publication . Preprint . 2020

Actions speak louder than words: Semi-supervised learning for browser fingerprinting detection

Bird, Sarah; Mishra, Vikas; Englehardt, Steven; Willoughby, Rob; Zeber, David; Rudametkin, Walter; Lopatka, Martin;
Open Access English
  • Published: 09 Mar 2020
Abstract
As online tracking continues to grow, existing anti-tracking and fingerprinting detection techniques that require significant manual input must be augmented. Heuristic approaches to fingerprinting detection are precise but must be carefully curated. Supervised machine learning techniques proposed for detecting tracking require manually generated label-sets. Seeking to overcome these challenges, we present a semi-supervised machine learning approach for detecting fingerprinting scripts. Our approach is based on the core insight that fingerprinting scripts have similar patterns of API access when generating their fingerprints, even though their access patterns may...
Subjects
free text keywords: Computer Science - Cryptography and Security
Download from
71 references, page 1 of 5

[1] J. Schwartz, “Giving Web a Memory Cost Its Users Privacy.” https://www.nytimes.com/2001/09/04/ business/giving-web-a-memory-cost-its-users-privacy.html, Sept. 2001.

[2] A. Lerner, A. K. Simpson, T. Kohno, and F. Roesner, “Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016,” in 25th USENIX Security Symposium (USENIX Security 16), (Austin, TX), USENIX Association, 2016.

[3] F. Roesner, T. Kohno, and D. Wetherall, “Detecting and Defending Against Third-party Tracking on the Web,” in Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation, NSDI'12, (Berkeley, CA, USA), pp. 12-12, USENIX Association, 2012.

[4] S. Englehardt, “The hidden perils of cookie syncing.” https://freedom-to-tinker.com/2014/08/07/ the-hidden-perils-of-cookie-syncing/, Aug. 2014.

[5] S. Englehardt, D. Reisman, C. Eubank, P. Zimmerman, J. Mayer, A. Narayanan, and E. W. Felten, “Cookies That Give You Away: The Surveillance Implications of Web Tracking,” in Proceedings of the 24th International Conference on World Wide Web, WWW '15, (Republic and Canton of Geneva, Switzerland), pp. 289-299, International World Wide Web Conferences Steering Committee, 2015.

[6] P. Papadopoulos, N. Kourtellis, and E. Markatos, “Cookie Synchronization: Everything You Always Wanted to Know But Were Afraid to Ask,” in The World Wide Web Conference, WWW '19, pp. 1432-1442, Association for Computing Machinery, 2019.

[7] S. Arshad, A. Kharraz, and W. Robertson, “Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions,” in Financial Cryptography and Data Security (J. Grossklags and B. Preneel, eds.), Lecture Notes in Computer Science, pp. 441-459, Springer Berlin Heidelberg, 2017.

[8] M. A. Bashir, S. Arshad, C. Wilson, and W. Robertson, “Tracing Information Flows Between Ad Exchanges Using Retargeted Ads,” in Proceedings of the 25th USENIX Security Symposium, (Austin, TX), p. 17, Aug. 2016.

[9] M. A. Bashir and C. Wilson, “Diffusion of User Tracking Data in the Online Advertising Ecosystem,” Proceedings on Privacy Enhancing Technologies, vol. 2018, pp. 85-103, Oct. 2018.

[10] J. Wilander, “Intelligent Tracking Prevention intelligent-tracking-prevention-2-2/, Apr. 2019.

[13] I. Fouad, N. Bielova, A. Legout, and N. Sarafijanovic-Djukic, “Missed by Filter Lists: Detecting Unknown Third-Party Trackers with Invisible Pixels,” in PETS 2020 - 20th Privacy Enhancing Technologies Symposium, 2020. [OpenAIRE]

[14] “Building a more private web.” building-a-more-private-web/, Aug. 2019.

[16] “WebKit Tracking Prevention Policy.” https://webkit.org/tracking-prevention-policy/.

[17] B. Lassey, “Combating fingerprinting with a privacy budget.” https://github.com/bslassey/ privacy-budget, Aug. 2019.

