Abstract
Web browsers are indispensable applications in our daily lives. Millions of users use web browsers for a wide range of activities such as social media, online shopping, emails, or surfing the web. The evolution of increasingly more complicated web applications relies on browsers constantly adding and removing features. At the same time, some of these web services use browser fingerprinting to track and profile their users with clear disregard for their web privacy. In this paper, we perform an empirical analysis of browser features evolution and aim to evaluate browser fingerprintability. By analyzing 33 Google Chrome, 31 Mozilla Firefox, and 33 Opera major browser versions released through 2016 to 2020, we discover that all of these browsers have unique feature sets which makes them different from each other. By comparing these features to the fingerprinting APIs presented in literature that have appeared in this field, we conclude that all of these browser versions are uniquely fingerprintable. Our results show an alarming trend that browsers are becoming more fingerprintable over time because newer versions contain more fingerprintable APIs compared to older ones.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Am IUnique. https://amiunique.org. Accessed 20 June 2021
EasyList. https://easylist.to/. Accessed 20 June 2021
Opera version history. https://help.opera.com/en/opera-version-history/. Accessed 30 June 2021
Panopticlick. https://panopticlick.eff.org. Accessed 10 Jan 2021
WebIDL Level 1. https://www.w3.org/TR/WebIDL-1/. Accessed 20 July 2021
Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (2014)
Acar, G., et al.: Fpdetective: dusting the web for fingerprinters. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. CCS 2013, pp. 1129–1140. Association for Computing Machinery, New York, NY, USA (2013). https://doi.org/10.1145/2508859.2516674
Apple: Safari privacy overview (2019). https://www.apple.com/safari/docs/.pdf
Berners-Lee, T.: The worldwideweb browser (1990). https://www.w3.org/People/Berners-Lee/WorldWideWeb.html
BrowserStack: App & Browser Testing Made Easy (2021). https://www.browserstack.com/
Cao, Y., Li, S., Wijmans, E.: (cross-)browser fingerprinting via OS and hardware level features (2017). https://doi.org/10.14722/ndss.2017.23152
Chenxiong, Q., Koo, H., Oh, C., Kim, T., Lee, W.: Slimium: debloating the chromium browser with feature subsetting. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2020)
Google Chrome: New in Chrome 56 – Web (2017). https://developers.google.com/web/updates/2017/01/nic56. Accessed 20 June 2021
Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14527-8_1
Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1388–1401 (2016)
fingerprintjs: fingerprintjs. https://github.com/fingerprintjs/fingerprintjs. Accessed 15 July 2021
Mozilla Firefox: Firefox 51.0, See All New Features, Updates and Fixes (2017). https://www.mozilla.org/en-US/firefox/51.0/releasenotes/. Accessed 20 June 2021
Gómez-Boix, A., Laperdrix, P., Baudry, B.: Hiding in the crowd: An analysis of the effectiveness of browser fingerprinting at large scale. In: Proceedings of the 2018 World Wide Web Conference. WWW 2018, pp. 309–318. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, CHE (2018). https://doi.org/10.1145/3178876.3186097
Jueckstock, J., Kapravelos, A.: Visible V8: in-browser monitoring of JavaScript in the wild. In: Proceedings of the ACM Internet Measurement Conference (IMC), October 2019
Mowery, K., Shacham, H.: Pixel perfect: fingerprinting canvas in HTML5. In: Proceedings of W2SP (2012)
Mozilla: MDN Web Docs - Web APIs. https://developer.mozilla.org/en-US/docs/Web/API
Mozilla: How to block fingerprinting with Firefox (2020). https://blog.mozilla.org/firefox/how-to-block-fingerprinting-with-firefox/
Nikiforakis, N., Kapravelos, A., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: Cookieless monster: exploring the ecosystem of web-based device fingerprinting. In: Proceedings of the IEEE Symposium on Security and Privacy (2013)
Olejnik, L., Englehardt, S., Narayanan, A.: Battery status not included: assessing privacy in web standards. In: Proceedings of the International Workshop on Privacy Engineering (IWPE) (2017)
Olejnik, A., Castelluccia, C., Janc, A.: Why Johnny can’t browse in peace: On the uniqueness of web browsing history patterns (2012)
Schwarz, M., Lackner, F., Gruss, D.: JavaScript template attacks: automatically inferring host information for targeted exploits. In: NDSS (2019)
Snyder, P., Ansari, L., Taylor, C., Kanich, C.: Browser feature usage on the modern web. In: Proceedings of the Internet Measurement Conference (IMC) (2016)
Snyder, P., Livshits, B.: Brave, fingerprinting, and privacy budgets (2019). https://brave.com/brave-fingerprinting-and-privacy-budgets/
Snyder, P., Taylor, C., Kanich, C.: Most websites don’t need to vibrate: a cost-benefit approach to improving browser security. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (2017)
Starov, O., Laperdrix, P., Kapravelos, A., Nikiforakis, N.: Unnecessarily Identifiable: Quantifying the fingerprintability of browser extensions due to bloat. In: Proceedings of the World Wide Web Conference (WWW) (2019)
Trickel, E., Starov, O., Kapravelos, A., Nikiforakis, N., Doupe, A.: Everyone is different: client-side diversification for defending against extension fingerprinting. In: Proceedings of the USENIX Security Symposium (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Akhavani, S.A., Jueckstock, J., Su, J., Kapravelos, A., Kirda, E., Lu, L. (2021). Browserprint: an Analysis of the Impact of Browser Features on Fingerprintability and Web Privacy. In: Liu, J.K., Katsikas, S., Meng, W., Susilo, W., Intan, R. (eds) Information Security. ISC 2021. Lecture Notes in Computer Science(), vol 13118. Springer, Cham. https://doi.org/10.1007/978-3-030-91356-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-91356-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91355-7
Online ISBN: 978-3-030-91356-4
eBook Packages: Computer ScienceComputer Science (R0)