Fingerprinting Browsers in Encrypted Communications

• URL: http://arxiv.org/abs/2410.21101v1
• Date: Mon, 28 Oct 2024 15:06:31 GMT
• Title: Fingerprinting Browsers in Encrypted Communications
• Authors: Sandhya Aneja, Nagender Aneja,
• Abstract summary: The study observed that different browsers use a different number of messages to communicate with the server. It was found that there was a 30%-35% dissimilarity in the behavior of different browsers.
• Score: 0.12209039082584558
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Browser fingerprinting is the identification of a browser through the network traffic captured during communication between the browser and server. This can be done using the HTTP protocol, browser extensions, and other methods. This paper discusses browser fingerprinting using the HTTPS over TLS 1.3 protocol. The study observed that different browsers use a different number of messages to communicate with the server, and the length of messages also varies. To conduct the study, a network was set up using a UTM hypervisor with one virtual machine as the server and another as a VM with a different browser. The communication was captured, and it was found that there was a 30\%-35\% dissimilarity in the behavior of different browsers.

Related papers

• Browser Fingerprinting Using WebAssembly [1.4732811715354452]
  This paper introduces an advanced fingerprinting method using WebAssembly (Wasm)<n>We present a new approach that leverages WebAssembly's computational capabilities to identify returning devices across different browsing sessions.<n>We validate this approach on a variety of platforms, including Intel, AMD, and ARM CPUs, operating systems such as Windows, Android, and iOS, and in environments like VMWare, KVM, and iOS.
  arXiv  Detail & Related papers  (2025-05-31T21:39:17Z)
• User Profiles: The Achilles' Heel of Web Browsers [12.5263811476743]
  We show that, except for the Tor Browser, all modern browsers store sensitive data in home directories with little to no integrity or confidentiality controls. We show that security measures like password and cookie encryption can be easily bypassed. HTTPS can be fully bypassed with the deployment of custom potentially malicious root certificates.
  arXiv  Detail & Related papers  (2025-04-24T16:01:48Z)
• Fingerprinting and Tracing Shadows: The Development and Impact of Browser Fingerprinting on Digital Privacy [55.2480439325792]
  Browser fingerprinting is a growing technique for identifying and tracking users online without traditional methods like cookies. This paper gives an overview by examining the various fingerprinting techniques and analyzes the entropy and uniqueness of the collected data.
  arXiv  Detail & Related papers  (2024-11-18T20:32:31Z)
• Beyond Browsing: API-Based Web Agents [58.39129004543844]
  API-based agents outperform web browsing agents in experiments on WebArena. Hybrid Agents out-perform both others nearly uniformly across tasks. Results strongly suggest that when APIs are available, they present an attractive alternative to relying on web browsing alone.
  arXiv  Detail & Related papers  (2024-10-21T19:46:06Z)
• How Unique is Whose Web Browser? The role of demographics in browser fingerprinting among US users [50.699390248359265]
  Browser fingerprinting can be used to identify and track users across the Web, even without cookies. This technique and resulting privacy risks have been studied for over a decade. We provide a first-of-its-kind dataset to enable further research.
  arXiv  Detail & Related papers  (2024-10-09T14:51:58Z)
• Beyond the Request: Harnessing HTTP Response Headers for Cross-Browser Web Tracker Classification in an Imbalanced Setting [0.0]
  This study endeavors to design effective machine learning classifiers for web tracker detection using binarized HTTP response headers. Ten supervised models were trained on Chrome data and tested across all browsers, including a Chrome dataset from a year later. Results demonstrated high accuracy, F1-score, precision, recall, and minimal log-loss error for Chrome and Firefox, but subpar performance on Brave.
  arXiv  Detail & Related papers  (2024-02-02T09:07:09Z)
• CogAgent: A Visual Language Model for GUI Agents [61.26491779502794]
  We introduce CogAgent, a visual language model (VLM) specializing in GUI understanding and navigation. By utilizing both low-resolution and high-resolution image encoders, CogAgent supports input at a resolution of 1120*1120. CogAgent achieves the state of the art on five text-rich and four general VQA benchmarks, including VQAv2, OK-VQA, Text-VQA, ST-VQA, ChartQA, infoVQA, DocVQA, MM-Vet, and POPE.
  arXiv  Detail & Related papers  (2023-12-14T13:20:57Z)
• UA-Radar: Exploring the Impact of User Agents on the Web [3.8373578956681547]
  In the early days of the web, giving the same web page to different browsers could provide very different results. User Agent (UA) string was introduced for content negotiation. Over the past three decades, the UA string remained exposed by browsers.
  arXiv  Detail & Related papers  (2023-11-17T09:53:32Z)
• Characterizing Browser Fingerprinting and its Mitigations [0.0]
  This work explores one of these tracking techniques: browser fingerprinting. We detail how browser fingerprinting works, how prevalent it is, and what defenses can mitigate it.
  arXiv  Detail & Related papers  (2023-10-12T20:31:24Z)
• Uncovering Fingerprinting Networks. An Analysis of In-Browser Tracking using a Behavior-based Approach [0.0]
  This thesis explores the current state of browser fingerprinting on the internet. We implement FPNET to identify fingerprinting scripts on large sets of websites by observing their behavior. We track down companies like Google, Yandex, Maxmind, Sift, or FingerprintJS.
  arXiv  Detail & Related papers  (2022-08-15T18:06:25Z)
• Quantum Private Information Retrieval for Quantum Messages [71.78056556634196]
  Quantum private information retrieval (QPIR) for quantum messages is the protocol in which a user retrieves one of the multiple quantum states from one or multiple servers without revealing which state is retrieved. We consider QPIR in two different settings: the blind setting, in which the servers contain one copy of the message states, and the visible setting, in which the servers contain the description of the message states.
  arXiv  Detail & Related papers  (2021-01-22T10:28:32Z)
• TypeNet: Deep Learning Keystroke Biometrics [77.80092630558305]
  We introduce TypeNet, a Recurrent Neural Network trained with a moderate number of keystrokes per identity. With 5 gallery sequences and test sequences of length 50, TypeNet achieves state-of-the-art keystroke biometric authentication performance. Our experiments demonstrate a moderate increase in error with up to 100,000 subjects, demonstrating the potential of TypeNet to operate at an Internet scale.
  arXiv  Detail & Related papers  (2021-01-14T12:49:09Z)
• Adaptive Webpage Fingerprinting from TLS Traces [13.009834690757614]
  In webpage fingerprinting, an adversary infers the specific webpage loaded by a victim user by analysing the patterns in the encrypted TLS traffic exchanged between the user's browser and the website's servers. This work studies modern webpage fingerprinting adversaries against the TLS protocol. We introduce a TLS-specific model that: 1) scales to an unprecedented number of target webpages, 2) can accurately classify thousands of classes it never encountered during training, and 3) has low operational costs even in scenarios of frequent page updates.
  arXiv  Detail & Related papers  (2020-10-19T15:13:07Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.