Defences against browser fingerprinting techniques
Defences against browser fingerprinting techniques
When users interact with a web page, it is often straightforward to extract user data which can then be used to create a profile of that user and even to establish the identity of the user. This identity can be used to collect the behaviour of that individual user while surfing the web. In the past, users have been tracked by small files stored on their computers (e.g., web cookies, flash cookies or supercookies). These small files stored on the user’s computer are designed to be a reliable mechanism for websites to recall stateful information, but can also record the user’s browsing activity. If any users desire to prevent this tracking, they can select tracking-prevention features provided on all modern web browsers. However, the problem of the user privacy does not seem to be easily alleviated. The technique of browser fingerprinting has recently emerged as a novel technique which is fundamentally different from the cookie approach, in particular no files need to be stored on the user computer. The inability to observe tracking files on the user computer means that the tracking is essentially invisible and has raised considerable concern about user privacy on the Internet. This invisible tracking then can become a major problem for users who do not realise that they are being tracked by somebody without their consent.
The main inspiration for this thesis is the limited provision of existing countermeasures to assist users who wish to avoid fingerprint tracking. This research proposes a new browser fingerprinting countermeasure, called 'FP-prevention'. The primary function of FP-prevention is to obfuscate the monitoring undertaken by websites using fingerprinting algorithms by changing the user identity on every request from the web browser to the web server. Changing the user identity using this new approach will not only assist users to avoid fingerprint tracking but also provides a significant benefit for users: when users are surfing websites, the ‘look and feel’ is similar to using the unmodified browser.
In part of the overall evaluation, FP-prevention is assessed on four aspects. At first, FP-prevention is measured on the web browser performance through three JavaScript benchmarks. The result suggests that FP-prevention shows trivial side effects on the web browser performance compared with an unmodified web browser. In terms of efficiency of fingerprinting prevention, FP-prevention is measured on the effectiveness of fingerprinting prevention by observing fingerprinting ID provided by three fingerprinters. The result suggests that FP-prevention is the third most effective countermeasure compared with three countermeasures. Then, FP-prevention is measured on the information paradox by observing the change of browser‘s attributes during a visit to the fingerprint website multiple times. The result suggests that FP-prevention shows negligible side effects on the problem of information paradox. Finally, FP-prevention is measured on the user satisfaction by conducting the survey. The result suggests that FP-prevention yields the highest score in all metrics related to the user satisfaction. With all obtained results, the research considers whether the proposed countermeasure (FP-prevention) is sufficiently robust to prevent fingerprinting tracking efficiently in combination with introducing only limited side effects to the web browsing experience.
University of Southampton
Luangmaneerote, Sakchan
410ad4a0-a7fe-4c4c-87ef-4e8614d2d8e6
1 November 2018
Luangmaneerote, Sakchan
410ad4a0-a7fe-4c4c-87ef-4e8614d2d8e6
Zaluska, Edward
43f6a989-9542-497e-bc9d-fe20f03cad35
Luangmaneerote, Sakchan
(2018)
Defences against browser fingerprinting techniques.
University of Southampton, Doctoral Thesis, 264pp.
Record type:
Thesis
(Doctoral)
Abstract
When users interact with a web page, it is often straightforward to extract user data which can then be used to create a profile of that user and even to establish the identity of the user. This identity can be used to collect the behaviour of that individual user while surfing the web. In the past, users have been tracked by small files stored on their computers (e.g., web cookies, flash cookies or supercookies). These small files stored on the user’s computer are designed to be a reliable mechanism for websites to recall stateful information, but can also record the user’s browsing activity. If any users desire to prevent this tracking, they can select tracking-prevention features provided on all modern web browsers. However, the problem of the user privacy does not seem to be easily alleviated. The technique of browser fingerprinting has recently emerged as a novel technique which is fundamentally different from the cookie approach, in particular no files need to be stored on the user computer. The inability to observe tracking files on the user computer means that the tracking is essentially invisible and has raised considerable concern about user privacy on the Internet. This invisible tracking then can become a major problem for users who do not realise that they are being tracked by somebody without their consent.
The main inspiration for this thesis is the limited provision of existing countermeasures to assist users who wish to avoid fingerprint tracking. This research proposes a new browser fingerprinting countermeasure, called 'FP-prevention'. The primary function of FP-prevention is to obfuscate the monitoring undertaken by websites using fingerprinting algorithms by changing the user identity on every request from the web browser to the web server. Changing the user identity using this new approach will not only assist users to avoid fingerprint tracking but also provides a significant benefit for users: when users are surfing websites, the ‘look and feel’ is similar to using the unmodified browser.
In part of the overall evaluation, FP-prevention is assessed on four aspects. At first, FP-prevention is measured on the web browser performance through three JavaScript benchmarks. The result suggests that FP-prevention shows trivial side effects on the web browser performance compared with an unmodified web browser. In terms of efficiency of fingerprinting prevention, FP-prevention is measured on the effectiveness of fingerprinting prevention by observing fingerprinting ID provided by three fingerprinters. The result suggests that FP-prevention is the third most effective countermeasure compared with three countermeasures. Then, FP-prevention is measured on the information paradox by observing the change of browser‘s attributes during a visit to the fingerprint website multiple times. The result suggests that FP-prevention shows negligible side effects on the problem of information paradox. Finally, FP-prevention is measured on the user satisfaction by conducting the survey. The result suggests that FP-prevention yields the highest score in all metrics related to the user satisfaction. With all obtained results, the research considers whether the proposed countermeasure (FP-prevention) is sufficiently robust to prevent fingerprinting tracking efficiently in combination with introducing only limited side effects to the web browsing experience.
Text
Final Thesis
- Version of Record
More information
Published date: 1 November 2018
Identifiers
Local EPrints ID: 427361
URI: http://eprints.soton.ac.uk/id/eprint/427361
PURE UUID: d0a942ac-e5f8-4884-90e8-6154bec6b43a
Catalogue record
Date deposited: 14 Jan 2019 17:30
Last modified: 15 Mar 2024 23:23
Export record
Contributors
Author:
Sakchan Luangmaneerote
Thesis advisor:
Edward Zaluska
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics