The Web Never Forgets
Top Cited Papers
- 3 November 2014
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
Abstract
We present the first large-scale studies of three advanced web tracking mechanisms - canvas fingerprinting, evercookies and use of "cookie syncing" in conjunction with evercookies. Canvas fingerprinting, a recently developed form of browser fingerprinting, has not previously been reported in the wild; our results show that over 5% of the top 100,000 websites employ it. We then present the first automated study of evercookies and respawning and the discovery of a new evercookie vector, IndexedDB. Turning to cookie syncing, we present novel techniques for detection and analysing ID flows and we quantify the amplification of privacy-intrusive tracking practices due to cookie syncing. Our evaluation of the defensive techniques used by privacy-aware users finds that there exist subtle pitfalls --- such as failing to clear state on multiple browsers at once - in which a single lapse in judgement can shatter privacy defenses. This suggests that even sophisticated users face great difficulties in evading tracking techniques.Keywords
Funding Information
- FWO (G.0360.11N G.0686.11N)
- KU Leuven (ZKC6370 OT/13/070)
- Agentschap voor Innovatie door Wetenschap en Technologie (SBO SPION)
This publication has 20 references indexed in Scilit:
- Cookieless Monster: Exploring the Ecosystem of Web-Based Device FingerprintingPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2013
- FPDetectivePublished by Association for Computing Machinery (ACM) ,2013
- Cross-origin pixel stealingPublished by Association for Computing Machinery (ACM) ,2013
- You are what you includePublished by Association for Computing Machinery (ACM) ,2012
- An approach for identifying JavaScript-loaded advertisements through static program analysisPublished by Association for Computing Machinery (ACM) ,2012
- Tracking the Trackers: Fast and Scalable Dynamic Analysis of Web Content for Privacy ViolationsLecture Notes in Computer Science, 2012
- Flash Cookies and Privacy II: Now with HTML5 and ETag RespawningSSRN Electronic Journal, 2011
- How Unique Is Your Web Browser?Lecture Notes in Computer Science, 2010
- Flash Cookies and PrivacySSRN Electronic Journal, 2009
- Remote Physical Device FingerprintingIEEE Transactions on Dependable and Secure Computing, 2005