Blocking JavaScript without Breaking the Web: An Empirical Investigation

Amjad, Abdul Haddi; Shafiq, Zubair; Gulzar, Muhammad Ali

doi:10.48550/arxiv.2302.01182

Cited by 1 publication

(1 citation statement)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While browser fingerprinting can be used for acceptable purposes, e.g., web authentication [8,49], bot [18,33,85] or fraud detection [38,53], it largely represents a threat to user privacy [19,31,78,81]. In fact, it can be even more intrusive than third-party cookies: the latter are easily detectable and can be cleared at any time, whereas browser fingerprinting is less transparent, and countermeasures often result in significant website breakage [10,39]. Moreover, it can be effective even in incognito mode [7] and potentially track users for months [70].…”

Section: Introductionmentioning

confidence: 99%

FP-Fed: Privacy-Preserving Federated Detection of Browser Fingerprinting

Annamalai,

Bilogrevic,

De Cristofaro

2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Browser fingerprinting often provides an attractive alternative to third-party cookies for tracking users across the web. In fact, the increasing restrictions on third-party cookies placed by common web browsers and recent regulations like the GDPR may accelerate the transition. To counter browser fingerprinting, previous work proposed several techniques to detect its prevalence and severity. However, these rely on 1) centralized web crawls and/or 2) computationally intensive operations to extract and process signals (e.g., information-flow and static analysis).To address these limitations, we present FP-Fed, the first distributed system for browser fingerprinting detection. Using FP-Fed, users can collaboratively train on-device models based on their real browsing patterns, without sharing their training data with a central entity, by relying on Differentially Private Federated Learning (DP-FL). To demonstrate its feasibility and effectiveness, we evaluate FP-Fed's performance on a set of 18.3k popular websites with different privacy levels, numbers of participants, and features extracted from the scripts. Our experiments show that FP-Fed achieves reasonably high detection performance and can perform both training and inference efficiently, on-device, by only relying on runtime signals extracted from the execution trace, without requiring any resource-intensive operation.

show abstract