EssentialFP: Exposing the Essence of Browser Fingerprinting
Paper in proceeding, 2021

Web pages aggressively track users for a variety of purposes from targeted advertisements to enhanced authentication. As browsers move to restrict traditional cookie-based tracking, web pages increasingly move to tracking based on browser fingerprinting. Unfortunately, the state-of-The-Art to detect fingerprinting in browsers is often error-prone, resorting to imprecise heuristics and crowd-sourced filter lists. This paper presents EssentialFP, a principled approach to detecting fingerprinting on the web. We argue that the pattern of (i) gathering information from a wide browser API surface (multiple browser-specific sources) and (ii) communicating the information to the network (network sink) captures the essence of fingerprinting. This pattern enables us to clearly distinguish fingerprinting from similar types of scripts like analytics and polyfills. We demonstrate that information flow tracking is an excellent fit for exposing this pattern. To implement EssentialFP we leverage, extend, and deploy JSFlow, a state-of-The-Art information flow tracker for JavaScript, in a browser. We illustrate the effectiveness of EssentialFP to spot fingerprinting on the web by evaluating it on two categories of web pages: one where the web pages perform analytics, use polyfills, and show ads, and one where the web pages perform authentication, bot detection, and fingerprinting-enhanced Alexa top pages.

web security and privacy

information flow

JavaScript

browser fingerprinting

Author

Alexander Sjösten

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Daniel Hedin

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Andrei Sabelfeld

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Proceedings - 2021 IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2021

32-48
9781665410120 (ISBN)

6th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2021
Virtual, Vienna, Austria,

Subject Categories (SSIF 2011)

Media and Communication Technology

Communication Systems

Signal Processing

DOI

10.1109/EuroSPW54576.2021.00011

More information

Latest update

11/24/2021