Disguised Chromium Browser: Robust Browser, Flash and Canvas Fingerprinting Protection

Peter Baumann, Stefan Katzenbeisser, Martin Stopczynski, Erik Tews

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

3 Citations (Scopus)
2 Downloads (Pure)

Abstract

Browser fingerprinting is a widely used technique to uniquely identify web users and to track their online behavior. Until now, different tools have been proposed to protect the user against browser fingerprinting. However, these tools have usability restrictions as they deactivate browser features and plug-ins (like Flash) or the HTML5 canvas element. In addition, all of them only provide limited protection, as they randomize browser settings with unrealistic parameters or have methodical flaws, making them detectable for trackers.

In this work we demonstrate the first anti-fingerprinting strategy, which protects against Flash fingerprinting without deactivating it, provides robust and undetectable anti-canvas fingerprinting, and uses a large set of real word data to hide the actual system and browser properties without losing usability. We discuss the methods and weaknesses of existing anti-fingerprinting tools in detail and compare them to our enhanced strategies. Our evaluation against real world fingerprinting tools shows a successful fingerprinting protection in over 99% of 70.000 browser sessions.
Original languageEnglish
Title of host publicationWPES '16. Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society
PublisherAssociation for Computing Machinery (ACM)
Pages37-46
Number of pages10
ISBN (Print)978-1-4503-4569-9
DOIs
Publication statusPublished - 2016
Externally publishedYes
Event15th ACM Workshop on Privacy in the Electronic Society, WPES 2016 - Vienna, Austria
Duration: 24 Oct 201624 Oct 2016
Conference number: 15
http://wpes2016.di.unimi.it/

Conference

Conference15th ACM Workshop on Privacy in the Electronic Society, WPES 2016
Abbreviated titleWPES 2016
CountryAustria
CityVienna
Period24/10/1624/10/16
Internet address

Fingerprint

Chromium
Defects

Keywords

  • browser, canvas, fingerprinting, flash, privacy, tracking

Cite this

Baumann, P., Katzenbeisser, S., Stopczynski, M., & Tews, E. (2016). Disguised Chromium Browser: Robust Browser, Flash and Canvas Fingerprinting Protection. In WPES '16. Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society (pp. 37-46). Association for Computing Machinery (ACM). https://doi.org/10.1145/2994620.2994621
Baumann, Peter ; Katzenbeisser, Stefan ; Stopczynski, Martin ; Tews, Erik. / Disguised Chromium Browser : Robust Browser, Flash and Canvas Fingerprinting Protection. WPES '16. Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society. Association for Computing Machinery (ACM), 2016. pp. 37-46
@inproceedings{cac73780d3b449d0aea374d421acf74f,
title = "Disguised Chromium Browser: Robust Browser, Flash and Canvas Fingerprinting Protection",
abstract = "Browser fingerprinting is a widely used technique to uniquely identify web users and to track their online behavior. Until now, different tools have been proposed to protect the user against browser fingerprinting. However, these tools have usability restrictions as they deactivate browser features and plug-ins (like Flash) or the HTML5 canvas element. In addition, all of them only provide limited protection, as they randomize browser settings with unrealistic parameters or have methodical flaws, making them detectable for trackers.In this work we demonstrate the first anti-fingerprinting strategy, which protects against Flash fingerprinting without deactivating it, provides robust and undetectable anti-canvas fingerprinting, and uses a large set of real word data to hide the actual system and browser properties without losing usability. We discuss the methods and weaknesses of existing anti-fingerprinting tools in detail and compare them to our enhanced strategies. Our evaluation against real world fingerprinting tools shows a successful fingerprinting protection in over 99{\%} of 70.000 browser sessions.",
keywords = "browser, canvas, fingerprinting, flash, privacy, tracking",
author = "Peter Baumann and Stefan Katzenbeisser and Martin Stopczynski and Erik Tews",
year = "2016",
doi = "10.1145/2994620.2994621",
language = "English",
isbn = "978-1-4503-4569-9",
pages = "37--46",
booktitle = "WPES '16. Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society",
publisher = "Association for Computing Machinery (ACM)",
address = "United States",

}

Baumann, P, Katzenbeisser, S, Stopczynski, M & Tews, E 2016, Disguised Chromium Browser: Robust Browser, Flash and Canvas Fingerprinting Protection. in WPES '16. Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society. Association for Computing Machinery (ACM), pp. 37-46, 15th ACM Workshop on Privacy in the Electronic Society, WPES 2016, Vienna, Austria, 24/10/16. https://doi.org/10.1145/2994620.2994621

Disguised Chromium Browser : Robust Browser, Flash and Canvas Fingerprinting Protection. / Baumann, Peter; Katzenbeisser, Stefan; Stopczynski, Martin; Tews, Erik.

WPES '16. Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society. Association for Computing Machinery (ACM), 2016. p. 37-46.

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Disguised Chromium Browser

T2 - Robust Browser, Flash and Canvas Fingerprinting Protection

AU - Baumann, Peter

AU - Katzenbeisser, Stefan

AU - Stopczynski, Martin

AU - Tews, Erik

PY - 2016

Y1 - 2016

N2 - Browser fingerprinting is a widely used technique to uniquely identify web users and to track their online behavior. Until now, different tools have been proposed to protect the user against browser fingerprinting. However, these tools have usability restrictions as they deactivate browser features and plug-ins (like Flash) or the HTML5 canvas element. In addition, all of them only provide limited protection, as they randomize browser settings with unrealistic parameters or have methodical flaws, making them detectable for trackers.In this work we demonstrate the first anti-fingerprinting strategy, which protects against Flash fingerprinting without deactivating it, provides robust and undetectable anti-canvas fingerprinting, and uses a large set of real word data to hide the actual system and browser properties without losing usability. We discuss the methods and weaknesses of existing anti-fingerprinting tools in detail and compare them to our enhanced strategies. Our evaluation against real world fingerprinting tools shows a successful fingerprinting protection in over 99% of 70.000 browser sessions.

AB - Browser fingerprinting is a widely used technique to uniquely identify web users and to track their online behavior. Until now, different tools have been proposed to protect the user against browser fingerprinting. However, these tools have usability restrictions as they deactivate browser features and plug-ins (like Flash) or the HTML5 canvas element. In addition, all of them only provide limited protection, as they randomize browser settings with unrealistic parameters or have methodical flaws, making them detectable for trackers.In this work we demonstrate the first anti-fingerprinting strategy, which protects against Flash fingerprinting without deactivating it, provides robust and undetectable anti-canvas fingerprinting, and uses a large set of real word data to hide the actual system and browser properties without losing usability. We discuss the methods and weaknesses of existing anti-fingerprinting tools in detail and compare them to our enhanced strategies. Our evaluation against real world fingerprinting tools shows a successful fingerprinting protection in over 99% of 70.000 browser sessions.

KW - browser, canvas, fingerprinting, flash, privacy, tracking

U2 - 10.1145/2994620.2994621

DO - 10.1145/2994620.2994621

M3 - Conference contribution

SN - 978-1-4503-4569-9

SP - 37

EP - 46

BT - WPES '16. Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society

PB - Association for Computing Machinery (ACM)

ER -

Baumann P, Katzenbeisser S, Stopczynski M, Tews E. Disguised Chromium Browser: Robust Browser, Flash and Canvas Fingerprinting Protection. In WPES '16. Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society. Association for Computing Machinery (ACM). 2016. p. 37-46 https://doi.org/10.1145/2994620.2994621