Advertisement

User Tracking on the Web via Cross-Browser Fingerprinting

  • Károly Boda
  • Ádám Máté Földes
  • Gábor György Gulyás
  • Sándor Imre
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7161)

Abstract

The techniques of tracking users through their web browsers have greatly evolved since the birth of the World Wide Web, posing an increasingly significant privacy risk. An important branch of these methods, called fingerprinting, is getting more and more attention, because it does not rely on client-side information storage, in contrast to cookie-like techniques. In this paper, we propose a new, browser-independent fingerprinting method. We have tested it on a data set of almost a thousand records, collected through a publicly accessible test website. We have shown that a part of the IP address, the availability of a specific font set, the time zone, and the screen resolution are enough to uniquely identify most users of the five most popular web browsers, and that user agent strings are fairly effective but fragile identifiers of a browser instance.

Keywords

web privacy user tracking user identification profiling 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Eckersley, P.: How Unique is Your Web Browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010), doi:10.1007/978-3-642-14527-8_1CrossRefGoogle Scholar
  2. 2.
    Gulyás, G., Schulcz, R., Imre, S.: Comprehensive analysis of web privacy and anonymous web browsers: are next generation services based on collaborative filtering? In: Joint SPACE and TIME International Workshops 2008, Trondheim, Norway (June 2008) Google Scholar
  3. 3.
    Wondracek, G., Holz, T., Kirda, E., Kruegel, C.: A Practical Attack to De-anonymize Social Network Users. In: Proc. of the 2010 IEEE Symposium on Security and Privacy, pp. 223–238 (2010), doi: http://doi.ieeecomputersociety.org/10.1109/SP.2010.21
  4. 4.
    Mowery, K., Bogenreif, D., Yilek, S., Shacham, H.: Fingerprinting Information in JavaScript Implementations. In: W2SP 2011: Web 2.0 Security and Privacy 2011 (2011)Google Scholar
  5. 5.
    evercookie – virtually irrevocable persistent cookies, http://samy.pl/evercookie/ (retrieved on August 3, 2011)
  6. 6.
    Soltani, A., Canty, S., Mayo, Q., Thomas, L., Hoofnagle, C.J.: Flash Cookies and Privacy (2009), SSRN http://ssrn.com/abstract=1446862
  7. 7.
    Mozilla Firefox 4 Release Notes, http://www.mozilla.com/en-US/firefox/4.0/releasenotes/ (retrieved on August 5, 2011)
  8. 8.
    Grossman, J.: I know where you’ve been, http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-been.html (retrieved on August 5, 2011)
  9. 9.
    Gomez, J., Pinnick, T., Soltani, A.: KnowPrivacy. Technical Report 2009-037, University of California, Berkeley (2009) Google Scholar
  10. 10.
    What They Know – WSJ, http://blogs.wsj.com/wtk/ (retrieved on August 5, 2011)
  11. 11.
    Paulik, T., Földes, Á.M., Gulyás, G.G.: Blogcrypt: Private Content Publishing on the Web. In: Fourth International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2010, Venice, Italy (July 2010)Google Scholar
  12. 12.
    Weinberg, Z., Chen, E.Y., Jayaraman, P.R., Jackson, C.: I still know what youvisited last summer. In: Proc. of the 2011 IEEE Symposium on Security and Privacy, pp. 147–161 (2011), doi: http://dx.doi.org/10.1109/SP.2011.23

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Károly Boda
    • 1
  • Ádám Máté Földes
    • 1
  • Gábor György Gulyás
    • 1
  • Sándor Imre
    • 1
  1. 1.Department of TelecommunicationsBudapest University of Technology and EconomicsBudapestHungary

Personalised recommendations