Been Here Already? Detecting Synchronized Browsers in the Wild.

Browsers have become the most popular and used platform for accessing the web. Their wide and exclusive usage as a medium for doing several tasks in the Internet comes with serious security and privacy risks for the users. For example, it has been shown that web sites can employ browser fingerprinting and cross-device tracking techniques to de-anonymizing or profiling a user's browser. On the other hand, browsers become richer in functionality by the years. One very convenient feature, introduced recently and being available to most major web browsers, is synchronizing the browsers on different devices. Browser synchronization allows users to share settings and preferences of their browser running on multiple devices (e.g., on their laptop and smartphone). In this paper, we are the first to deliver a framework that can be used by web site operators to detect if different HTTP requests, issued from different browsers, are actually requests performed by the same user through multiple synchronized browsers running on different devices. For detecting this, we reconstruct different sessions based on their requested resources, timestamps and cookies. In addition, we evaluate our methodology by conducting a user study that collects anonymized HTTP requests from several users, and we prove that the detection of synchronized sessions is possible with a success rate higher than 75%. Our results indicate a serious implication to users' privacy that has not been studied before.