The Community for Technology Leaders
RSS Icon
Subscribe
pp: 1
Nick Nikiforakis , KU Leuven, Leuven
Alexandros Kapravelos , UC Santa Barbara, Santa Barbara
Wouter Joosen , K.U.Leuven, Leuven
Christopher Kruegel , UC Santa Barbara, Santa Barbara
Frank Piessens , KU Leuven, Leuven
Giovanni Vigna , UC Santa Barbara, Santa Barbara
ABSTRACT
In this article, we examine how web-based device fingerprinting currently works on the Internet. By analyzing the code of three popular browser-fingerprinting code providers, we reveal the techniques that allow websites to track users without the need of client-side identifiers. We expose questionable practices, such as the circumvention of HTTP proxies to discover a user's real IP address and the installation of intrusive browser plugins. At the same time, we show how fragile the browser ecosystem is against fingerprinting through the use of novel browser-identifying techniques. We demonstrate how one can use diversions in the browsers' implementation to distinguish successfully not only the browser-family, but also specific major and minor versions. Lastly, we evaluate user-agent-spoofing browser extensions and show that current commercial approaches can bypass the extensions, and, in addition, take advantage of their shortcomings by using them as additional fingerprinting features.
CITATION
Nick Nikiforakis, Alexandros Kapravelos, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna, "On the Workings and Current Practices of Web-based Device Fingerprinting", IEEE Security & Privacy, , no. 1, pp. 1, PrePrints PrePrints, doi:10.1109/MSP.2013.160
106 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool