FPDetective: dusting the web for fingerprinters

Authors:
Gunes Acar;Marc Juarez;Nick Nikiforakis;Claudia Diaz;Seda Gürses;Frank Piessens;Bart Preneel
Affiliations:
COSIC, iMinds, KU Leuven, Leuven, Belgium;IIIA-CSIC & COSIC, iMinds, KU Leuven, Bellaterra, Spain;iMinds-DistriNet, KU Leuven, Leuven, Belgium;COSIC, iMinds, KU Leuven, Leuven, Belgium;COSIC, iMinds, KU Leuven & New York University, Leuven, Belgium;iMinds-DistriNet, KU Leuven, Leuven, Belgium;COSIC, iMinds, KU Leuven, Leuven, Belgium
Venue:
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Year:
2013

Citing 10
Cited 0

The Sybil Attack

IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Hiding Routing Information

Proceedings of the First International Workshop on Information Hiding
Remote Physical Device Fingerprinting

IEEE Transactions on Dependable and Secure Computing
Tor: the second-generation onion router

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
An empirical study of privacy-violating information flows in JavaScript web applications

Proceedings of the 17th ACM conference on Computer and communications security
How unique is your web browser?

PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
Escape from monkey island: evading high-interaction honeyclients

DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Third-Party Web Tracking: Policy and Technology

SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Smart, useful, scary, creepy: perceptions of online behavioral advertising

Proceedings of the Eighth Symposium on Usable Privacy and Security
Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting

SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

In the modern web, the browser has emerged as the vehicle of choice, which users are to trust, customize, and use, to access a wealth of information and online services. However, recent studies show that the browser can also be used to invisibly fingerprint the user: a practice that may have serious privacy and security implications. In this paper, we report on the design, implementation and deployment of FPDetective, a framework for the detection and analysis of web-based fingerprinters. Instead of relying on information about known fingerprinters or third-party-tracking blacklists, FPDetective focuses on the detection of the fingerprinting itself. By applying our framework with a focus on font detection practices, we were able to conduct a large scale analysis of the million most popular websites of the Internet, and discovered that the adoption of fingerprinting is much higher than previous studies had estimated. Moreover, we analyze two countermeasures that have been proposed to defend against fingerprinting and find weaknesses in them that might be exploited to bypass their protection. Finally, based on our findings, we discuss the current understanding of fingerprinting and how it is related to Personally Identifiable Information, showing that there needs to be a change in the way users, companies and legislators engage with fingerprinting.