Skip to main content
SpringerLink
Log in

Not All Browsers are Created Equal: Comparing Web Browser Fingerprintability

  • Conference paper
  • First Online:
Advances in Information and Computer Security (IWSEC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10418))

Included in the following conference series:

Abstract

Browsers and their users can be tracked even in the absence of a persistent IP address or cookie. Unique and hence identifying pieces of information, making up what is known as a fingerprint, can be collected from browsers by a visited website, e.g. using JavaScript. However, browsers vary in precisely what information they make available, and hence their fingerprintability may also vary. In this paper, we report on the results of experiments examining the fingerprintable attributes made available by a range of modern browsers. We tested the most widely used browsers for both desktop and mobile platforms. The results reveal significant differences between browsers in terms of their fingerprinting potential, meaning that the choice of browser has significant privacy implications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    All the scripts used in our experiments are publicly available — see Appendix A.

  2. 2.

    https://www.netmarketshare.com/browser-market-share.aspx [accessed on 03/03/2017].

  3. 3.

    https://browserleaks.com/webrtc#webrtc-device-id [accessed on 03/03/2017].

  4. 4.

    https://webrtc.org [accessed on 03/03/2017].

  5. 5.

    Red green blue alpha (opacity).

  6. 6.

    A STUN server (i.e. a Session Traversal of User Datagram Protocol Through Network Address Translators (NATs) server) allows a NAT client to set up interactive communications such as a phone call to a VoIP provider hosted outside the local network.

  7. 7.

    https://diafygi.github.io/webrtc-ips/.

  8. 8.

    The ULA is the approximate IPv6 counterpart of the IPv4 private address; see https://tools.ietf.org/html/rfc4193 [accessed 03/03/2017].

  9. 9.

    All tested browsers feature a privacy mode; however, every browser has a different name for it. In the case of Chrome, it is called incognito.

  10. 10.

    https://addons.mozilla.org/en-gb/firefox/addon/canvasblocker.

  11. 11.

    https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp.

  12. 12.

    https://addons.mozilla.org/en-gb/firefox/addon/noscript/.

References

  1. Acar, G., Eubank, C., Englehardt, S., Juárez, M., Narayanan, A., Díaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: Ahn, G., Yung, M., Li, N. (eds.) Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, 3–7 November, 2014, pp. 674–689. ACM (2014). http://doi.acm.org/10.1145/2660267.2660347

  2. Acar, G., Juárez, M., Nikiforakis, N., Díaz, C., Gürses, S.F., Piessens, F., Preneel, B.: Fpdetective: dusting the web for fingerprinters. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, Germany, 4–8 November 2013, pp. 1129–1140. ACM (2013). http://doi.acm.org/10.1145/2508859.2516674

  3. Alaca, F., van Oorschot, P.C.: Device fingerprinting for augmenting web authentication: classification and analysis of methods. In: Schwab, S., Robertson, W.K., Balzarotti, D. (eds.) Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016, Los Angeles, CA, USA, 5–9 December, 2016, pp. 289–301. ACM (2016). http://dl.acm.org/citation.cfm?id=2991091

  4. Cao, Y., Li, S., Wijmans, E.: (cross-)browser fingerprinting via os and hardware level features. In: 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, 26 February - 1. The Internet Society (2017). http://yinzhicao.org/TrackingFree/crossbrowsertracking_NDSS17.pdf

  5. Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14527-8_1

    Chapter  Google Scholar 

  6. Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 1388–1401. ACM (2016). http://doi.acm.org/10.1145/2976749.2978313

  7. Fifield, D., Egelman, S.: Fingerprinting web users through font metrics. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 107–124. Springer, Heidelberg (2015). doi:10.1007/978-3-662-47854-7_7

    Chapter  Google Scholar 

  8. Fiore, U., Castiglione, A., Santis, A.D., Palmieri, F.: Countering browser fingerprinting techniques: constructing a fake profile with google chrome. In: Barolli, L., Xhafa, F., Takizawa, M., Enokido, T., Castiglione, A., Santis, A.D. (eds.) 17th International Conference on Network-Based Information Systems, NBiS 2014, Salerno, Italy, 10–12 September 2014, pp. 355–360. IEEE Computer Society (2014). http://dx.doi.org/10.1109/NBiS.2014.102

  9. Jakus, G., Jekovec, M., Tomažič, S., Sodnik, J.: New technologies for web development. Elektrotehniški vestnik 77(5), 273–280 (2010)

    Google Scholar 

  10. Laperdrix, P., Rudametkin, W., Baudry, B.: Beauty and the beast: diverting modern web browsers to build unique browser fingerprints. In: IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, 22–26 May 2016, pp. 878–894. IEEE Computer Society (2016). http://dx.doi.org/10.1109/SP.2016.57

  11. Mowery, K., Shacham, H.: Pixel perfect: fingerprinting canvas in HTML5. In: Fredrikson, M. (ed.) Proceedings of W2SP 2012. IEEE Computer Society, May 2012

