More Web Proxy on the site http://driver.im/

research-article

Open access

Evaluating Anti-Fingerprinting Privacy Enhancing Technologies

Authors:

Michael Carl TschantzAuthors Info & Claims

WWW '19: The World Wide Web Conference

Pages 351 - 362

https://doi.org/10.1145/3308558.3313703

Published: 13 May 2019 Publication History

All formats PDF

Abstract

We study how to evaluate Anti-Fingerprinting Privacy Enhancing Technologies (AFPETs). Experimental methods have the advantage of control and precision, and can be applied to new AFPETs that currently lack a user base. Observational methods have the advantage of scale and drawing from the browsers currently in real-world use. We propose a novel combination of these methods, offering the best of both worlds, by applying experimentally created models of a AFPET's behavior to an observational dataset. We apply our evaluation methods to a collection of AFPETs to find the Tor Browser Bundle to be the most effective among them. We further uncover inconsistencies in some AFPETs' behaviors.

References

[1]

Absolute Double. 2017. HideMyFootprint: Protect your privacy. https://hmfp.absolutedouble.co.uk. (2017). Accessed Dec. 25, 2017.

[2]

Absolute Double. 2018. Trace: Browse online without leaving a Trace. https://absolutedouble.co.uk/trace/. (2018). Accessed Jan. 12, 2018.

[3]

Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan, and Claudia Diaz. 2014. The web never forgets: Persistent tracking mechanisms in the wild. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 674-689.

Digital Library

[4]

Gunes Acar, Marc Juarez, Nick Nikiforakis, Claudia Diaz, Seda Gürses, Frank Piessens, and Bart Preneel. 2013. FPDetective: dusting the web for fingerprinters. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, 1129-1140.

Digital Library

[5]

Alexei “ghostwords”. 2018. Support navigator.doNotTrack. Pull request #1861 for the EFForg/privacybadger project on GitHub: https://github.com/EFForg/privacybadger/pull/1861. (July 2018).

[6]

Andrew. 2017. Scriptsafe: andryou. https://www.andryou.com/scriptsafe/. (2017). Accessed Dec. 25, 2017.

[7]

Anonymous. 2018. Comment 276687 on “New Release: Tor Browser 8.0a10”. Tor Blog: https://blog.torproject.org/comment/276424#comment-276424. (Aug. 2018). See responses as well.

[8]

appodrome.net. 2017. CanvasFingerprintBlock: Chrome Web Store. https://chrome.google.com/webstore/detail/canvasfingerprintblock/ipmjngkmngdcdpmgmiebdmfbkcecdndc?hl=en. (2017). Accessed Dec. 25, 2017.

[9]

Brave Browser. 2017. Fingerprint Protection Mode. https://github.com/brave/browser-laptop/wiki/Fingerprinting-Protection-Mode. (2017). Accessed Dec. 19, 2017.

[10]

Yinzhi Cao, Song Li, and Erik Wijmans. 2017. (Cross-)Browser Fingerprinting via OS and Hardware Level Features. In 24th Annual Network and Distributed System Security SymposiumNDSS. http://www.yinzhicao.org/TrackingFree/crossbrowsertracking_NDSS17.pdf

[11]

Disconnect. 2017. Disconnect. https://disconnect.me. (2017). Accessed Jan. 12, 2017.

[12]

Peter Eckersley. 2010. How unique is your web browser?. In Privacy Enhancing Technologies, Vol. 6205. Springer, 1-18.

Digital Library

[13]

Electronic Frontier Foundation. 2017. Panopticlick. https://panopticlick.eff.org. (2017). Accessed Dec 12, 2017.

[14]

Electronic Frontier Foundation. 2017. Privacy Badger. https://www.eff.org/privacybadger. (2017). Accessed Jan. 13, 2017.

[15]

Steven Englehardt and Arvind Narayanan. 2016. Online tracking: A 1-million-site measurement and analysis. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1388-1401.

Digital Library

[16]

eyeo GmbH. 2017. Adblock Plus: Surf the web without annoying ads!https://adblockplus.org. (2017). Accessed Dec. 27, 2017.

[17]

Amin FaizKhademi, Mohammad Zulkernine, and Komminist Weldemariam. 2015. FPGuard: Detection and prevention of browser fingerprinting. In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 293-308.

[18]

David Fifield and Serge Egelman. 2015. Fingerprinting web users through font metrics. In International Conference on Financial Cryptography and Data Security. Springer, 107-124.

[19]

fonk. 2017. TotalSpoof Add-on Homepage. http://fonk.wz.cz/totalspoof. (2017). Accessed Dec. 25, 2017.

[20]

Cliqz International GmbH. 2017. Ghostery Makes the Web Cleaner, Faster and Safer!https://www.ghostery.com. (2017). Accessed Dec. 27, 2017.

[21]

Google. 2017. Chrome web store. https://chrome.google.com/webstore/category/extensions. (Dec. 2017).

[22]

Gábor György Gulyás, Dolière Francis Some´, Nataliia Bielova, and Claude Castelluccia. 2018. To Extend or Not to Extend: On the Uniqueness of Browser Extensions and Web Logins. In Proceedings of the 2018 Workshop on Privacy in the Electronic Society (WPES'18). ACM, New York, NY, USA, 14-27.

Digital Library

[23]

Raymond Hill. 2015. uBlock and others: Blocking ads, trackers, malwares. https://github.com/gorhill/uBlock/wiki/uBlock-and-others%3A-Blocking-ads%2C-trackers%2C-malwares. (May 2015). Accessed July 5, 2017.

[24]

Raymond Hill. 2017. uBlock Origin: An efficient blocker for Chromium and Firefox.https://github.com/gorhill/uBlock. (2017). Accessed Dec. 27, 2017.

[25]

Muhammad Ikram, Hassan Jameel Asghar, Mohamed Ali Kaafar, Anirban Mahanti, and Balachandar Krishnamurthy. 2017. Towards seamless tracking-free web: Improved detection of trackers via one-class learning. Proceedings on Privacy Enhancing Technologies 2017, 1(2017), 79-99.

[26]

InformAction. 2017. NoScript: JavaScript/Java/Flash blocker for a safer Firefox experience!https://noscript.net. (2017). Accessed Dec. 27, 2017.

[27]

kkapsner. 2017. CanvasBlocker: A Firefox Plugin to block the canvas-API. https://github.com/kkapsner/CanvasBlocker/. (2017). Accessed Dec. 25, 2017.

[28]

Georgios Kontaxis and Monica Chew. 2015. Tracking protection in Firefox for privacy and performance. arXiv preprint arXiv:1506.04104(2015).

[29]

Balachander Krishnamurthy and Craig E Wills. 2006. Generating a privacy footprint on the internet. In Proceedings of the 6th ACM SIGCOMM conference on Internet measurement. ACM, 65-70.

Digital Library

[30]

Pierre Laperdrix. 2017. Fingerprint Central. https://fpcentral.irisa.fr/. (2017). Accessed Oct 31, 2017.

[31]

Pierre Laperdrix, Benoit Baudry, and Vikas Mishra. 2017. FPRandom: Randomizing core browser objects to break advanced device fingerprinting techniques. In 9th International Symposium on Engineering Secure Software and Systems (ESSoS 2017).

[32]

Pierre Laperdrix, Walter Rudametkin, and Benoit Baudry. 2015. Mitigating browser fingerprint tracking: multi-level reconfiguration and diversification. In Proceedings of the 10th International Symposium on Software Engineering for Adaptive and Self-Managing Systems. IEEE Press, 98-108.

Digital Library

[33]

Pierre Laperdrix, Walter Rudametkin, and Benoit Baudry. 2016. Beauty and the beast: Diverting modern web browsers to build unique browser fingerprints. In Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 878-894.

[34]

Pedro Leon, Blase Ur, Richard Shay, Yang Wang, Rebecca Balebako, and Lorrie Cranor. 2012. Why Johnny can't opt out: a usability evaluation of tools to limit online behavioral advertising. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 589-598.

Digital Library

[35]

Jonathan R Mayer and John C Mitchell. 2012. Third-party web tracking: Policy and technology. In Security and Privacy (SP), 2012 IEEE Symposium on. IEEE, 413-427.

Digital Library

[36]

meh. 2017. Blender: Blend in the crowd by faking to be the most common Firefox browser version, operating system and other stuff.https://github.com/meh/blender. (2017). Accessed Dec. 25, 2017.

[37]

Georg Merzdovnik, Markus Huber, Damjan Buhov, Nick Nikiforakis, Sebastian Neuner, Martin Schmiedecker, and Edgar Weippl. 2017. Block me if you can: A large-scale study of tracker-blocking tools. In Proceedings of the 2nd IEEE European Symposium on Security and Privacy (IEEE EuroS&P).

[38]

Keaton Mowery and Hovav Shacham. 2012. Pixel perfect: Fingerprinting canvas in HTML5. Proceedings of W2SP(2012), 1-12.

[39]

Mozilla. 2017. Firefox Add-ons. https://addons.mozilla.org/en-US/firefox/. (Dec. 2017).

[40]

Multiloginapp. 2017. How Canvas Fingerprint Blockers Make You Easily Trackable. https://multiloginapp.com/how-canvas-fingerprint-blockers-make-you-easily-trackable/. (2017). Accessed Dec 19, 2017.

[41]

Net-Comet. 2017. Glove: Chrome Web Store. https://chrome.google.com/webstore/detail/glove/abdgoalibdacpnmknnpkgnfllphboefb?hl=en. (2017). Accessed Dec. 25, 2017.

[42]

Nick Nikiforakis, Wouter Joosen, and Benjamin Livshits. 2015. Privaricator: Deceiving fingerprinters with little white lies. In Proceedings of the 24th International Conference on World Wide Web. International World Wide Web Conferences Steering Committee, 820-830.

Digital Library

[43]

NiklasG. 2017. Stop Fingerprinting: Add-ons for Firefox. https://addons.mozilla.org/en-US/firefox/addon/stop-fingerprinting/. (2017). Accessed Dec. 25, 2017.

[44]

Liam Paninski. 2003. Estimation of entropy and mutual information. Neural computation 15, 6 (2003), 1191-1253.

Digital Library

[45]

Mike Perry, Erinn Clark, Steven Murdoch, and Georg Koppen. 2017. The Design and Implementation of the Tor Browser. https://www.torproject.org/projects/torbrowser/design/#privacy. (2017). Accessed Jul 21, 2017.

[46]

Resat. 2017. Blend In: Add-ons for Firefox. https://addons.mozilla.org/en-US/firefox/addon/blend-in/. (2017). Accessed Dec. 25, 2017.

[47]

Franziska Roesner, Tadayoshi Kohno, and David Wetherall. 2012. Detecting and Defending Against Third-party Tracking on the Web. In Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation(NSDI'12). USENIX Association, Berkeley, CA, USA, 12-12. http://dl.acm.org/citation.cfm?id=2228298.2228315

Digital Library

[48]

Samy Sadi. 2017. No Enumerable Extensions: Firefox addon that lets you hide installed extensions and avoid being fingerprinted based on them. https://github.com/samysadi/no-enumerable-extensions. (2017). Accessed Jan. 13, 2017.

[49]

Sagar Shivaji Salunke. 2014. Selenium Webdriver in Python: Learn with Examples (1st ed.). CreateSpace Independent Publishing Platform, USA.

Digital Library

[50]

Iskander Sanchez-Rola, Igor Santos, and Davide Balzarotti. 2017. Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 679-694. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/sanchez-rola

Digital Library

[51]

Martin Springwald. 2017. Privacy-Extension-Chrome: Provides Privacy for Chrome. https://github.com/marspr/privacy-extension-chrome. (2017). Accessed Dec. 25, 2017.

[52]

Oleksii Starov and Nick Nikiforakis. 2017. Xhound: Quantifying the fingerprintability of browser extensions. In Security and Privacy (SP), 2017 IEEE Symposium on. IEEE, 941-956.

[53]

StatCounter. 2018. StatCounter Global Stats. http://gs.statcounter.com/. (2018). Accessed Feb. 12, 2018.

[54]

Mozilla Support. 2017. Tracking Protection. https://support.mozilla.org/en-US/kb/tracking-protection. (2017). Accessed Dec. 27, 2017.

[55]

The Tor Project. 2017. Users. Tor Metrics page: https://metrics.torproject.org/userstats-relay-country.html. (Dec. 2017).

[56]

Christof Ferreira Torres, Hugo Jonker, and Sjouke Mauw. 2015. FP-Block: usable web privacy by controlling browser fingerprinting. In European Symposium on Research in Computer Security. Springer, 3-19.

[57]

Hamilton Ulmer. 2010. Browsing Sessions. Mozilla's Blog of Metrics: https://blog.mozilla.org/metrics/2010/12/22/browsing-sessions/. (Dec. 2010).

[58]

Antoine Vastel, Pierre Laperdrix, Walter Rudametkin, and Romain Rouvoy. 2018. Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 135-150. https://www.usenix.org/conference/usenixsecurity18/presentation/vastel

Digital Library

[59]

Jon Watson. 2008. VirtualBox: Bits and Bytes Masquerading As Machines. Linux J. 2008, 166 (Feb. 2008). http://dl.acm.org/citation.cfm?id=1344209.1344210

Digital Library

[60]

Ting-Fang Yen, Yinglian Xie, Fang Yu, Roger Peng Yu, and Martin Abadi. 2012. Host Fingerprinting and Tracking on the Web: Privacy and Security Implications. In NDSS.

