Skip to main content

Quantifying Information Exposure by Web Browsers

Part of the Advances in Intelligent Systems and Computing book series (AISC,volume 1290)

Abstract

Internet surfing entails exchanging numerous HTTP requests between clients and servers. Attached with each request is a string containing plenty of information about the client called User-Agent string. There have been numerous researches that showed the privacy and security risks of User-Agent strings. In this work we aim to minimize those risks by directing users towards using less exposing browsers. In doing so, we propose and test a new method for calculating an exposure score for web browsers based mainly on their User-Agent strings besides other attributes. We then apply this method on a dataset of over a million browsers to infer and compare their exposure scores. Finally, we present a demo web tool that shows how the resulting scores can be leveraged to aid end users. Our results reveal a variation in the exposure scores of these browsers, which creates prospect for safe Internet surfing.

Keywords

  • User-Agent string
  • Privacy
  • Security
  • Browsers

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-63092-8_44
  • Chapter length: 20 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   269.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-63092-8
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   349.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.
Fig. 8.

Notes

  1. 1.

    “Analysis of variance is a collection of statistical models and their associated estimation procedures used to analyze the differences among group means in a sample”, Wikipedia 2020.

References

  1. Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, New York, NY, USA, pp. 674–689. ACM (2014)

    Google Scholar 

  2. Alcorn, W., Frichot, C., Orru, M.: The Browser Hacker’s Handbook, 1st edn. Wiley, Hoboken (2014)

    Google Scholar 

  3. Cao, Y., Li, S., Wijmans, E.: (Cross-)browser fingerprinting via OS and hardware level features (2017)

    Google Scholar 

  4. Mozilla Corporation. How to block fingerprinting with Firefox, January 2020. https://blog.mozilla.org/firefox/how-to-block-fingerprinting-with-firefox/

  5. The MITRE Corporation. Common Vulnerabilities and Exposures, June 2020. https://cve.mitre.org/

  6. Das, A., Borisov, N., Acar, G., Pradeep, A.: The web’s sixth sense: a study of scripts accessing smartphone sensors. In: CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Proceedings of the ACM Conference on Computer and Communications Security, pp. 1515–1532. Association for Computing Machinery (2018)

    Google Scholar 

  7. Eckersley, P.: How unique is your web browser? In: Proceedings of the 10th International Conference on Privacy Enhancing Technologies, PETS 2010, pp. 1–18. Springer, Heidelberg (2010)

    Google Scholar 

  8. FaizKhademi, A., Zulkernine, M., Weldemariam, K.: FPGuard: detection and prevention of browser fingerprinting, pp. 293–308 (2015)

    Google Scholar 

  9. Fielding, R., Reschke, J.: Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content, June 2014. https://tools.ietf.org/html/rfc7231

  10. Fiore, U., Castiglione, A., Santis, A.D., Palmieri, F.: Countering browser fingerprinting techniques: constructing a fake profile with google chrome. In: 2014 17th International Conference on Network-Based Information Systems, pp. 355–360, September 2014

    Google Scholar 

  11. Gómez-Boix, A., Frey, D., Bromberg, Y.D., Baudry, B.: A collaborative strategy for mitigating tracking through browser fingerprinting. In: MTD 2019 - 6th ACM Workshop on Moving Target Defense, London, United Kingdom, pp. 1–12, November 2019

    Google Scholar 

  12. Hoofnagle, C.J., Urban, J.M., Li, S.: Privacy and modern advertising: most us internet users want ‘do not track’ to stop collection of data about their online activities (2012)

    Google Scholar 

  13. Hupperich, T., Maiorca, D., Kührer, M., Holz, T., Giacinto, G.: On the robustness of mobile device fingerprinting: can mobile users escape modern web-tracking mechanisms? In: Proceedings of the 31st Annual Computer Security Applications Conference, ACSAC 2015, New York, NY, USA, pp. 191–200. ACM (2015)

    Google Scholar 

  14. IETF. The Internet Engineering Task Force, November 2019. https://ietf.org/

  15. Kaur, H., Zavarsky, P., Jaafar, F.: Unauthorised data leakage from an organisation through web browser fingerprinting vulnerability (2017)

    Google Scholar 

  16. Laperdrix, P., Rudametkin, W., Baudry, B.: Beauty and the beast: diverting modern web browsers to build unique browser fingerprints. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 878–894, May 2016

    Google Scholar 

  17. Laperdrix, P., Bielova, N., Baudry, B., Avoine, G.: Browser fingerprinting: a survey. CoRR, abs/1905.01051 (2019)

    Google Scholar 

  18. Mohsen, F.: Data and Source codes, June 2020. https://drive.google.com/open?id=1SWR1vXfkBsZ7S_aCHhevIJqf7ZlArWd0

  19. Mulazzani, M., Reschl, P., Huber, M., Leithner, M., Schrittwieser, S., Weippl, E.R.: Fast and reliable browser identification with JavaScript engine fingerprinting (2013)

    Google Scholar 

  20. Browser Capabilities Project. browscap.ini, December 2019. https://browscap.org/

  21. Schumann, J., Wangenheim, F., Groene, N.: Targeted online advertising: using reciprocity appeals to increase acceptance among users of free web services. SSRN Electron. J. (2014)

    Google Scholar 

  22. Shimeall, T., Spring, J.: Introduction to Information Security: A Strategic-Based Approach. Syngress Publishing, Rockland (2013)

    Google Scholar 

  23. Spooren, J., Preuveneers, D., Joosen, W.: Mobile device fingerprinting considered harmful for risk-based authentication. In: Proceedings of the Eighth European Workshop on System Security, EuroSec 2015, New York, NY, USA, pp. 6:1–6:6. ACM (2015)

    Google Scholar 

  24. Unger, T., Mulazzani, M., Frühwirt, D., Huber, M., Schrittwieser, S., Weippl, E.: SHPF: enhancing http(s) session security with browser fingerprinting. In: 2013 International Conference on Availability, Reliability and Security, pp. 255–261, September 2013

    Google Scholar 

  25. whatismybrowser. WhatIsMyBrowser.com Project, October 2019. https://www.whatismybrowser.com/

  26. Yen, T.F., Xie, Y., Yu, F., Yu, R.P., Abadi, M.: Host fingerprinting and tracking on the web: privacy and security implications. In: The 19th Annual Network and Distributed System Security Symposium (NDSS) 2012. Internet Society, February 2012

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Fadi Mohsen .

Editor information

Editors and Affiliations

Appendix A: The number of unique values for each of the 47 attributes.

Appendix A: The number of unique values for each of the 47 attributes.

Table 5. The number of unique values for each attribute of the user-agent string

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Mohsen, F., Shehab, M., Lange, M., Karastoyanova, D. (2021). Quantifying Information Exposure by Web Browsers. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Proceedings of the Future Technologies Conference (FTC) 2020, Volume 3. FTC 2020. Advances in Intelligent Systems and Computing, vol 1290. Springer, Cham. https://doi.org/10.1007/978-3-030-63092-8_44

Download citation