FPRandom: Randomizing Core Browser Objects to Break Advanced Device Fingerprinting Techniques

Laperdrix, Pierre; Baudry, Benoît; Mishra, Vikas Kumar

doi:10.1007/978-3-319-62105-0_7

Cited by 43 publications

(48 citation statements)

References 10 publications

(12 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, it keeps presenting the same limitation as naive spoofers since the modified values are incomplete and can be incoherent. Laperdrix et al explored the randomization of media elements, such as canvas and audio used in fingerprinting, to break fingerprint linkability [12]. They add a slight random noise to canvas and audio, that is not perceived by users, to defeat fingerprinting algorithms.…”

Section: Background and Motivationsmentioning

confidence: 99%

See 1 more Smart Citation

FP-STALKER: Tracking Browser Fingerprint Evolutions

Vastel

Laperdrix

Rudametkin

et al. 2018

2018 IEEE Symposium on Security and Privacy (SP)

Self Cite

View full text Add to dashboard Cite

Abstract-Browser fingerprinting has emerged as a technique to track users without their consent. Unlike cookies, fingerprinting is a stateless technique that does not store any information on devices, but instead exploits unique combinations of attributes handed over freely by browsers. The uniqueness of fingerprints allows them to be used for identification. However, browser fingerprints change over time and the effectiveness of tracking users over longer durations has not been properly addressed.In this paper, we show that browser fingerprints tend to change frequently-from every few hours to days-due to, for example, software updates or configuration changes. Yet, despite these frequent changes, we show that browser fingerprints can still be linked, thus enabling long-term tracking.FP-STALKER is an approach to link browser fingerprint evolutions. It compares fingerprints to determine if they originate from the same browser. We created two variants of FP-STALKER, a rule-based variant that is faster, and a hybrid variant that exploits machine learning to boost accuracy. To evaluate FP-STALKER, we conduct an empirical study using 98, 598 fingerprints we collected from 1, 905 distinct browser instances. We compare our algorithm with the state of the art and show that, on average, we can track browsers for 54.48 days, and 26 % of browsers can be tracked for more than 100 days.

show abstract

Section: Background and Motivationsmentioning

confidence: 99%

“…One needs to keep track of these evolutions to link them to previous fingerprints. Recent approaches exploit fingerprint uniqueness as a defense mechanism by adding randomness to break uniqueness [12], [13], [21], but they did not address linkability.…”

Section: Introductionmentioning

confidence: 99%

FP-STALKER: Tracking Browser Fingerprint Evolutions

Vastel

Laperdrix

Rudametkin

et al. 2018

2018 IEEE Symposium on Security and Privacy (SP)

Self Cite

View full text Add to dashboard Cite

show abstract

“…They also block functionality such as Canvas elements [57]. There are also approaches to prevent fingerprinting by adding randomness instead of removing functionality [38]. The aim is always to prevent the creation of unique fingerprints of a browser and thus also user.…”

Section: Introductionmentioning

confidence: 99%

JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits

Schwarz

Lackner²,

Gruss

2019

Proceedings 2019 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Today, more and more web browsers and extensions provide anonymity features to hide user details. Primarily used to evade tracking by websites and advertisements, these features are also used by criminals to prevent identification. Thus, not only tracking companies but also law-enforcement agencies have an interest in finding flaws which break these anonymity features. For instance, for targeted exploitation using zero days, it is essential to have as much information about the target as possible. A failed exploitation attempt, e.g., due to a wrongly guessed operating system, can burn the zero-day, effectively costing the attacker money. Also for side-channel attacks, it is of the utmost importance to know certain aspects of the victim's hardware configuration, e.g., the instruction-set architecture. Moreover, knowledge about specific environmental properties, such as the operating system, allows crafting more plausible dialogues for phishing attacks. We found environment-dependent properties in Firefox, Chrome, Edge, and mobile Tor, allowing us to reveal the underlying operating system, CPU architecture, used privacy-enhancing plugins, as well as exact browser version. We stress that our method should be used in the development of browsers and privacy extensions to automatically find flaws in the implementation.

show abstract

“…Laperdrix et al proposed with FPRandom to exploit browsers' untapped flexibility to introduce randomness [86]. Their goal was to increase non-determinism in browsers to reduce the side-effects that cause fingerprintable behaviours.…”

Section: Increasing Device Diversitymentioning

confidence: 99%

Browser Fingerprinting

Bielova²,

et al. 2020

Self Cite

View full text Add to dashboard Cite

With this paper, we survey the research performed in the domain of browser fingerprinting, while providing an accessible entry point to newcomers in the field. We explain how this technique works and where it stems from. We analyze the related work in detail to understand the composition of modern fingerprints and see how this technique is currently used online. We systematize existing defense solutions into different categories and detail the current challenges yet to overcome.

show abstract

FPRandom: Randomizing Core Browser Objects to Break Advanced Device Fingerprinting Techniques

Cited by 43 publications

References 10 publications

FP-STALKER: Tracking Browser Fingerprint Evolutions

FP-STALKER: Tracking Browser Fingerprint Evolutions

JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits

Browser Fingerprinting

Contact Info

Product

Resources

About