Cited By

Lin XAraujo FTaylor TJang JPolakis J(2023)Fashion Faux Pas: Implicit Stylistic Fingerprints for Bypassing Browsers' Anti-Fingerprinting Defenses2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179437(987-1004)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179437
Pramila RShukla S(2023)An Architecture for Risk-Based Authentication System in a Multi-Server Environment2023 IEEE International Conference on Public Key Infrastructure and its Applications (PKIA)10.1109/PKIA58446.2023.10262513(1-5)Online publication date: 8-Sep-2023
https://doi.org/10.1109/PKIA58446.2023.10262513
Bucci VLi W(2023)From Manifest V2 to V3: A Study on the Discoverability of Chrome ExtensionsInformation Security10.1007/978-3-031-49187-0_10(183-202)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1007/978-3-031-49187-0_10
Show More Cited By

Recommendations

What Makes a Technology Privacy Enhancing? Laypersons’ and Experts’ Descriptions, Uses, and Perceptions of Privacy Enhancing Technologies
Information for a Better World: Normality, Virtuality, Physicality, Inclusivity
Abstract
What makes a technology privacy-enhancing? In this study, we construct an explanation grounded in the technologies and practices that people report using to enhance their privacy. We conducted an online survey of privacy experts (i.e., privacy ...
Privacy-enhancing technologies: approaches and development

In this paper, we discuss privacy threats on the Internet and possible solutions to this problem. Examples of privacy threats in the communication networks are identity disclosure, linking data traffic with identity, location disclosure in connection ...
PPINA – a forensic investigation protocol for privacy enhancing technologies
CMS'06: Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security

Although privacy is often seen as an essential right for internet users, the provision of anonymity can also provide the ultimate cover for malicious users. Privacy Enhancing Technologies (PETs) should not only hide the identity of legitimate users but ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

WWW '19: The World Wide Web Conference

May 2019

3620 pages

ISBN:9781450366748

DOI:10.1145/3308558

Editors:
Ling Liu
Georgia Tech, USA
,
Ryen White
Microsoft Research, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

IW3C2: International World Wide Web Conference Committee

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 May 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

WWW '19

WWW '19: The Web Conference

May 13 - 17, 2019

CA, San Francisco, USA

Acceptance Rates

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
2,713
Total Downloads

Downloads (Last 12 months)665
Downloads (Last 6 weeks)171

Reflects downloads up to 16 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Lin XAraujo FTaylor TJang JPolakis J(2023)Fashion Faux Pas: Implicit Stylistic Fingerprints for Bypassing Browsers' Anti-Fingerprinting Defenses2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179437(987-1004)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179437
Pramila RShukla S(2023)An Architecture for Risk-Based Authentication System in a Multi-Server Environment2023 IEEE International Conference on Public Key Infrastructure and its Applications (PKIA)10.1109/PKIA58446.2023.10262513(1-5)Online publication date: 8-Sep-2023
https://doi.org/10.1109/PKIA58446.2023.10262513
Bucci VLi W(2023)From Manifest V2 to V3: A Study on the Discoverability of Chrome ExtensionsInformation Security10.1007/978-3-031-49187-0_10(183-202)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1007/978-3-031-49187-0_10
Chalise SNguyen HVadrevu PBarakat CPelsser CBenson TChoffnes D(2022)Your speaker or my snooper?Proceedings of the 22nd ACM Internet Measurement Conference10.1145/3517745.3561435(349-357)Online publication date: 25-Oct-2022
https://dl.acm.org/doi/10.1145/3517745.3561435
Li TZheng XShen KHan X(2022)FPFlow: Detect and Prevent Browser Fingerprinting with Dynamic Taint AnalysisCyber Security10.1007/978-981-16-9229-1_4(51-67)Online publication date: 21-Jan-2022
https://doi.org/10.1007/978-981-16-9229-1_4
Reitinger NMazurek M(2021)ML-CB: Machine Learning Canvas BlockProceedings on Privacy Enhancing Technologies10.2478/popets-2021-00562021:3(453-473)Online publication date: 27-Apr-2021
https://doi.org/10.2478/popets-2021-0056
Leith D(2021)Web Browser Privacy: What Do Browsers Say When They Phone Home?IEEE Access10.1109/ACCESS.2021.30652439(41615-41627)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3065243
Pugliese GRiess CGassmann FBenenson Z(2020)Long-Term Observation on Browser Fingerprinting: Users’ Trackability and PerspectiveProceedings on Privacy Enhancing Technologies10.2478/popets-2020-00412020:2(558-577)Online publication date: 8-May-2020
https://doi.org/10.2478/popets-2020-0041
Laperdrix PBielova NBaudry BAvoine G(2020)Browser FingerprintingACM Transactions on the Web10.1145/338604014:2(1-33)Online publication date: 9-Apr-2020
https://dl.acm.org/doi/10.1145/3386040

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents