Download PDFOpen PDF in browserThe Elephant in the Background: A Quantitative Approach to Empower Users Against Web Browser FingerprintingEasyChair Preprint 447314 pages•Date: October 26, 2020AbstractTracking users is a ubiquitous practice in the web today. User activity is recorded on a large scale and analyzed by various actors to create personalized products, forecast future behavior, and prevent online fraud. While so far HTTP cookies have been the weapon of choice, new and more pervasive techniques such as browser fingerprinting are gaining traction. Hence, in this paper, we describe how users can be empowered against JavaScript fingerprinting by showing them when, how, and who is tracking them. To this end, we conduct a systematic analysis of various JavaScript fingerprinting tools. Based on this analysis, we design and develop FPMON: a light-weight and comprehensive fingerprinting monitor that measures and rates JavaScript fingerprinting activity on any given website in real-time. Using FPMON, we evaluate the Alexa 10k most popular websites to i) study the pervasiveness of JavaScript fingerprinting; ii) review the latest fingerprinting countermeasures; and iii) identify the major networks that foster the use of fingerprinting. Our evaluations reveal that i) fingerprinters are privacy-invasive and subvert current regulations; ii) they are present on many websites with sensitive contents (health insurance, finances, news, NGOs, etc.); and iii) current countermeasures can not sufficiently protect users. Hence, we publish FPMON as a free browser extension to empower web users against this growing threat. Keyphrases: Chrome, Fingerprinting, Firefox, General Data Protection Regulation, JavaScript, Privacy, Privacy Extensions, Safari, Tracking, browser
|