Skip to main content
SpringerLink
Log in

Tracking Without Traces—Fingerprinting in an Era of Individualism and Complexity

  • Conference paper
  • First Online:
Privacy Technologies and Policy (APF 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12121))

Included in the following conference series:

Abstract

Fingerprinting is a ready-to-use technology that exploits the diversity and complexity of today’s personal computing devices. Since fingerprinting leaves little to no trace, Do Not Track (DNT) policies are hard to enforce. The upcoming ePrivacy Regulation must consider this technological reality. In this opinion paper, we analyse technical use cases for device fingerprinting as an easy-to-deploy and hard-to-detect tracking technology. The EU has a longstanding tradition in strong data protection norms. To keep this high standards, we call on to the legislator to act, and illustrate vital points that must be considered in the legislative process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 674–689 (2014). https://doi.org/10.1145/2660267.2660347

  2. Adamsky, F., Retunskaia, T., Schiffner, S., Köbel, C., Engel, T.: Poster: WLAN device fingerprinting using channel state information (CSI). In: Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks, WiSec 2018, New York, NY, USA, pp. 277–278. ACM (2018). https://doi.org/10.1145/3212480.3226099. ISBN 978-1-4503-5731-9

  3. Al-Fannah, N.M., Li, W.: Not all browsers are created equal: comparing web browser fingerprintability. In: Obana, S., Chida, K. (eds.) IWSEC 2017. LNCS, vol. 10418, pp. 105–120. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64200-0_7

    Chapter  Google Scholar 

  4. Cabanier, R., Mann, J., Hickson, I., Wiltzius, T., Munro, J.: HTML canvas 2D context, level 2. Technical report, W3C, September 2015. http://www.w3.org/TR/2015/NOTE-2dcontext2-20150929/

  5. Cao, Y., Li, S., Wijmans, E.: (Cross-)browser fingerprinting via OS and hardware level features. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) 2017, January 2017. https://doi.org/10.14722/ndss.2017.23152

  6. Cheshire, S., Krochmal, M.: DNS-based service discovery. RFC 6763, RFC Editor, February 2013. http://www.rfc-editor.org/rfc/rfc6763.txt

  7. Chua, Y.T., Parkin, S., Edwards, M., Oliveira, D., Schiffner, S., Tyson, G., Hutchings, A.: Identifying unintended harms of cybersecurity countermeasures. In: 2019 APWG Symposium on Electronic Crime Research (eCrime). IEEE (2020)

    Google Scholar 

  8. Data Protection Directive. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities, L 281/31:37 (1995). https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:31995L0046

  9. Directive on Privacy and Electronic Communications. Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Official Journal of the European Communities, L 201/37:37 (2002). https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32002L0058

  10. Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14527-8_1

    Chapter  Google Scholar 

  11. European Council Council of the European Union. Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) (2019). https://www.consilium.europa.eu/register/en/content/out?&typ=ENTRY&i=ADV&DOC_ID=ST-12633-2019-INIT

  12. European Parliament. Report on the proposal for a regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) (COM(2017) 0010 - C8–0009/2017 - 2017/0003(COD)) (2019). http://www.europarl.europa.eu/doceo/document/A-8-2017-0324_EN.pdf

  13. Frolov, S., Wustrow, E.: The use of TLS in censorship circumvention. In: Proceedings 2019 Network and Distributed System Security Symposium (NDSS). Internet Society (2019). https://doi.org/10.14722/ndss.2019.23511

  14. General Data Protection Regulation. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Communities, L 119/1:1–88 (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=DE

  15. Gringoli, F., Schulz, M., Link, J., Hollick, M.: Free your CSI: a channel state information extraction platform for modern Wi-Fi chipsets. In: Proceedings of the 13th International Workshop on Wireless Network Testbeds, Experimental Evaluation & Characterization, WiNTECH 2019, New York, NY, USA, pp. 21–28 (2019). Association for Computing Machinery. ISBN 9781450369312. https://doi.org/10.1145/3349623.3355477

  16. Halperin, D., Hu, W., Sheth, A., Wetherall, D.: Tool release: gathering 802.11n traces with channel state information. ACM SIGCOMM Comput. Commun. Rev. 41(1), 53 (2011)

    Article  Google Scholar 

  17. Hjelmvik, E., John, W.: Statistical protocol IDentification with SPID: preliminary results. In: Swedish National Computer Networking Workshop (2009). http://www.cse.chalmers.se/~johnwolf/publications/sncnw09-hjelmvik_john-CR.pdf. Last Checked 12 May 2010

  18. Hsieh, C., Chen, J., Nien, B.: Deep learning-based indoor localization using received signal strength and channel state information. IEEE Access 7, 33256–33267 (2019). https://doi.org/10.1109/ACCESS.2019.2903487. ISSN 2169–3536

    Article  Google Scholar 

  19. Hua, J., Sun, H., Shen, Z., Qian, Z., Zhong, S.: Accurate and efficient wireless device fingerprinting using channel state information. In: Proceedings of the IEEE International Conference on Computer Communications (INFOCOM), p. 9 (2018)

    Google Scholar 

  20. Huitema, C., Kaiser, D.: DNS-SD privacy and security requirements (Draft Version 04). RFC, RFC Editor, January 2020. https://tools.ietf.org/html/draft-ietf-dnssd-prireq-04

