Remote Physical Device Fingerprinting
IEEE Transactions on Dependable and Secure Computing
Generating a privacy footprint on the internet
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Hot or not: revealing hidden services by their clock skew
Proceedings of the 13th ACM conference on Computer and communications security
Digital camera identification from sensor pattern noise
IEEE Transactions on Information Forensics and Security
Proceedings of the 17th ACM conference on Computer and communications security
Pay as you browse: microcomputations as micropayments in web-based services
Proceedings of the 20th international conference on World wide web
Experiences from Netalyzr with engaging users in end-system measurement
Proceedings of the first ACM SIGCOMM workshop on Measurements up the stack
Putting out a HIT: crowdsourcing malware installs
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
How unique and traceable are usernames?
PETS'11 Proceedings of the 11th international conference on Privacy enhancing technologies
Symbolic finite state transducers: algorithms and applications
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Overcoming browser cookie churn with clustering
Proceedings of the fifth ACM international conference on Web search and data mining
SessionJuggler: secure web login from an untrusted terminal using session hijacking
Proceedings of the 21st international conference on World Wide Web
Detecting and defending against third-party tracking on the web
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
Review: A survey on solutions and main free tools for privacy enhancing Web communications
Journal of Network and Computer Applications
User tracking on the web via cross-browser fingerprinting
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Tracking the trackers: fast and scalable dynamic analysis of web content for privacy violations
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Exploring the ecosystem of referrer-anonymizing services
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
Use fewer instances of the letter "i": toward writing style anonymization
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
Privacy-preserving social plugins
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Functional privacy or why cookies are better with milk
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Experience with heterogenous clock-skew based device fingerprinting
Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
Babel: a secure computer is a polyglot
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Dissent in numbers: making strong anonymity scale
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Detecting price and search discrimination on the internet
Proceedings of the 11th ACM Workshop on Hot Topics in Networks
Fathom: a browser-based network measurement platform
Proceedings of the 2012 ACM conference on Internet measurement conference
Predicting student exam's scores by analyzing social network data
AMT'12 Proceedings of the 8th international conference on Active Media Technology
A formal approach for inspecting privacy and trust in advanced electronic services
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
NetGator: malware detection using program interactive challenges
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Expressive privacy control with pseudonyms
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
POSTER: Performance signatures of mobile phone browsers
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Users get routed: traffic correlation on tor by realistic adversaries
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
FPDetective: dusting the web for fingerprinters
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Improved website fingerprinting on Tor
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Privacy awareness about information leakage: who knows what about me?
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
k-subscription: privacy-preserving microblogging browsing through obfuscation
Proceedings of the 29th Annual Computer Security Applications Conference
Stranger danger: exploring the ecosystem of ad-based URL shortening services
Proceedings of the 23rd international conference on World wide web
Hi-index | 0.00 |
We investigate the degree to which modern web browsers are subject to "device fingerprinting" via the version and configuration information that they will transmit to websites upon request. We implemented one possible fingerprinting algorithm, and collected these fingerprints from a large sample of browsers that visited our test side, panopticlick.eff.org. We observe that the distribution of our fingerprint contains at least 18.1 bits of entropy, meaning that if we pick a browser at random, at best we expect that only one in 286,777 other browsers will share its fingerprint. Among browsers that support Flash or Java, the situation is worse, with the average browser carrying at least 18.8 bits of identifying information. 94.2% of browsers with Flash or Java were unique in our sample. By observing returning visitors, we estimate how rapidly browser fingerprints might change over time. In our sample, fingerprints changed quite rapidly, but even a simple heuristic was usually able to guess when a fingerprint was an "upgraded" version of a previously observed browser's fingerprint, with 99.1% of guesses correct and a false positive rate of only 0.86%. We discuss what privacy threat browser fingerprinting poses in practice, and what countermeasures may be appropriate to prevent it. There is a tradeoff between protection against fingerprintability and certain kinds of debuggability, which in current browsers is weighted heavily against privacy. Paradoxically, anti-fingerprinting privacy technologies can be self-defeating if they are not used by a sufficient number of people; we show that some privacy measures currently fall victim to this paradox, but others do not.