Long-Term Observation on Browser Fingerprinting: Users’ Trackability and Perspective

  • 1 Friedrich-Alexander University Erlangen-Nürnberg,
  • 2 Friedrich-Alexander University Erlangen-Nürnberg,
  • 3 Saarland University,
  • 4 Friedrich-Alexander University Erlangen-Nürnberg,

Abstract

Browser fingerprinting as a tracking technique to recognize users based on their browsers’ unique features or behavior has been known for more than a decade. We present the results of a 3-year online study on browser fingerprinting with more than 1,300 users. This is the first study with ground truth on user level, which allows the assessment of trackability based on fingerprints of multiple browsers and devices per user. Based on our longitudinal observations of 88,000 measurements with over 300 considered browser features, we optimized feature sets for mobile and desktop devices. Further, we conducted two user surveys to determine the representativeness of our user sample based on users’ demographics and technical background, and to learn how users perceive browser fingerprinting and how they protect themselves.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] P. Eckersley, “How unique is your web browser?,” in Privacy Enhancing Technologies, 10th International Symposium, PETS 2010, Berlin, Germany, July 21-23, 2010. Proceedings, pp. 1–18, 2010.

  • [2] H. Tillmann, “Browser fingerprinting - tracking ohne spuren zu hinterlassen,” Master’s thesis, 2013.

  • [3] A. Vastel, P. Laperdrix, W. Rudametkin, and R. Rouvoy, “FP-STALKER: Tracking Browser Fingerprint Evolutions,” in 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21-23 May 2018, San Francisco, California, USA, pp. 728–741, 2018.

  • [4] P. Laperdrix, W. Rudametkin, and B. Baudry, “Beauty and the Beast: Diverting Modern Web Browsers to Build Unique Browser Fingerprints,” in IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 22-26, 2016, pp. 878–894, 2016.

  • [5] A. Gómez-Boix, P. Laperdrix, and B. Baudry, “Hiding in the Crowd: An Analysis of the Effectiveness of Browser Fingerprinting at Large Scale,” in Proceedings of the 2018 World Wide Web Conference on World Wide Web, WWW 2018, Lyon, France, April 23-27, 2018, pp. 309–318, 2018.

  • [6] D. Fifield and S. Egelman, “Fingerprinting Web Users Through Font Metrics,” in Financial Cryptography and Data Security - 19th International Conference, FC 2015, San Juan, Puerto Rico, January 26-30, 2015, Revised Selected Papers, pp. 107–124, 2015.

  • [7] J. R. Mayer, “Any person... a pamphleteer: Internet Anonymity in the Age of Web 2.0,” 2009. Bachelor’s thesis: https://jonathanmayer.org/publications/thesis09.pdf, accessed on August 5, 2019.

  • [8] Y. Cao, S. Li, and E. Wijmans, “(Cross-)Browser Fingerprinting via OS and Hardware Level Features,” in 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017, 2017.

  • [9] A. Cooper, H. Tschofenig, B. Aboba, J. Peterson, J. Morris, M. Hansen and R. Smith, “RFC 6973: Privacy Considerations for Internet Protocols,” 2013. https://tools.ietf.org/html/rfc6973, accessed on August 7, 2019.

  • [10] J. R. Mayer and J. C. Mitchell, “Third-Party Web Tracking: Policy and Technology,” in IEEE Symposium on Security and Privacy, SP 2012, 21-23 May 2012, San Francisco, California, USA, pp. 413–427, 2012.

  • [11] C. Díaz, S. Seys, J. Claessens, and B. Preneel, “Towards Measuring Anonymity,” in Privacy Enhancing Technologies, Second International Workshop, PET 2002, San Francisco, CA, USA, April 14-15, 2002, Revised Papers, pp. 54–68, 2002.

  • [12] P. Laperdrix, B. Baudry, and V. Mishra, “FPRandom: Randomizing Core Browser Objects to Break Advanced Device Fingerprinting Techniques,” in Engineering Secure Software and Systems - 9th International Symposium, ESSoS 2017, Bonn, Germany, July 3-5, 2017, Proceedings, pp. 97–114, 2017.

  • [13] A. Vastel, W. Rudametkin, and R. Rouvoy, “FP-TESTER: Automated Testing of Browser Fingerprint Resilience,” in 2018 IEEE European Symposium on Security and Privacy Workshops, EuroS&P Workshops 2018, London, United Kingdom, April 23-27, 2018, pp. 103–107, 2018.

  • [14] A. Vastel, P. Laperdrix, W. Rudametkin, and R. Rouvoy, “FP-SCANNER: The Privacy Implications of Browser Fingerprint Inconsistencies,” in 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018., pp. 135–150, 2018.

  • [15] P. Kumaraguru and L. F. Cranor, Privacy Indexes: A Survey of Westin’s Studies. 2005.

  • [16] J. B. Lovins, “Development of a Stemming Algorithm,” Mech. Translat. & Comp. Linguistics, vol. 11, no. 1-2, pp. 22–31, 1968.

  • [17] L. Molina, L. Belanche, and A. Nebot, “Feature Selection Algorithms: A Survey and Experimental Evaluation,” in IEEE International Conference on Data Mining, pp. 306–313, 2002.

  • [18] A. C. Cameron and P. K. Trivedi, “Microeconometrics using Stata, revised edition,” StataCorp LP, 2010.

  • [19] M. Schreier, Qualitative Content Analysis in Practice. Sage Publications, 2012.

  • [20] J. Cohen, “A Coefficient of Agreement for Nominal Scales,” Educational and psychological measurement, vol. 20, no. 1, pp. 37–46, 1960.

  • [21] M. Banerjee, M. Capozzoli, L. McSweeney, and D. Sinha, “Beyond Kappa: A Review of Interrater Agreement Measures,” Canadian journal of statistics, vol. 27, no. 1, pp. 3–23, 1999.

  • [22] A. Datta, J. Lu, and M. C. Tschantz, “Evaluating Anti-Fingerprinting Privacy Enhancing Technologies,” in The World Wide Web Conference, WWW 2019, San Francisco, CA, USA, May 13-17, 2019, pp. 351–362, 2019.

OPEN ACCESS

Journal + Issues

Search