting risk. We provide the first study of browser fingerprinting which addresses the limitations of prior work. Our study is based on actual visited pages and Web APIs reported by tens of millions of real Chrome browsers in-the-wild. We accounted for the dependencies and correlations among Web APIs, which is crucial for obtaining more realistic entropy estimates. We also developed a novel experimental design that accurately and efficiently estimates entropy while never observing too much information from any single user. Our results provide an understanding of the distribution of entropy for different website categories, confirm the utility of entropy as a fingerprinting proxy, and offer a method for evaluating browser enhancements which are intended to mitigate fingerprinting.

Related papers

• Beyond Browsing: API-Based Web Agents [58.39129004543844]
  API-based agents outperform web browsing agents in experiments on WebArena. Hybrid Agents out-perform both others nearly uniformly across tasks. Results strongly suggest that when APIs are available, they present an attractive alternative to relying on web browsing alone.
  arXiv  Detail & Related papers  (2024-10-21T19:46:06Z)
• How Unique is Whose Web Browser? The role of demographics in browser fingerprinting among US users [50.699390248359265]
  Browser fingerprinting can be used to identify and track users across the Web, even without cookies. This technique and resulting privacy risks have been studied for over a decade. We provide a first-of-its-kind dataset to enable further research.
  arXiv  Detail & Related papers  (2024-10-09T14:51:58Z)
• Identified-and-Targeted: The First Early Evidence of the Privacy-Invasive Use of Browser Fingerprinting for Online Tracking [10.98528003128308]
  It is imperative to address the mounting concerns regarding the utilization of browser fingerprinting in the realm of online advertising. This paper introduces a new framework FPTrace'' designed to identify alterations in advertisements resulting from adjustments in browser fingerprinting settings. Using FPTrace we conduct a large-scale measurement study to identify whether browser fingerprinting is being used for the purpose of user tracking and ad targeting.
  arXiv  Detail & Related papers  (2024-09-24T01:39:16Z)
• Unveiling the Digital Fingerprints: Analysis of Internet attacks based on website fingerprints [0.0]
  We show that using the newest machine learning algorithms an attacker can deanonymize Tor traffic by applying such techniques. We capture network packets across 11 days, while users navigate specific web pages, recording data in.pcapng format through the Wireshark network capture tool.
  arXiv  Detail & Related papers  (2024-09-01T18:44:40Z)
• mPSAuth: Privacy-Preserving and Scalable Authentication for Mobile Web Applications [0.0]
  mPSAuth is an approach for continuously tracking various data sources reflecting user behavior and estimating the likelihood of the current user being legitimate. We show that mPSAuth can provide high accuracy with low encryption and communication overhead, while the effort for the inference is increased to a tolerable extent.
  arXiv  Detail & Related papers  (2022-10-07T12:49:34Z)
• Uncovering Fingerprinting Networks. An Analysis of In-Browser Tracking using a Behavior-based Approach [0.0]
  This thesis explores the current state of browser fingerprinting on the internet. We implement FPNET to identify fingerprinting scripts on large sets of websites by observing their behavior. We track down companies like Google, Yandex, Maxmind, Sift, or FingerprintJS.
  arXiv  Detail & Related papers  (2022-08-15T18:06:25Z)
• Mobile Behavioral Biometrics for Passive Authentication [65.94403066225384]
  This work carries out a comparative analysis of unimodal and multimodal behavioral biometric traits. Experiments are performed over HuMIdb, one of the largest and most comprehensive freely available mobile user interaction databases. In our experiments, the most discriminative background sensor is the magnetometer, whereas among touch tasks the best results are achieved with keystroke.
  arXiv  Detail & Related papers  (2022-03-14T17:05:59Z)
• Reinforcement Learning on Encrypted Data [58.39270571778521]
  We present a preliminary, experimental study of how a DQN agent trained on encrypted states performs in environments with discrete and continuous state spaces. Our results highlight that the agent is still capable of learning in small state spaces even in presence of non-deterministic encryption, but performance collapses in more complex environments.
  arXiv  Detail & Related papers  (2021-09-16T21:59:37Z)
• Responsible Disclosure of Generative Models Using Scalable Fingerprinting [70.81987741132451]
  Deep generative models have achieved a qualitatively new level of performance. There are concerns on how this technology can be misused to spoof sensors, generate deep fakes, and enable misinformation at scale. Our work enables a responsible disclosure of such state-of-the-art generative models, that allows researchers and companies to fingerprint their models.
  arXiv  Detail & Related papers  (2020-12-16T03:51:54Z)
• Mining Implicit Relevance Feedback from User Behavior for Web Question Answering [92.45607094299181]
  We make the first study to explore the correlation between user behavior and passage relevance. Our approach significantly improves the accuracy of passage ranking without extra human labeled data. In practice, this work has proved effective to substantially reduce the human labeling cost for the QA service in a global commercial search engine.
  arXiv  Detail & Related papers  (2020-06-13T07:02:08Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.