[Zurück]

A. Sjösten, D. Hedin, A. Sabelfeld:
"EssentialFP: Exposing the Essence of Browser Fingerprinting";
Vortrag: EuroS&P 2021 SecWeb Workshop, Vienna; 06.09.2021; in: "IEEE European Symposium on Security and Privacy Workshops", (2021), S. 32 - 48.

Web pages aggressively track users for a variety of purposes from
targeted advertisements to enhanced authentication. As browsers move
to restrict traditional cookie-based tracking, web pages increasingly
move to tracking based on browser fingerprinting. Unfortunately, the
state-of-the-art to detect fingerprinting in browsers is often
error-prone, resorting to imprecise heuristics and crowd-sourced
filter lists.

This paper presents EssentialFP, a principled approach to detecting
fingerprinting on the web. We argue that the pattern of (i) gathering
information from a wide browser API surface (multiple browser-specific
sources) and (ii) communicating the information to the network
(network sink) captures the essence of fingerprinting. This pattern
enables us to clearly distinguish fingerprinting from similar types of
scripts like analytics and polyfills. We demonstrate that information
flow tracking is an excellent fit for exposing this pattern. To
implement EssentialFP we leverage, extend, and deploy JSFlow, a
state-of-the-art information flow tracker for JavaScript, in a
browser. We illustrate the effectiveness of EssentialFP to spot
fingerprinting on the web by evaluating it on two categories of web
pages: one where the web pages perform analytics, use polyfills, and
show ads, and one where the web pages perform authentication, bot
detection, and fingerprinting-enhanced Alexa top pages.

http://dx.doi.org/10.1109/EuroSPW54576.2021.00011

https://publik.tuwien.ac.at/files/publik_296694.pdf