The Community for Technology Leaders
RSS Icon
pp: 1
Nick Nikiforakis , KU Leuven, Leuven
Alexandros Kapravelos , UC Santa Barbara, Santa Barbara
Wouter Joosen , K.U.Leuven, Leuven
Christopher Kruegel , UC Santa Barbara, Santa Barbara
Frank Piessens , KU Leuven, Leuven
Giovanni Vigna , UC Santa Barbara, Santa Barbara
In this article, we examine how web-based device fingerprinting currently works on the Internet. By analyzing the code of three popular browser-fingerprinting code providers, we reveal the techniques that allow websites to track users without the need of client-side identifiers. We expose questionable practices, such as the circumvention of HTTP proxies to discover a user's real IP address and the installation of intrusive browser plugins. At the same time, we show how fragile the browser ecosystem is against fingerprinting through the use of novel browser-identifying techniques. We demonstrate how one can use diversions in the browsers' implementation to distinguish successfully not only the browser-family, but also specific major and minor versions. Lastly, we evaluate user-agent-spoofing browser extensions and show that current commercial approaches can bypass the extensions, and, in addition, take advantage of their shortcomings by using them as additional fingerprinting features.
Nick Nikiforakis, Alexandros Kapravelos, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna, "On the Workings and Current Practices of Web-based Device Fingerprinting", IEEE Security & Privacy, , no. 1, pp. 1, PrePrints PrePrints, doi:10.1109/MSP.2013.160
49 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool