Browser Fingerprinting Using WebAssembly
- URL: http://arxiv.org/abs/2506.00719v1
- Date: Sat, 31 May 2025 21:39:17 GMT
- Title: Browser Fingerprinting Using WebAssembly
- Authors: Mordechai Guri, Dor Fibert,
- Abstract summary: This paper introduces an advanced fingerprinting method using WebAssembly (Wasm)<n>We present a new approach that leverages WebAssembly's computational capabilities to identify returning devices across different browsing sessions.<n>We validate this approach on a variety of platforms, including Intel, AMD, and ARM CPUs, operating systems such as Windows, Android, and iOS, and in environments like VMWare, KVM, and iOS.
- Score: 1.4732811715354452
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Web client fingerprinting has become a widely used technique for uniquely identifying users, browsers, operating systems, and devices with high accuracy. While it is beneficial for applications such as fraud detection and personalized experiences, it also raises privacy concerns by enabling persistent tracking and detailed user profiling. This paper introduces an advanced fingerprinting method using WebAssembly (Wasm) - a low-level programming language that offers near-native execution speed in modern web browsers. With broad support across major browsers and growing adoption, WebAssembly provides a strong foundation for developing more effective fingerprinting methods. In this work, we present a new approach that leverages WebAssembly's computational capabilities to identify returning devices-such as smartphones, tablets, laptops, and desktops across different browsing sessions. Our method uses subtle differences in the WebAssembly JavaScript API implementation to distinguish between Chromium-based browsers like Google Chrome and Microsoft Edge, even when identifiers such as the User-Agent are completely spoofed, achieving a false-positive rate of less than 1%. The fingerprint is generated using a combination of CPU-bound operations, memory tasks, and I/O activities to capture unique browser behaviors. We validate this approach on a variety of platforms, including Intel, AMD, and ARM CPUs, operating systems such as Windows, macOS, Android, and iOS, and in environments like VMWare, KVM, and VirtualBox. Extensive evaluation shows that WebAssembly-based fingerprinting significantly improves identification accuracy. We also propose mitigation strategies to reduce the privacy risks associated with this method, which could be integrated into future browser designs to better protect user privacy.
Related papers
- VPI-Bench: Visual Prompt Injection Attacks for Computer-Use Agents [74.6761188527948]
Computer-Use Agents (CUAs) with full system access pose significant security and privacy risks.<n>We investigate Visual Prompt Injection (VPI) attacks, where malicious instructions are visually embedded within rendered user interfaces.<n>Our empirical study shows that current CUAs and BUAs can be deceived at rates of up to 51% and 100%, respectively, on certain platforms.
arXiv Detail & Related papers (2025-06-03T05:21:50Z) - Beyond the Crawl: Unmasking Browser Fingerprinting in Real User Interactions [9.495142718502072]
Browser fingerprinting is a pervasive online tracking technique used increasingly often for profiling and targeted advertising.<n>Prior research heavily relied on automated web crawls, which inherently struggle to replicate the nuances of human-computer interactions.<n>This paper presents a user study involving 30 participants over 10 weeks, capturing telemetry data from real browsing sessions across 3,000 top-ranked websites.
arXiv Detail & Related papers (2025-02-03T18:43:34Z) - Fingerprinting and Tracing Shadows: The Development and Impact of Browser Fingerprinting on Digital Privacy [55.2480439325792]
Browser fingerprinting is a growing technique for identifying and tracking users online without traditional methods like cookies.
This paper gives an overview by examining the various fingerprinting techniques and analyzes the entropy and uniqueness of the collected data.
arXiv Detail & Related papers (2024-11-18T20:32:31Z) - Beyond Browsing: API-Based Web Agents [58.39129004543844]
API-based agents outperform web browsing agents in experiments on WebArena.<n>Hybrid Agents out-perform both others nearly uniformly across tasks.<n>Results strongly suggest that when APIs are available, they present an attractive alternative to relying on web browsing alone.
arXiv Detail & Related papers (2024-10-21T19:46:06Z) - How Unique is Whose Web Browser? The role of demographics in browser fingerprinting among US users [50.699390248359265]
Browser fingerprinting can be used to identify and track users across the Web, even without cookies.
This technique and resulting privacy risks have been studied for over a decade.
We provide a first-of-its-kind dataset to enable further research.
arXiv Detail & Related papers (2024-10-09T14:51:58Z) - Unveiling the Digital Fingerprints: Analysis of Internet attacks based on website fingerprints [0.0]
We show that using the newest machine learning algorithms an attacker can deanonymize Tor traffic by applying such techniques.
We capture network packets across 11 days, while users navigate specific web pages, recording data in.pcapng format through the Wireshark network capture tool.
arXiv Detail & Related papers (2024-09-01T18:44:40Z) - Dissecting Adversarial Robustness of Multimodal LM Agents [70.2077308846307]
We manually create 200 targeted adversarial tasks and evaluation scripts in a realistic threat model on top of VisualWebArena.<n>We find that we can successfully break latest agents that use black-box frontier LMs, including those that perform reflection and tree search.<n>We also use ARE to rigorously evaluate how the robustness changes as new components are added.
arXiv Detail & Related papers (2024-06-18T17:32:48Z) - AutoScraper: A Progressive Understanding Web Agent for Web Scraper Generation [54.17246674188208]
Web scraping is a powerful technique that extracts data from websites, enabling automated data collection, enhancing data analysis capabilities, and minimizing manual data entry efforts.
Existing methods, wrappers-based methods suffer from limited adaptability and scalability when faced with a new website.
We introduce the paradigm of generating web scrapers with large language models (LLMs) and propose AutoScraper, a two-stage framework that can handle diverse and changing web environments more efficiently.
arXiv Detail & Related papers (2024-04-19T09:59:44Z) - Assessing Web Fingerprinting Risk [2.144574168644798]
Browser fingerprints are device-specific identifiers that enable covert tracking of users even when cookies are disabled.
Previous research has established entropy, a measure of information, as the key metric for quantifying fingerprinting risk.
We provide the first study of browser fingerprinting which addresses the limitations of prior work.
arXiv Detail & Related papers (2024-03-22T20:34:41Z) - adF: A Novel System for Measuring Web Fingerprinting through Ads [0.3499870393443268]
adF performs its measurements from code inserted in ads.
We estimate that 66% of desktop devices and 40% of mobile devices can be uniquely fingerprinted with our web fingerprinting system.
To counter web fingerprinting, we propose ShieldF, a simple solution which blocks the reporting by browsers of those attributes.
arXiv Detail & Related papers (2023-11-15T08:30:50Z) - Keep your Identity Small: Privacy-preserving Client-side Fingerprinting [0.0]
Device fingerprinting is a widely used technique that allows a third party to identify a particular device.
One of its most widespread uses is to identify users visiting different websites and thus build their browsing history.
This constitutes a specific type of web tracking that poses a threat to users' privacy.
We propose Privacy-preserving Client-side Fingerprinting (PCF), a new method that allows device fingerprinting on the web, while blocks the possibility of performing web tracking.
arXiv Detail & Related papers (2023-09-14T09:45:29Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.