Back to Search
Start Over
Beauty and the Beast: Diverting Modern Web Browsers to Build Unique Browser Fingerprints
- Source :
- IEEE Symposium on Security and Privacy, 37th IEEE Symposium on Security and Privacy (S&P 2016), 37th IEEE Symposium on Security and Privacy (S&P 2016), May 2016, San Jose, United States, BASE-Bielefeld Academic Search Engine
- Publication Year :
- 2016
- Publisher :
- IEEE, 2016.
-
Abstract
- International audience; Worldwide, the number of people and the time spent browsing the web keeps increasing. Accordingly, the technologies to enrich the user experience are evolving at an amazing pace. Many of these evolutions provide for a more interactive web (e.g., boom of JavaScript libraries, weekly innovations in HTML5), a more available web (e.g., explosion of mobile devices), a more secure web (e.g., Flash is disappearing, NPAPI plugins are being deprecated), and a more private web (e.g., increased legislation against cookies, huge success of extensions such as Ghostery and AdBlock). Nevertheless, modern browser technologies, which provide the beauty and power of the web, also provide a darker side, a rich ecosystem of exploitable data that can be used to build unique browser fingerprints. Our work explores the validity of browser fingerprinting in today's environment. Over the past year, we have collected 118,934 fingerprints composed of 17 attributes gathered thanks to the most recent web technologies. We show that innovations in HTML5 provide access to highly discriminating attributes, notably with the use of the Canvas API which relies on multiple layers of the user's system. In addition, we show that browser fingerprinting is as effective on mobile devices as it is on desktops and laptops, albeit for radically different reasons due to their more constrained hardware and software environments. We also evaluate how browser fingerprinting could stop being a threat to user privacy if some technological evolutions continue (e.g., disappearance of plugins) or are embraced by browser vendors (e.g., standard HTTP headers).
- Subjects :
- Web-based simulation
Web development
Computer science
Rich Internet application
Framing (World Wide Web)
Mobile Web
02 engineering and technology
privacy
JavaScript
Application software
computer.software_genre
Web API
World Wide Web
[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]
User experience design
020204 information systems
Web design
Web page
0202 electrical engineering, electronic engineering, information engineering
Comet (programming)
Web application
Web navigation
Clickstream
computer.programming_language
Client-side scripting
HTML5
business.industry
[INFO.INFO-WB]Computer Science [cs]/Web
browser fingerprinting
software diversity
Browser security
Web Accessibility Initiative
020201 artificial intelligence & image processing
Web service
business
computer
Mobile device
Subjects
Details
- Database :
- OpenAIRE
- Journal :
- 2016 IEEE Symposium on Security and Privacy (SP)
- Accession number :
- edsair.doi.dedup.....d7adb5b5ea779ba3ce7c65564432d0d8