Abstract
Fingerprinting is a ready-to-use technology that exploits the diversity and complexity of today’s personal computing devices. Since fingerprinting leaves little to no trace, Do Not Track (DNT) policies are hard to enforce. The upcoming ePrivacy Regulation must consider this technological reality. In this opinion paper, we analyse technical use cases for device fingerprinting as an easy-to-deploy and hard-to-detect tracking technology. The EU has a longstanding tradition in strong data protection norms. To keep this high standards, we call on to the legislator to act, and illustrate vital points that must be considered in the legislative process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 674–689 (2014). https://doi.org/10.1145/2660267.2660347
Adamsky, F., Retunskaia, T., Schiffner, S., Köbel, C., Engel, T.: Poster: WLAN device fingerprinting using channel state information (CSI). In: Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks, WiSec 2018, New York, NY, USA, pp. 277–278. ACM (2018). https://doi.org/10.1145/3212480.3226099. ISBN 978-1-4503-5731-9
Al-Fannah, N.M., Li, W.: Not all browsers are created equal: comparing web browser fingerprintability. In: Obana, S., Chida, K. (eds.) IWSEC 2017. LNCS, vol. 10418, pp. 105–120. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64200-0_7
Cabanier, R., Mann, J., Hickson, I., Wiltzius, T., Munro, J.: HTML canvas 2D context, level 2. Technical report, W3C, September 2015. http://www.w3.org/TR/2015/NOTE-2dcontext2-20150929/
Cao, Y., Li, S., Wijmans, E.: (Cross-)browser fingerprinting via OS and hardware level features. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) 2017, January 2017. https://doi.org/10.14722/ndss.2017.23152
Cheshire, S., Krochmal, M.: DNS-based service discovery. RFC 6763, RFC Editor, February 2013. http://www.rfc-editor.org/rfc/rfc6763.txt
Chua, Y.T., Parkin, S., Edwards, M., Oliveira, D., Schiffner, S., Tyson, G., Hutchings, A.: Identifying unintended harms of cybersecurity countermeasures. In: 2019 APWG Symposium on Electronic Crime Research (eCrime). IEEE (2020)
Data Protection Directive. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities, L 281/31:37 (1995). https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:31995L0046
Directive on Privacy and Electronic Communications. Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Official Journal of the European Communities, L 201/37:37 (2002). https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32002L0058
Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14527-8_1
European Council Council of the European Union. Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) (2019). https://www.consilium.europa.eu/register/en/content/out?&typ=ENTRY&i=ADV&DOC_ID=ST-12633-2019-INIT
European Parliament. Report on the proposal for a regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) (COM(2017) 0010 - C8–0009/2017 - 2017/0003(COD)) (2019). http://www.europarl.europa.eu/doceo/document/A-8-2017-0324_EN.pdf
Frolov, S., Wustrow, E.: The use of TLS in censorship circumvention. In: Proceedings 2019 Network and Distributed System Security Symposium (NDSS). Internet Society (2019). https://doi.org/10.14722/ndss.2019.23511
General Data Protection Regulation. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Communities, L 119/1:1–88 (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=DE
Gringoli, F., Schulz, M., Link, J., Hollick, M.: Free your CSI: a channel state information extraction platform for modern Wi-Fi chipsets. In: Proceedings of the 13th International Workshop on Wireless Network Testbeds, Experimental Evaluation & Characterization, WiNTECH 2019, New York, NY, USA, pp. 21–28 (2019). Association for Computing Machinery. ISBN 9781450369312. https://doi.org/10.1145/3349623.3355477
Halperin, D., Hu, W., Sheth, A., Wetherall, D.: Tool release: gathering 802.11n traces with channel state information. ACM SIGCOMM Comput. Commun. Rev. 41(1), 53 (2011)
Hjelmvik, E., John, W.: Statistical protocol IDentification with SPID: preliminary results. In: Swedish National Computer Networking Workshop (2009). http://www.cse.chalmers.se/~johnwolf/publications/sncnw09-hjelmvik_john-CR.pdf. Last Checked 12 May 2010
Hsieh, C., Chen, J., Nien, B.: Deep learning-based indoor localization using received signal strength and channel state information. IEEE Access 7, 33256–33267 (2019). https://doi.org/10.1109/ACCESS.2019.2903487. ISSN 2169–3536
Hua, J., Sun, H., Shen, Z., Qian, Z., Zhong, S.: Accurate and efficient wireless device fingerprinting using channel state information. In: Proceedings of the IEEE International Conference on Computer Communications (INFOCOM), p. 9 (2018)
Huitema, C., Kaiser, D.: DNS-SD privacy and security requirements (Draft Version 04). RFC, RFC Editor, January 2020. https://tools.ietf.org/html/draft-ietf-dnssd-prireq-04
Husák, M., Čermák, M., Jirsík, T., Čeleda, P.: HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting. EURASIP J. Inf. Secur. 2016(1), 6 (2016). https://doi.org/10.1186/s13635-016-0030-7. ISSN 1687–417X
Köhnen, C., Überall, C., Adamsky, F., Rakocevic, V., Rajarajan, M., Jäger, R.: Enhancements to statistical protocol identification (SPID) for self-organised QoS in LANs. In: Proceedings of the 19th International Conference on Computer Communications and Networks (ICCCN 2010) (2010)
Kullback, S., Leibler, R.A.: On information and sufficiency. Ann. Math. Stat. 22, 49–86 (1951)
Laperdrix, P., Bielova, N., Baudry, B., Avoine, G.: Browser fingerprinting: a survey (2019). arXiv:1905.01051
Leen, S.: MIMO OFDM Radar-Communication System with Mutual Interference Cancellation. KIT Scientific Publishing, Karlsruhe (2017). ISBN 978-3-7315-0599-0
Lymberopoulos, D., Liu, J.: The microsoft indoor localization competition: experiences and lessons learned. IEEE Signal Process. Mag. 34(5), 125–140 (2017). https://doi.org/10.1109/MSP.2017.2713817. http://ieeexplore.ieee.org/document/8026207/. ISSN 1053–5888
Mayer, J.R.: Any person... a pamphleteer: internet anonymity in the age of web 2.0, Bachelor thesis (2009)
Mowery, K., Shacham, H.: Pixel perfect: fingerprinting canvas in HTML5. In: Proceedings of W2SP 2012, p. 12 (2012)
Regulation on Privacy and Electronic Communications. Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications). Draft COM/2017/010 final - 2017/03 (COD):35 (2017). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52017PC0010
Rinaldi, G., Adamsky, F., Soua, R., Baiocchi, A., Engel, T.: Softwarization of SCADA: lightweight statistical SDN-agents for anomaly detection. In: Proceedings of the 10th IEEE International Conference on Networks of the Future (NoF) (2019). http://orbilu.uni.lu/handle/10993/40162
Transport Layer Security (TLS) Extensions (2020). https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml. Accessed 29 Jan 2020
Vastel, A., Laperdrix, P., Rudametkin, W., Rouvoy, R.: FP-scanner: the privacy implications of browser fingerprint inconsistencies. In: Proceedings of the 27th USENIX Security Symposium, p. 17 (2018)
Wagner, I., Eckhoff, D.: Technical privacy metrics: a systematic survey. ACM Comput. Surv. (CSUR) 51(3), 1–38 (2018)
Waldron, R., Pozdnyakov, M., Shalamov, A., Langel, T.: Generic sensor API. Technical report, W3C, December 2019. https://www.w3.org/TR/generic-sensor/
Wilde, T.: Knock knock knockin’ on bridges’ doors | tor blog (2012). https://blog.torproject.org/knock-knock-knockin-bridges-doors. Accessed 03 Feb 2020
Zhang, J., Beresford, A.R., Sheret, I.: SensorID: sensor calibration fingerprinting for smartphones. In: 40th IEEE Symposium on Security and Privacy, pp. 638–655. IEEE (2019). https://doi.org/10.1109/SP.2019.00072
Acknowledgements
Parts of this work are supported by the Luxembourg National Research Fund (FNR) grant number C18/IS/12639666/EnCaViBS/Cole. We thank Dominic Dunlop for his review and comments that greatly improved the manuscript.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Adamsky, F., Schiffner, S., Engel, T. (2020). Tracking Without Traces—Fingerprinting in an Era of Individualism and Complexity. In: Antunes, L., Naldi, M., Italiano, G., Rannenberg, K., Drogkaris, P. (eds) Privacy Technologies and Policy. APF 2020. Lecture Notes in Computer Science(), vol 12121. Springer, Cham. https://doi.org/10.1007/978-3-030-55196-4_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-55196-4_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-55195-7
Online ISBN: 978-3-030-55196-4
eBook Packages: Computer ScienceComputer Science (R0)