  21. Husák, M., Čermák, M., Jirsík, T., Čeleda, P.: HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting. EURASIP J. Inf. Secur. 2016(1), 6 (2016). https://doi.org/10.1186/s13635-016-0030-7. ISSN 1687–417X

    Article  Google Scholar 

  22. Köhnen, C., Überall, C., Adamsky, F., Rakocevic, V., Rajarajan, M., Jäger, R.: Enhancements to statistical protocol identification (SPID) for self-organised QoS in LANs. In: Proceedings of the 19th International Conference on Computer Communications and Networks (ICCCN 2010) (2010)

    Google Scholar 

  23. Kullback, S., Leibler, R.A.: On information and sufficiency. Ann. Math. Stat. 22, 49–86 (1951)

    Article  MathSciNet  Google Scholar 

  24. Laperdrix, P., Bielova, N., Baudry, B., Avoine, G.: Browser fingerprinting: a survey (2019). arXiv:1905.01051

  25. Leen, S.: MIMO OFDM Radar-Communication System with Mutual Interference Cancellation. KIT Scientific Publishing, Karlsruhe (2017). ISBN 978-3-7315-0599-0

    Google Scholar 

  26. Lymberopoulos, D., Liu, J.: The microsoft indoor localization competition: experiences and lessons learned. IEEE Signal Process. Mag. 34(5), 125–140 (2017). https://doi.org/10.1109/MSP.2017.2713817. http://ieeexplore.ieee.org/document/8026207/. ISSN 1053–5888

  27. Mayer, J.R.: Any person... a pamphleteer: internet anonymity in the age of web 2.0, Bachelor thesis (2009)

    Google Scholar 

  28. Mowery, K., Shacham, H.: Pixel perfect: fingerprinting canvas in HTML5. In: Proceedings of W2SP 2012, p. 12 (2012)

    Google Scholar 

  29. Regulation on Privacy and Electronic Communications. Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications). Draft COM/2017/010 final - 2017/03 (COD):35 (2017). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52017PC0010

  30. Rinaldi, G., Adamsky, F., Soua, R., Baiocchi, A., Engel, T.: Softwarization of SCADA: lightweight statistical SDN-agents for anomaly detection. In: Proceedings of the 10th IEEE International Conference on Networks of the Future (NoF) (2019). http://orbilu.uni.lu/handle/10993/40162

  31. Transport Layer Security (TLS) Extensions (2020). https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml. Accessed 29 Jan 2020

  32. Vastel, A., Laperdrix, P., Rudametkin, W., Rouvoy, R.: FP-scanner: the privacy implications of browser fingerprint inconsistencies. In: Proceedings of the 27th USENIX Security Symposium, p. 17 (2018)

    Google Scholar 

  33. Wagner, I., Eckhoff, D.: Technical privacy metrics: a systematic survey. ACM Comput. Surv. (CSUR) 51(3), 1–38 (2018)

    Article  Google Scholar 

  34. Waldron, R., Pozdnyakov, M., Shalamov, A., Langel, T.: Generic sensor API. Technical report, W3C, December 2019. https://www.w3.org/TR/generic-sensor/

  35. Wilde, T.: Knock knock knockin’ on bridges’ doors | tor blog (2012). https://blog.torproject.org/knock-knock-knockin-bridges-doors. Accessed 03 Feb 2020

  36. Zhang, J., Beresford, A.R., Sheret, I.: SensorID: sensor calibration fingerprinting for smartphones. In: 40th IEEE Symposium on Security and Privacy, pp. 638–655. IEEE (2019). https://doi.org/10.1109/SP.2019.00072

Download references

Acknowledgements

Parts of this work are supported by the Luxembourg National Research Fund (FNR) grant number C18/IS/12639666/EnCaViBS/Cole. We thank Dominic Dunlop for his review and comments that greatly improved the manuscript.

Author information

Authors and Affiliations

  1. University of Applied Sciences Hof, Hof, Germany

    Florian Adamsky

  2. University of Luxembourg, SNT, Luxembourg City, Luxembourg

    Stefan Schiffner & Thomas Engel

Authors
  1. Florian Adamsky
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefan Schiffner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Engel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Florian Adamsky .

Editor information

Editors and Affiliations

  1. University of Porto, Porto, Portugal

    Luís Antunes

  2. LUMSA University, Rome, Italy

    Maurizio Naldi

  3. LUISS, Rome, Italy

    Giuseppe F. Italiano

  4. Goethe University Frankfurt, Frankfurt am Main, Germany

    Kai Rannenberg

  5. ENISA, Athens, Greece

    Prokopios Drogkaris

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Adamsky, F., Schiffner, S., Engel, T. (2020). Tracking Without Traces—Fingerprinting in an Era of Individualism and Complexity. In: Antunes, L., Naldi, M., Italiano, G., Rannenberg, K., Drogkaris, P. (eds) Privacy Technologies and Policy. APF 2020. Lecture Notes in Computer Science(), vol 12121. Springer, Cham. https://doi.org/10.1007/978-3-030-55196-4_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-55196-4_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-55195-7

  • Online ISBN: 978-3-030-55196-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation