Assessing Web Fingerprinting Risk
arxiv(2024)
摘要
Modern Web APIs allow developers to provide extensively customized
experiences for website visitors, but the richness of the device information
they provide also make them vulnerable to being abused to construct browser
fingerprints, device-specific identifiers that enable covert tracking of users
even when cookies are disabled.
Previous research has established entropy, a measure of information, as the
key metric for quantifying fingerprinting risk. However, earlier studies had
two major limitations. First, their entropy estimates were based on either a
single website or a very small sample of devices. Second, they did not
adequately consider correlations among different Web APIs, potentially grossly
overestimating their fingerprinting risk.
We provide the first study of browser fingerprinting which addresses the
limitations of prior work. Our study is based on actual visited pages and Web
APIs reported by tens of millions of real Chrome browsers in-the-wild. We
accounted for the dependencies and correlations among Web APIs, which is
crucial for obtaining more realistic entropy estimates. We also developed a
novel experimental design that accurately and efficiently estimates entropy
while never observing too much information from any single user. Our results
provide an understanding of the distribution of entropy for different website
categories, confirm the utility of entropy as a fingerprinting proxy, and offer
a method for evaluating browser enhancements which are intended to mitigate
fingerprinting.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要