Abstract
The techniques of tracking users through their web browsers have greatly evolved since the birth of the World Wide Web, posing an increasingly significant privacy risk. An important branch of these methods, called fingerprinting, is getting more and more attention, because it does not rely on client-side information storage, in contrast to cookie-like techniques. In this paper, we propose a new, browser-independent fingerprinting method. We have tested it on a data set of almost a thousand records, collected through a publicly accessible test website. We have shown that a part of the IP address, the availability of a specific font set, the time zone, and the screen resolution are enough to uniquely identify most users of the five most popular web browsers, and that user agent strings are fairly effective but fragile identifiers of a browser instance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Eckersley, P.: How Unique is Your Web Browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010), doi:10.1007/978-3-642-14527-8_1
Gulyás, G., Schulcz, R., Imre, S.: Comprehensive analysis of web privacy and anonymous web browsers: are next generation services based on collaborative filtering? In: Joint SPACE and TIME International Workshops 2008, Trondheim, Norway (June 2008)
Wondracek, G., Holz, T., Kirda, E., Kruegel, C.: A Practical Attack to De-anonymize Social Network Users. In: Proc. of the 2010 IEEE Symposium on Security and Privacy, pp. 223–238 (2010), doi: http://doi.ieeecomputersociety.org/10.1109/SP.2010.21
Mowery, K., Bogenreif, D., Yilek, S., Shacham, H.: Fingerprinting Information in JavaScript Implementations. In: W2SP 2011: Web 2.0 Security and Privacy 2011 (2011)
evercookie – virtually irrevocable persistent cookies, http://samy.pl/evercookie/ (retrieved on August 3, 2011)
Soltani, A., Canty, S., Mayo, Q., Thomas, L., Hoofnagle, C.J.: Flash Cookies and Privacy (2009), SSRN http://ssrn.com/abstract=1446862
Mozilla Firefox 4 Release Notes, http://www.mozilla.com/en-US/firefox/4.0/releasenotes/ (retrieved on August 5, 2011)
Grossman, J.: I know where you’ve been, http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-been.html (retrieved on August 5, 2011)
Gomez, J., Pinnick, T., Soltani, A.: KnowPrivacy. Technical Report 2009-037, University of California, Berkeley (2009)
What They Know – WSJ, http://blogs.wsj.com/wtk/ (retrieved on August 5, 2011)
Paulik, T., Földes, Á.M., Gulyás, G.G.: Blogcrypt: Private Content Publishing on the Web. In: Fourth International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2010, Venice, Italy (July 2010)
Weinberg, Z., Chen, E.Y., Jayaraman, P.R., Jackson, C.: I still know what youvisited last summer. In: Proc. of the 2011 IEEE Symposium on Security and Privacy, pp. 147–161 (2011), doi: http://dx.doi.org/10.1109/SP.2011.23
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Boda, K., Földes, Á.M., Gulyás, G.G., Imre, S. (2012). User Tracking on the Web via Cross-Browser Fingerprinting. In: Laud, P. (eds) Information Security Technology for Applications. NordSec 2011. Lecture Notes in Computer Science, vol 7161. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29615-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-29615-4_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29614-7
Online ISBN: 978-3-642-29615-4
eBook Packages: Computer ScienceComputer Science (R0)