[18] “Security/Fingerprinting - MozillaWiki.” https://wiki.mozilla.org/Security/Fingerprinting.

71 references, page 1 of 5
Abstract
As online tracking continues to grow, existing anti-tracking and fingerprinting detection techniques that require significant manual input must be augmented. Heuristic approaches to fingerprinting detection are precise but must be carefully curated. Supervised machine learning techniques proposed for detecting tracking require manually generated label-sets. Seeking to overcome these challenges, we present a semi-supervised machine learning approach for detecting fingerprinting scripts. Our approach is based on the core insight that fingerprinting scripts have similar patterns of API access when generating their fingerprints, even though their access patterns may...
Subjects
free text keywords: Computer Science - Cryptography and Security
Download from
71 references, page 1 of 5

[1] J. Schwartz, “Giving Web a Memory Cost Its Users Privacy.” https://www.nytimes.com/2001/09/04/ business/giving-web-a-memory-cost-its-users-privacy.html, Sept. 2001.

[2] A. Lerner, A. K. Simpson, T. Kohno, and F. Roesner, “Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016,” in 25th USENIX Security Symposium (USENIX Security 16), (Austin, TX), USENIX Association, 2016.

[3] F. Roesner, T. Kohno, and D. Wetherall, “Detecting and Defending Against Third-party Tracking on the Web,” in Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation, NSDI'12, (Berkeley, CA, USA), pp. 12-12, USENIX Association, 2012.

[4] S. Englehardt, “The hidden perils of cookie syncing.” https://freedom-to-tinker.com/2014/08/07/ the-hidden-perils-of-cookie-syncing/, Aug. 2014.

[5] S. Englehardt, D. Reisman, C. Eubank, P. Zimmerman, J. Mayer, A. Narayanan, and E. W. Felten, “Cookies That Give You Away: The Surveillance Implications of Web Tracking,” in Proceedings of the 24th International Conference on World Wide Web, WWW '15, (Republic and Canton of Geneva, Switzerland), pp. 289-299, International World Wide Web Conferences Steering Committee, 2015.

[6] P. Papadopoulos, N. Kourtellis, and E. Markatos, “Cookie Synchronization: Everything You Always Wanted to Know But Were Afraid to Ask,” in The World Wide Web Conference, WWW '19, pp. 1432-1442, Association for Computing Machinery, 2019.

[7] S. Arshad, A. Kharraz, and W. Robertson, “Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions,” in Financial Cryptography and Data Security (J. Grossklags and B. Preneel, eds.), Lecture Notes in Computer Science, pp. 441-459, Springer Berlin Heidelberg, 2017.

[8] M. A. Bashir, S. Arshad, C. Wilson, and W. Robertson, “Tracing Information Flows Between Ad Exchanges Using Retargeted Ads,” in Proceedings of the 25th USENIX Security Symposium, (Austin, TX), p. 17, Aug. 2016.

[9] M. A. Bashir and C. Wilson, “Diffusion of User Tracking Data in the Online Advertising Ecosystem,” Proceedings on Privacy Enhancing Technologies, vol. 2018, pp. 85-103, Oct. 2018.

[10] J. Wilander, “Intelligent Tracking Prevention intelligent-tracking-prevention-2-2/, Apr. 2019.

[13] I. Fouad, N. Bielova, A. Legout, and N. Sarafijanovic-Djukic, “Missed by Filter Lists: Detecting Unknown Third-Party Trackers with Invisible Pixels,” in PETS 2020 - 20th Privacy Enhancing Technologies Symposium, 2020. [OpenAIRE]

[14] “Building a more private web.” building-a-more-private-web/, Aug. 2019.

[16] “WebKit Tracking Prevention Policy.” https://webkit.org/tracking-prevention-policy/.

[17] B. Lassey, “Combating fingerprinting with a privacy budget.” https://github.com/bslassey/ privacy-budget, Aug. 2019.

[18] “Security/Fingerprinting - MozillaWiki.” https://wiki.mozilla.org/Security/Fingerprinting.

71 references, page 1 of 5
Powered by OpenAIRE Research Graph
Any information missing or wrong?Report an Issue