    Google Scholar 

  12. Nikiforakis, N., Joosen, W., Livshits, B.: Privaricator: deceiving fingerprinters with little white lies. In: Proceedings of the 24th International Conference on World Wide Web, WWW 2015, Florence, Italy, 18–22 May 2015, pp. 820–830. ACM Press (2015). http://doi.acm.org/10.1145/2736277.2741090

  13. Nikiforakis, N., Kapravelos, A., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: Cookieless monster: exploring the ecosystem of web-based device fingerprinting. In: 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, 19–22 May, 2013, pp. 541–555. IEEE Computer Society (2013). http://dx.doi.org/10.1109/SP.2013.43

  14. Olejnik, Ł., Acar, G., Castelluccia, C., Diaz, C.: The leaking battery — a privacy analysis of the HTML5 battery status API. In: Garcia-Alfaro, J., Navarro-Arribas, G., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA -2015. LNCS, vol. 9481, pp. 254–263. Springer, Cham (2016). doi:10.1007/978-3-319-29883-2_18

    Chapter  Google Scholar 

  15. Perta, V.C., Barbera, M.V., Tyson, G., Haddadi, H., Mei, A.: A glance through the VPN looking glass: Ipv6 leakage and DNS hijacking in commercial VPN clients. PoPETs 2015(1), 77–91 (2015). http://www.degruyter.com/view/j/popets.2015.1.issue-1/popets-2015-0006/popets-2015-0006.xml

Download references

Acknowledgments

We would like to thank Professor Chris Mitchell for his guidance, encouragement and advice. The second author was supported by the EPSRC, grant number EP/N028554/1.

Author information

Authors and Affiliations

  1. Information Security Group, Royal Holloway, University of London, Egham, UK

    Nasser Mohammed Al-Fannah

  2. School of Mathematics, Computer Science and Engineering, City, University of London, London, UK

    Wanpeng Li

Authors
  1. Nasser Mohammed Al-Fannah
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wanpeng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nasser Mohammed Al-Fannah .

Editor information

Editors and Affiliations

  1. Hosei University, Tokyo, Japan

    Satoshi Obana

  2. NTT Corporation, Tokyo, Japan

    Koji Chida

Appendices

Appendices

A  Test Code

The scripts used in our experiments were gathered from the following websites:

Some scripts were modified to suit our testing. All the code we used for testing is available at our website https://fingerprintable.org.

B Browser and OS Versions

Browser

OS

Desktop

Chrome 56.0.2924.87 (64-bit)

Windows 10.0.14393 Build 14393

Microsoft Internet Explorer 11.576.14393.0

Windows 10.0.14393 Build 14393

Firefox 51.2 (32-bit)

Windows 10.0.14393 Build 14393

Microsoft Edge 38.14393.0.0

Windows 10.0.14393 Build 14393

Safari 10.0.3 (12602.4.8)

macOS Sierra 10.12.3

Mobile

Chrome 56.0.2924.87

Android 7.0 (Build 39.2.A.0.374)

Safari 602.1

iOS 10.2.1(14d27)

Opera Mini 22.0.2254.113472

Android 7.0 (Build 39.2.A.0.374)

Firefox 51.0.3

Android 7.0 (Build 39.2.A.0.374)

Microsoft Edge 38.14393.693.0

Windows 10 Mobile (OS Build: 10.0.14393.693)

C Specifications of Devices Used for Experiments

OS

CPU

GPU

RAM

Desktop

Windows

Intel Core i7-4720HQ 2.6 GHz

NVIDIA GeForce GTX 960 M

16.0 GB

Windows

Intel Core i5-5200U 2.2 GHz

Intel HD Graphics 5500

12.0 GB

macOS

Intel Core i5 2.7 GHz

Intel Iris Graphics 6100

8.0 GB

macOS

Intel Core i7 2.7 GHz

Intel HD Graphics 530

16.0 GB

Mobile

Android

Qualcomm Snapdragon 820 64-bit

Adreno 530

3.0 GB

Android

Qualcomm Snapdragon 801 2.5 GHz

Adreno 330

3.0 GB

iOS

A8 chip 64-bit

PowerVR GX6450

1.0 GB

iOS

A9 chip 64-bit

PowerVR GT7600

2.0 GB

Windows

Qualcomm Snapdragon 400 1.2 GHz

Adreno 305

1.0 GB

Windows

Qualcomm Snapdragon 200 1.2 GHz

Adreno 302

1.0 GB

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Al-Fannah, N.M., Li, W. (2017). Not All Browsers are Created Equal: Comparing Web Browser Fingerprintability. In: Obana, S., Chida, K. (eds) Advances in Information and Computer Security. IWSEC 2017. Lecture Notes in Computer Science(), vol 10418. Springer, Cham. https://doi.org/10.1007/978-3-319-64200-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64200-0_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64199-7

  • Online ISBN: 978-3-319-64200-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation