Jump to content

User:Ergozat/iir redaction

From Wikipedia, the free encyclopedia
(Redirected from User:Ergozat/iir)

A Browser fingerprint is information collected when the user visits websites. A fingerprint containing enough information can identify a device. It's used by first parties or by third-party companies. These third-party companies provide fingerprint services or use it for themselves. The main usage is to track users across websites, especially to deliver targetted ads. It's also used with malicious intentions. For example to reveal device vulnerabilities or steal private data. It's also used to detect account stealing. Indeed sites can know if the account is used without the usual user's browser. Studies show that the capacity of a fingerprint to identify users can be from 33% to 90%.

Extensions exist against fingerprint and tracking. But they can have the opposite effect. Depending on the installed extensions, a user makes her browser more identifiable. Randomization of some parts of the browser's behavior helps combat tracking. Like that, a site can't have the same fingerprint between two visits to this browser. Also, not all browsers produce the same amount of information usable in a fingerprint.

A fingerprint contains a browser's information, different techniques exist to gather them. Graphics are part of the modern web, but they reveal browser pieces of information. For example, it's family or it's version. It also reveals system information like the operating system. Techniques exist that reveal hardware information too. Like testing the device computational capabilities or access device components through API. The list of installed add-ons on the browser can differentiate users from each other. It's obtained by API or by the modifications they make on a page, revealing their presence. Also, plugins are effective tools to retrieve the list of installed fonts on the user's device. Yet, nowadays they are deprecated. As browser's engines are not implemented uniformly between the different vendors. So it's used to detect the family browser, sometimes its version. HTTP headers' orders are specific to browsers. CSS and HTML parser too, along with the different JavaScript engines. Browser fingerprint was the main topic of a study the first time in 2010. Other studies follow to describe more techniques, usages, detection, and prevention techniques.

Definition

[edit]

A fingerprint is some bits that identify a device[2]. Browser fingerprint is a fingerprint deduced by a third party when a user visits a site[3]. The capacity of a fingerprint to uniquely identify a device is measured by its entropy[4]. This value represents the amount of information contained in the fingerprint[4]. This entropy can be normalized to compare different studies with different data sizes[5]. For example, the list of fonts on a device has an entropy of 13.9 and the timezone 3.04, according to the Panopticlick site[6]. Normalized, these two values became respectively 0.531 and 0.161[5].

It's a stateless technique since it doesn't rely on information stored on the user's browser, like HTTP cookies[7]. It relies on browsers and system information[7], provided by the browser behavior[2].So, they are weak against change in browser configuration since they generally depend on it[8].

Usages

[edit]

Fingerprinting is either used with good or bad intentions relative to the user[1]. However, it's never that manichean and the border is thin since it depends only on the one using the fingerprint[9].

In the wild

[edit]

Browser fingerprint is used on internet[10][11][12]. In 2014, at least 5.5% of top 100,00 Alexa site use canvas fingerprint[13]. In 2013, at least 0.4% of top 10,000 Alexa site run scripts from one of this fingerprint provider : BlueCava, Iovation and ThreatMetrix[14]. Most of them are in "Pornography" and "Personnals/Dating" category, respectively 15% and 12.5%[14]. Less popular websites that use this companies' code are mainly categorized as : spam, malicious sites, adult/mature content, computers/internet, datings/personnals[15]. Companies provide their code to this "Spam" and "Malicious" site likely to increase their fingerprint database[15]. In 2017, 10.44% of top 10,000 Alexa sites use the canvas element to fingerprint[16]. Approximately 2.15% of them using obfuscation technique to hide their fingerprint code[16]. In the top 100 sites, 24 of the 47 sites using fingerprint use obfuscation, 39 of the 47 have their scripts elsewere than their home pages[17]. This imply that sites tends to move their scripts from their home pages[17].

Fingerprinting is done either with website own scripts or third-party scripts[13][14]. Some third-parties include fingerprint in their services, without the site being necessarily aware[13]. In this case, it's probably done to prevent click-fraud[14]. The first party can also ask companies fingerprinting[14]. Third parties may add the calculated fingerprint directly in the DOM, and so the website can use it[14]. Also, the fingerprint is sometimes hidden from the first-party, and the latter has to request directly the third-party for information[14].

Tracking

[edit]

A fingerprinting with enough high entropy makes a user unique among others[18]. It's used by companies for tracking users and learn their interests[19]. The main purpose is to provide targeted advertising[20].

Fingerprint are also used to regenerate deleted cookies[21], or relink old cookies[18][21].

Malicious intentions

[edit]

Malicious and spamming sites use fingerprint[15]. With it, they do phising, snatch user's data and device's vulnerabilities[15]. These data are sometimes used to subscribe users to paid services[15]. With devices vulnerabilities, malware can do targeted exploits[22]. With that, attackers hide attacks that are not effective for the targeted machine[23]. And so, hide their attack potential[23].

Augmented authentification

[edit]

Fingerprint is a convenient method for augmented authentification as it doesn't require user interaction[24]. Sites use this method to know if a paid account is used by a single user, or that it's not hacked[14]. It's especially true for sites that contain private and important user's pieces of information [15]. Also, it's used to verify that several accounts do not come from the same computer[14]. This is problematic on dating sites, where people may want to manipulate other users[14]. One method is to store fingerprint produced by canvas fingerprinting when a user logs for the first time to an account[25]. Then, if a lot of this same fingerprint is in the database, an alert is raised to prevent that the same user creates different accounts[26]. This is weak when the user decides to change his browser since he will not produce the same fingerprint each time[26].

Fingerprint uniqueness

[edit]

Studies try to know if a fingerprint can uniquely identify browsers among others, so be used for tracking. In 2010, the Panopticlick site collect 470,161 browsers fingerprint[27]and 83.6% of them are unique[28]. However peoples who go on this site are already aware of the fingerprint issue, thus are not representing the average population on internet[28]. Moreover, it is not possible to deduce what the percentage would be on a larger sampleCite error: A <ref> tag is missing the closing </ref> (see the help page)., 89.4% are unique[5]. Same as with Panopticlick, the sample is biased[29]. A latter study collect 2,067,942 fingerprint from sites not related to this subject[30], so on a more representative population[31]. On this sample they find much lower percentages as 33.6% were unique, 35.7% for desktop and 18.5% for mobiles[31].

Protection techniques and tools

[edit]

Extensions

[edit]

Extensions exists against tracking, and are based on a set of rules[32]. These rulesets are maintained publicly by a community or privatly by a company[32]. Example of well-known community ruleset is EasyList, used by ADBlock Plus[32]. Ghostery, Disconnect and Blur are handled by companies[32]. Also, a ruleset can be learned by algorithms, e.g. EFF's Privacy Badger[32]. In 2017, these extensions don't incorporate rules against known fingerprinting methods[33]. For all that, it's up to researcher and rule sets' maintainers to incorpore rules against founded fingerprinting techniques, making these extensions more useful against them[34].

Extension that spoof user agent claim to help masking a browser[35]. In effect, studied ones are easily bypassed through Javascript methods[36]. Also, the mismatch between user-agent and real browser information add information in fingerprint[36]. By using extensions, even privacy oriented, users make their browser more differentiable from those who do not have these extensions[36]. In some contexts (depending on browser, website visited ...) there are more fingerprinting invocations with browser extensions[33]. On mobile, the extension Mother of all AD-BLOCKING is proved to block ThreatMetrix, a fingerprint service used in android applications[33].

Randomization

[edit]

To be used for tracking, fingerprint must not only be unique but also stable[37]. Thus, randomizing some browsers' attributes and responses can break this stability[38]. It's done directly in browser's code[39]. PriVaricator, developed by Nikiforakis et al., randomize plugins list and fonts, but can be expanded[38]. With different parameter combinations, it succeed in obtaining 96.32% unique fingerprint obtained on BlueCanva's fingerprint script, 78.36% for fingerprintingjs library and 37.83% for PetPortal[40]. FPRandom is a Firefox browser modified by Laperdrix et al. on this same principle[37]. It randomize canvas-based fingerprint by modifying subtly the color rendered in the canvas and which font family is showed[41]. It also add noise in AudioContext API[42] and randomize the order of Javascript object's properties[43].

This protection technique is useful for fingerprint based on browser's environment, but not for other method like benchmarking[44]. Moreover, with not enough values randomized, fingerprinters may still deduce it's the same users and that she tries to hide[45]. Randomizing function every time they are called also increase the risk that fingerprinters understand that the user is using this methods[46]. To make up for that, randomization can be done between browsing sessions[46].

Browser choice

[edit]

The different browsers family are more or less fingerprintable[47]. Based on 6 fingerprint attributes (Fonts, Device ID, Canvas, WebGL Renderer and Local IP), Edge is the more easily fingerprintable, then follow ex aequo Firefox and Chrome, then Internet Explorer and finally Safari[48]. On mobile, with this same attributes, Chrome and Opera Mini are ex aequo with the highest fingerprintability, then its Firefox, Edge and Safari[49].This is measured without changing the default browsers parameters[50].

Tor browser is effective against canvas fingerprint and can be against others methods[51]. However, as Tor is very unique, it's identifiable[46]. Also, it depends on its default configuration, changing it can remove its effectiveness against fingerprint[46].

Techniques

[edit]

This techniques are used to add bits of information to a fingerprint, making it more unique[52]. For that, they observe the browser behavior and responses, with or without intervention[2].

Graphics rendering

[edit]

Canvas element

[edit]

Fingerprint with the Canvas element is a well known technique because it bring many device's information[5]. Canvas element can display sentences with different fonts[53]. A sentence will be rendered based on a user's browser environment and hardware[54]. Depending on the rendering, it reveals the operating system and the browsers family[54]. More information can be deduced, like graphics card on the user's device and installed fonts[54]. Some companies use Canvas by combining different sentence and geometric figures in the Canvas element to reveal browser nature and operating system[55]. Emojis are also rendered differently between systems[56] and it's more true for mobile devices[57]. Canvas fingerprint is a good source of information on mobile devices[57]. How the image is rendered by the user are obtain via the canvas method toDataURL(type)[58]. It provide a data URI containing a representation of the image, directly usable in a fingerprint[58]. An other way is with the getImageData() method that return list of canva's pixels[58].

Canvas fingerprinting is stable[59] and have high entropy[60]. However, it is browser dependant [26]. Also, when using only fonts rendering, it is unstable if the user decide to change its zoom[61].

WebGL

[edit]

In a canvas, WebGL can display 3D elements[58]. At a pixel level, this elements can be represented differently based on graphics card, and so reveal it[54]. WebGL attribute UNMASKED_RENDERER_WEBGL display the GPU information[62]. UNMASKED_VENDOR_WEBGL display the GPU vendor[62]. If there is no GPU, CPU information are displayed instead, leaking GPU precence[62]. However, some browser don't give this information, like Firefox[63]. And it doesn't add much information because many device can have the same GPU card[56]

Hardware

[edit]

Benchmarking

[edit]

On the hardware level, a method determines if the CPU uses AES-NI or Turbo Boost, based on benchmarking analysis[64]. By comparing the time of execution between cryptographic and simple operations, it is possible to identify the presence of AES-NI for cryptographic operation boosting[64]. In the Turbo Boost case, it is the Octane 2,0 Javascript benchmark that is used to detect this technology[64]. On a set of 341 tests, the AES-NI and Turbo boost technologies are found to be the most easier to detect in the CPU on the Chrome browser. Here is the accuracy of correct technology presence guessing in this set:[65]

Browser AES-NI presence Turbo Boost presence
Google Chrome 99.28% 84.78%
Mozzila Firefox 71.17% 82.88%
Internet Explorer 77% 55%

Device's components

[edit]
Creation of device ID

Device ID is found with the WebRTC hardware ID attribute[66]. This ID is a cryptographic hash function applied on user's hardware component, along some other values[66]. Depending on the browser, this ID is consistent between visits to a website and so is used for fingerprint[66]. On Chrome it's very consistent as it's doesn't change unless specific actions of a user, like clearing the browser cache[48]. On Firefox, it changes when the browser is reoppened[48]. On edge, it changes between two visits to a website[48].

With Battery Status API, fingerprinter can use the actual battery state of a device as a short-term fingerprint[67]. The API also provide the battery capacity, this information can add a bit in a fingerprint[68]. OscillatorNode produce an audio signal which is specific to a couple browser/operating system[69].

Browser's add-ons

[edit]

Since each user can enable and set add-ons on their browser, they probably have their own unique set of add-ons[70][71]. The list of installed add-ons on a browser is used to add a bit of information in a fingerprint[72]. Besides, add-ons can modify the way the browser act and its ressources, making it even more unique[73].

Plugins

[edit]

Fingerprinters providers use plugins to access user's device information, like installed systems drivers and computer's name[74]. They search for specific plugins that have been allowed by the user or downloaded together with an application and use them directly[74]. This is a powerful fingerprint[74]. As plugins are not often used by mobile browsers, these methods are not useful on these devices[75][63].

Flash or Java plugins are mainly used to retrieve installed fonts on the user's system[76][77]. It's well known by fingerprinting companies[77].Flash give the sum of all user's width screen[78]. Compared with the width provided by the browser, which is the screen's width where the browser is opened, it reveals if the user has more than one monitor[78]. Flash is favored because it doesn't need the user consent[79].Java plugin provide directly some system informations[80]. Java is in general not used by fingerprinting service provider, certainly, because it's not used in the Web field[78]. Instead, in 2013, Flash is widely used, and despite it is vastly criticized and becoming obsolete, it remains enabled on much browsers[78]. On a browser who disable Flash by default, third party fingerprinters can still use it by making Flash important for the visited website[23].

Extensions

[edit]

Extensions can modify a page, by either add new element, delete and/or change some[81]. Via this modification, extensions installed on the user's browser are revealed[82]. Modifications are done on the DOM but can also be on the BOM[82]. XHOUND, developed by Starov et al., use this method by detecting DOM alterations[83]. It show that in 2017 16.6% of the top 10,000 popular Chrome's extensions are detectable on at least one of the 50 top popular site[82]. It rise to 23% with the top 1000 popular Chrome's extensions[82]. These percentages tend to decrease with extensions popularity[82] and are stable through months[84]. An other method for listing extension ask a browser an extension's ressource[85]. Most browsers will see if the concerned extension is installed. If it is, they then check if the extension is allowed to provide the resource[85]. The browser will respond more rapidly if the extension is not installed[85]. The particularity of extensions listing is that they can reveal a person's interest[86][87]. Extensions based fingerprint are possibly used on mobile since many popular mobile browser have extensions[75].

Sometimes, extensions that claim to protect the user instead do the contrary, it's the case when they spoof a user agent string[36]. As they modify the user agent, the information will not be consistent with real information provided by the browser.[36] These differences can be added to a fingerprint and reveal some extension's presence[36].

Browser engine particularities

[edit]

HTTP Headers

[edit]

Browsers choose the way they order HTTP header fields and their number[88]. So it's used to infer the browser family[88]. For example, Internet Explorer choose to order the UserAgent before the Host field, while Chrome do the opposite order[88].

In HTTP header, the user agent string provides basic information about the connected user[89]. For example, information directly about the system's hardware[21]. It is more discriminating for mobile than for desktop[57]. It can reveal a phone model[90], or the version of the Android firmware[57]. This information are granted by application, who have been authorized by the user to provide them[57].

HTML parser

[edit]

Browsers have their own HTML parser[2]. They can choose to implement new HTML5 features at their own rhythm[88]. It is used to discover the browser family depending on which features are effectivly implement on the user's browser[88].

Each browser can have specific behaviour when parsing HTML[91]. These specific behaviors, or "HTML parser quirks"[2], can be tested and resumed in a browser's signature[91]. With many browser's signatures, an unknown browser family and version is deduced by comparing its signature with the collected ones[92]. The comparison is done with a Hamming distance or with machine learning[92]. Hamming distance method determine the exact browser version with likely 71% of accuracy[93].

CSS properties

[edit]

CSS properties are not always homogeneously supported by browsers[94]. It's used to differentiate their family, even their versions[94]. For example, the CSS property grid is not supported on Internet Explorer 11 and Firefox 51 but fully on Firefox 72 and Opera 64, as see on CanIUse site.

CSS Media query Operating System theme
-moz-windows-default-theme Windows default theme
-moz-mac-graphite-theme Mac OS Graphite theme
-moz-windows-compositor Desktop window manager enabled

Also, CSS Media queries can give informations about operating system, like the OS theme[95]. They can give more informations, such as screen-size (device-height and device-width), screen orientation (as portrait or landscape) and the ratio of pixel’s device[96]. Part of installed fonts on user's device are revealed by the @font-face specification[97]. A property is implemented by a browser if it can be called through Javascript[94]. Also, a site can set CSS properties to ask their values to an URL[98]. The server behind the URL know that the user's browser can interpret the property if it's requested[98].

cursor : url("server.php?property=cursor") ; 

With several properties, "server.php" can know which properties are implemented in the user's browser[99].

The CSS selector :visited reveal part of user's history[100]. Fingerprinter choose set of sites and see if the user have visited them or not[100]. With a set of at least 50 top popular website, user's history profile are mostly unique[101]. This work as well on mobile as on desktop[101]. These unique profiles tend to stay the same over time[102]. In addition to fingerprint a user, this leak a user's interests[103]. On modern browser this method is fixed, but it remains possible on older browsers that still exists on the Web[103].

Javascript

[edit]

Javascript allow to check a letter bounding box[104]. On different browser, these bouding box differ for a letter of the same font, when rendered largely[104]. As these dimensions are also affected by antialiasing and hinting configuration, same browsers on same operating system can be distinguished[104]. When a letter is not found on the system, a "glyph not found" take the letter's place with a specific dimension[104]. It so reveal that the font is not installed on the system[104]. This methods is not the most effective fingerprint, but remain effective on Tor browser[104].

JavaScript objects, like the navigator and screen objects, are used in fingerprinting[15]. For one thing, the browser's way to enumerate an object property is browser brand and version specific, it can even leak the operating system[105]. Since browsers add new features when releasing a new version, it's a way to determine precisely a browser version by testing if these added features exist[106]. Also, the different browsers families have their vendor-prefixed properties, like screen.mozBrightness for Mozilla Firefox[105]. Furthermore, the possibility in manipulating an object is specific to browsers family too, e.g. :

Browser family Property deletion (of navigator object) Reassignation (of navigator/screen object)
Google Chrome allowed allowed
Mozzila Firefox ignored ignored
Opera allowed allowed
Internet Explorer ignored ignored

Browsers don't implement the same parts of the Javascript ECMAScript standards, even between versions of the same browser[107]. With that, a fingerprinter provider can test in what extend a user's browser cover a standard and so can infer which browser and version are used[107]. It's proved to be an efficient method[108].

Proposed countermeasures

[edit]

Shadow DOM can hide some modifications that extensions do on the page, so partially hide extensions presence[86]. On the other side, adding DOM modifications simulating not installed extensions can confuse a fingerprinter about the actually installed ones[70]. Unification and standardisation between browsers may counter techniques that use browser's differencies. It's the case for the HTTP headers[109], the JavaScript engine[23], user-agent string[110] and authorized fonts for the browser[111]. API's can be more careful on the informations they provide[110]. Also, people who discover new techniques can alerts browsers vendors or APIs makers[112]. They can also spread their knowledge to raise awareness[112] and help community tools to improve[34]. For competition reasons, browsers can be reluctant to apply solutions that may lower their performances[10]. So regulations in this field can resolve that, like the RGPD for stateful tracking in Europe[10].

History

[edit]

The first large scale study on this field, done by Eckersley et al. in 2010, show that user's browsers features can be used to assign it a unique fingerprint[3]. This study is sometimes referred as Panopticlick, the name of the site they used.[3] Then, Nikiforakis et al. in 2010, demonstrate novel techniques and analyze companies' code to show how browser fingerprinting is used in the wild[113].

New technique are then discovered, like Mowery et al. who use in 2011 Javascript in their study[114].In 2012, the Canvas element is introduced by Mowery and Shacham as a way to fingerprint[115]. Also in 2012, Olejnik et al. show that a user's history is fingerprintable[116]. Fifield et al. worked with fonts dimensions in 2015, without using Canavas[117].

Large scale studies follow too. Laperdrix et al. resumed some previous studied techniques, like in Panopticlick[118], with their site AmIUnique[1]. They show their effectiveness on mobile and on a more modern web[1]. As they say, their study is biased because their site attract more privacy aware users[29]. Gómez-Boix et al. propose in 2018 to study fingerprint at large scale without the bias Panopticlick and AmIUnique had[119]. For that, they don't use a site to collect their sample, but put their code on differents sites[119].

Some studies show fingerprint usage on the internet. The first is conducted by Acar et al. in 2013 with FPDetective[120]. Also, Acar et al. in 2014 show usage of canvas fingerprinting in the web[121]. Englehardt and Narayanan measured at a very large scale usage of tracking, included fingerprinting[122]. Based on the assumption that some fingerprint scripts are obfuscated, Hoan Le et al. crawl in 2017 the web with dynamic code analysis instead of a static one, like it was done before[122].

See also

[edit]

References

[edit]
  1. ^ a b c d Laperdrix 2016, p. 878
  2. ^ a b c d e Abgrall 2012, p. 1
  3. ^ a b c Eckersley 2010, p. 1
  4. ^ a b Eckersley 2010, p. 6
  5. ^ a b c d Laperdrix 2016, p. 882 Cite error: The named reference "Laperdrix2016_882" was defined multiple times with different content (see the help page).
  6. ^ Eckersley 2010, p. 17
  7. ^ a b Merzdovnik 2017, p. 320
  8. ^ Eckersley 2010, p. 11
  9. ^ Nikiforakis 2013, p. 542
  10. ^ a b c Nikiforakis 2013, p. 554
  11. ^ Acar 2013, p. 1139
  12. ^ Acar 2014, p. 686
  13. ^ a b c Acar 2014, p. 678
  14. ^ a b c d e f g h i j Nikiforakis 2013, p. 546
  15. ^ a b c d e f g Nikiforakis 2013, p. 547
  16. ^ a b Le 2017, p. 4
  17. ^ a b Le 2017, p. 5
  18. ^ a b Eckersley 2010, p. 3
  19. ^ Acar 2013, p. 1138
  20. ^ Nikiforakis 2015, p. 821
  21. ^ a b c Kaur 2017, p. 107
  22. ^ Abgrall 2012, p. 8
  23. ^ a b c d Nikiforakis 2013, p. 553
  24. ^ Alaca 2016, p. 299
  25. ^ Abouollo 2017, p. 359
  26. ^ a b c Abouollo 2017, p. 360
  27. ^ Eckersley 2010, p. 2
  28. ^ a b Eckersley 2010, p. 10
  29. ^ a b Laperdrix 2016, p. 881
  30. ^ Gómez-Boix 2018, p. 312
  31. ^ a b Gómez-Boix 2018, p. 314
  32. ^ a b c d e Merzdovnik 2017, p. 322
  33. ^ a b c Merzdovnik 2017, p. 327
  34. ^ a b Merzdovnik 2017, p. 329
  35. ^ Yen 2012, p. 13
  36. ^ a b c d e f Nikiforakis 2013, p. 552
  37. ^ a b Laperdrix 2017, p. 99
  38. ^ a b Nikiforakis 2015, p. 820
  39. ^ Nikiforakis 2015, p. 823
  40. ^ Nikiforakis 2015, p. 825
  41. ^ Laperdrix 2017, p. 101
  42. ^ Laperdrix 2017, p. 102
  43. ^ Laperdrix 2017, p. 103
  44. ^ Nikiforakis 2015, p. 827
  45. ^ Ashouri 2018, p. 3
  46. ^ a b c d Laperdrix 2017, p. 105
  47. ^ Al-Fannah 2017, p. 117
  48. ^ a b c d Al-Fannah 2017, p. 114
  49. ^ Al-Fannah 2017, p. 115
  50. ^ Al-Fannah 2017, p. 107
  51. ^ Acar 2014, p. 684
  52. ^ Eckersley 2010, p. 11
  53. ^ Mowery 2012, p. 2
  54. ^ a b c d Mowery 2012, p. 6
  55. ^ Acar 2014, p. 2
  56. ^ a b Laperdrix 2016, p. 883
  57. ^ a b c d e Laperdrix 2016, p. 885
  58. ^ a b c d Mowery 2012, p. 3
  59. ^ Mowery 2012, p. 5
  60. ^ Mowery 2012, p. 8
  61. ^ Abouollo 2017, p. 361
  62. ^ a b c Al-Fannah 2017, p. 110
  63. ^ a b Laperdrix 2016, p. 884
  64. ^ a b c Saito 2016, p. 588
  65. ^ Saito 2016, p. 590
  66. ^ a b c Al-Fannah 2017, p. 109
  67. ^ Olejnik 2016, p. 256
  68. ^ Olejnik 2016, p. 259
  69. ^ Englehardt 2016, p. 1399
  70. ^ a b Starov 2017, p. 954
  71. ^ Sanchez-Rola 2017, p. 688
  72. ^ Acar 2013, p. 1131
  73. ^ Kaur 2017, p. 108
  74. ^ a b c Nikiforakis 2013, p. 545
  75. ^ a b Starov 2017, p. 942
  76. ^ Fiore 2014, p. 3
  77. ^ a b Nikiforakis 2013, p. 544
  78. ^ a b c d Nikiforakis 2013, p. 543
  79. ^ Fiore 2014, p. 3
  80. ^ Kaur 2017, p. 6
  81. ^ Starov 2017, p. 947
  82. ^ a b c d e Starov 2017, p. 946
  83. ^ Starov 2017, p. 941
  84. ^ Starov 2017, p. 948
  85. ^ a b c Sanchez-Rola 2017, p. 683
  86. ^ a b Starov 2017, p. 953
  87. ^ Sanchez-Rola 2017, p. 687
  88. ^ a b c d e Unger 2013, p. 257
  89. ^ Fiore 2014, p. 357
  90. ^ Al-Fannah 2017, p. 111
  91. ^ a b Abgrall 2012, p. 2
  92. ^ a b Abgrall 2012, p. 3
  93. ^ Abgrall 2012, p. 6
  94. ^ a b c Unger 2013, p. 256
  95. ^ Taei 2016, p. 60
  96. ^ Takei 2015, p. 59
  97. ^ Takei 2015, p. 58
  98. ^ a b Takei 2016, p. 59
  99. ^ Takei 2016, p. 61
  100. ^ a b Olejnik 2012, p. 5
  101. ^ a b Olejnik 2012, p. 7
  102. ^ Olejnik 2012, p. 11
  103. ^ a b Olejnik 2012, p. 14
  104. ^ a b c d e f Fifield 2015, p. 108
  105. ^ a b Nikiforakis 2013, p. 549
  106. ^ Nikiforakis 2013, p. 550
  107. ^ a b Mulazzani 2013, p. 2
  108. ^ Mulazzani 2013, p. 7
  109. ^ Laperdrix 2016, p. 889
  110. ^ a b Laperdrix 2016, p. 887
  111. ^ Mowery 2012, p. 10
  112. ^ a b Olejnik 2016, p. 262
  113. ^ Nikiforakis 2010, p. 541
  114. ^ Mowery 2011, p. 1
  115. ^ Mowery 2012, p. 1
  116. ^ Olejnik 2012, p. 1
  117. ^ Fifield 2015, p. 1
  118. ^ Eckersley 2010
  119. ^ a b Gómez-Boix 2018, p. 309
  120. ^ Acar 2013, p. 1129
  121. ^ Acar 2014, p. 674
  122. ^ a b Englehardt 2016, p. 1388 Cite error: The named reference "Englehardt2016_1388" was defined multiple times with different content (see the help page).

Bibliography

[edit]

Abgrall, Erwan; Traon, Yves Le; Monperrus, Martin; Gombault, Sylvain; Heiderich, Mario; Ribault, Alain (2012-11-20). "XSS-FP: Browser Fingerprinting using HTML Parser Quirks". arXiv:1211.4812. Abgrall2012. {{cite journal}}: Cite journal requires |journal= (help)

Abouollo, Ahmed; Almuhammadi, Sultan (2017). "Detecting malicious user accounts using Canvas Fingerprint". 2017 8th International Conference on Information and Communication Systems (ICICS). 2017 8th International Conference on Information and Communication Systems (ICICS). pp. 358–361. doi:10.1109/IACS.2017.7921998. Abouollo2017.

Acar, Gunes; Juarez, Marc; Nikiforakis, Nick; Diaz, Claudia; Gürses, Seda; Piessens, Frank; Preneel, Bart (2013). "FPDetective: Dusting the Web for Fingerprinters". Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. CCS '13. New York, NY, USA: ACM. pp. 1129–1140. doi:10.1145/2508859.2516674. ISBN 978-1-4503-2477-9. Acar2013.

Acar, Gunes; Eubank, Christian; Englehardt, Steven; Juarez, Marc; Narayanan, Arvind; Diaz, Claudia (2014). "The Web Never Forgets: Persistent Tracking Mechanisms in the Wild". Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14. the 2014 ACM SIGSAC Conference. Scottsdale, Arizona, USA: ACM Press. pp. 674–689. doi:10.1145/2660267.2660347. ISBN 978-1-4503-2957-6. Acar2014.

Al-Fannah, Nasser Mohammed; Li, Wanpeng (2017). "Not All Browsers are Created Equal: Comparing Web Browser Fingerprintability". In Satoshi Obana, Koji Chida (eds.) (ed.). Advances in Information and Computer Security. Lecture Notes in Computer Science. Springer International Publishing. pp. 105–120. ISBN 978-3-319-64200-0. Al-Fannah2017. {{cite conference}}: |editor= has generic name (help)

Alaca, Furkan; van Oorschot, P. C. (2016). "Device Fingerprinting for Augmenting Web Authentication: Classification and Analysis of Methods". Proceedings of the 32Nd Annual Conference on Computer Security Applications. ACSAC '16. New York, NY, USA: ACM. pp. 289–301. doi:10.1145/2991079.2991091. ISBN 978-1-4503-4771-6. Alaca2016.

Ashouri, Mohammadreza; Asadian, Hooman (2018). "Large-Scale Analysis of Sophisticated Web Browser Fingerprinting Scripts" (Document). Ashouri2018. {{cite document}}: Cite document requires |publisher= (help); Unknown parameter |url= ignored (help)CS1 maint: date and year (link)

Baumann, Peter; Katzenbeisser, Stefan; Stopczynski, Martin; Tews, Erik (2016). "Disguised Chromium Browser: Robust Browser, Flash and Canvas Fingerprinting Protection". Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society. WPES '16. New York, NY, USA: ACM. pp. 37–46. doi:10.1145/2994620.2994621. ISBN 978-1-4503-4569-9. Baumann2016.

Besson, Frédéric; Bielova, Nataliia; Jensen, Thomas (2014). "Enforcing Browser Anonymity with Quantitative Information Flow" (Document). Besson2014. {{cite document}}: Cite document requires |publisher= (help); Unknown parameter |url= ignored (help)

Boda, Károly; Földes, Ádám Máté; Gulyás, Gábor György; Imre, Sándor (2012). "User Tracking on the Web via Cross-Browser Fingerprinting". In Peeter Laud (ed.) (ed.). Information Security Technology for Applications. Lecture Notes in Computer Science. Berlin, Heidelberg: Springer. pp. 31–46. doi:10.1007/978-3-642-29615-4_4. ISBN 978-3-642-29615-4. Boda2012. {{cite conference}}: |editor= has generic name (help)

Cao, Yinzhi; Song, Li; Wijmans, Erik (2017). "(Cross-)Browser Fingerprinting via OS and Hardware Level Features – NDSS Symposium" (Document). Cao2017. {{cite document}}: Cite document requires |publisher= (help); Unknown parameter |url= ignored (help)

Eckersley, Peter (2010). "How Unique Is Your Web Browser?". In Mikhail J. Atallah, Nicholas J. Hopper (eds.) (ed.). Privacy Enhancing Technologies. Lecture Notes in Computer Science. Springer Berlin Heidelberg. pp. 1–18. ISBN 978-3-642-14527-8. Eckersley2010. {{cite conference}}: |editor= has generic name (help)

Englehardt, Steven; Narayanan, Arvind (2016). "Online Tracking: A 1-million-site Measurement and Analysis". Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. CCS '16. New York, NY, USA: ACM. pp. 1388–1401. doi:10.1145/2976749.2978313. ISBN 978-1-4503-4139-4. Englehardt2016.

FaizKhademi, Amin; Zulkernine, Mohammad; Weldemariam, Komminist (2015). "FPGuard: Detection and Prevention of Browser Fingerprinting". In Pierangela Samarati (ed.) (ed.). Data and Applications Security and Privacy XXIX. Lecture Notes in Computer Science. Springer International Publishing. pp. 293–308. ISBN 978-3-319-20810-7. FaizKhademi2015. {{cite conference}}: |editor= has generic name (help)

Fifield, David; Egelman, Serge (2015). "Fingerprinting Web Users Through Font Metrics". In Rainer Böhme, Tatsuaki Okamoto (eds.) (ed.). Financial Cryptography and Data Security. Lecture Notes in Computer Science. Berlin, Heidelberg: Springer. pp. 107–124. doi:10.1007/978-3-662-47854-7_7. ISBN 978-3-662-47854-7. Fifield2015. {{cite conference}}: |editor= has generic name (help)

Fiore, Ugo; Castiglione, Aniello; Santis, Alfredo De; Palmieri, Francesco (September 2014). "Countering Browser Fingerprinting Techniques: Constructing a Fake Profile with Google Chrome". 2014 17th International Conference on Network-Based Information Systems. 2014 17th International Conference on Network-Based Information Systems. pp. 355–360. doi:10.1109/NBiS.2014.102. Fiore2014.

Gómez-Boix, Alejandro; Laperdrix, Pierre; Baudry, Benoit (2018). "Hiding in the Crowd: An Analysis of the Effectiveness of Browser Fingerprinting at Large Scale". Proceedings of the 2018 World Wide Web Conference. WWW '18. Republic and Canton of Geneva, Switzerland: International World Wide Web Conferences Steering Committee. pp. 309–318. doi:10.1145/3178876.3186097. ISBN 978-1-4503-5639-8. Gómez-Boix2018.

Gulyas, Gabor Gyorgy; Some, Doliere Francis; Bielova, Nataliia; Castelluccia, Claude (2018-08-22). "To Extend or not to Extend: on the Uniqueness of Browser Extensions and Web Logins". arXiv:1808.07359. Gulyas2018. {{cite journal}}: Cite journal requires |journal= (help)

Hayes, Jamie; Danezis, George (2016). k-fingerprinting: A Robust Scalable website Fingerprinting Technique (PDF). Austin, TX: {USENIX} Association. pp. 1187–1203. ISBN 978-1-931971-32-4. Hayes2016. {{cite book}}: Unknown parameter |book-title= ignored (help)

Hupperich, Thomas; Maiorca, Davide; Kührer, Marc; Holz, Thorsten; Giacinto, Giorgio (2015). "On the Robustness of Mobile Device Fingerprinting: Can Mobile Users Escape Modern Web-Tracking Mechanisms ?". Proceedings of the 31st Annual Computer Security Applications Conference on - ACSAC 2015. the 31st Annual Computer Security Applications Conference. Los Angeles, CA, USA: ACM Press. pp. 191–200. doi:10.1145/2818000.2818032. ISBN 978-1-4503-3682-6. Hupperich2015.

Kaur, Navpreet; Azam, Sami; Kannoorpatti, Krishnan; Yeo, Kheng Cher; Shanmugam, Bharanidharan (2017). "Browser Fingerprinting as user tracking technology". 2017 11th International Conference on Intelligent Systems and Control (ISCO). Kaur2017.

Kolbitsch, Clemens; Livshits, Benjamin; Zorn, Benjamin; Seifert, Christian (2012). "Rozzle: De-cloaking Internet Malware". 2012 IEEE Symposium on Security and Privacy. 2012 IEEE Symposium on Security and Privacy. pp. 443–457. doi:10.1109/SP.2012.48. Kolbitsch2012.

Laperdrix, Pierre; Bielova, Nataliia; Baudry, Benoit; Avoine, Gildas (2019-05-03). "Browser Fingerprinting: A survey". arXiv:1905.01051. Laperdrix2019. {{cite journal}}: Cite journal requires |journal= (help)

Laperdrix, Pierre; Avoine, Gildas; Baudry, Benoit; Nikiforakis, Nick (2019). "Morellian Analysis for Browsers: Making Web Authentication Stronger with Canvas Fingerprinting". In Roberto Perdisci, Clémentine Maurice, Giorgio Giacinto, Magnus Almgren (eds.) (ed.). Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture Notes in Computer Science. Springer International Publishing. pp. 43–66. ISBN 978-3-030-22038-9. Laperdrix2019. {{cite conference}}: |editor= has generic name (help)CS1 maint: multiple names: editors list (link)

Laperdrix, Pierre; Baudry, Benoit; Mishra, Vikas (2017). "FPRandom: Randomizing Core Browser Objects to Break Advanced Device Fingerprinting Techniques". In Eric Bodden, Mathias Payer, Elias Athanasopoulos (eds.) (ed.). Engineering Secure Software and Systems. Springer International Publishing. pp. 97–114. ISBN 978-3-319-62105-0. Laperdrix2017. {{cite conference}}: |editor= has generic name (help)CS1 maint: multiple names: editors list (link)

Laperdrix, P.; Rudametkin, W.; Baudry, B. (May 2016). "Beauty and the Beast: Diverting Modern Web Browsers to Build Unique Browser Fingerprints". 2016 IEEE Symposium on Security and Privacy (SP). pp. 878–894. doi:10.1109/SP.2016.57. Laperdrix2016.

Laperdrix, Pierre; Rudametkin, Walter; Baudry, Benoit (2015). "Mitigating Browser Fingerprint Tracking: Multi-level Reconfiguration and Diversification". 2015 IEEE/ACM 10th International Symposium on Software Engineering for Adaptive and Self-Managing Systems. 2015 IEEE/ACM 10th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS). Florence, Italy: IEEE. pp. 98–108. doi:10.1109/SEAMS.2015.18. ISBN 978-0-7695-5567-6. Laperdrix2015.

Le, Hoan; Fallace, Federico; Barlet-Ros, Pere (2017). "Towards accurate detection of obfuscated web tracking". 2017 IEEE International Workshop on Measurement and Networking (M N). 2017 IEEE International Workshop on Measurement and Networking (M N). pp. 1–6. doi:10.1109/IWMN.2017.8078365. Le2017.

Lerner, Adam; Simpson, Anna Kornfeld; Kohno, Tadayoshi; Roesner, Franziska (2016). Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016. 25th {USENIX} Security Symposium ({USENIX} Security 16). Lerner2016.

Liu, X.; Liu, Q.; Wang, X.; Jia, Z. (2016). "Fingerprinting Web Browser for Tracing Anonymous Web Attackers". 2016 IEEE First International Conference on Data Science in Cyberspace (DSC). 2016 IEEE First International Conference on Data Science in Cyberspace (DSC). pp. 222–229. doi:10.1109/DSC.2016.78. Liu2016.

Luangmaneerote, S.; Zaluska, E.; Carr, L. (2017). "Inhibiting Browser Fingerprinting and Tracking". 2017 ieee 3rd international conference on big data security on cloud (bigdatasecurity), ieee international conference on high performance and smart computing (hpsc), and ieee international conference on intelligent data and security (ids). 2017 ieee 3rd international conference on big data security on cloud (bigdatasecurity), ieee international conference on high performance and smart computing (hpsc), and ieee international conference on intelligent data and security (ids). pp. 63–68. doi:10.1109/BigDataSecurity.2017.40. Luangmaneerote2017.

Luangmaneerote, S.; Zaluska, E.; Carr, L. (2016). "Survey of existing fingerprint countermeasures". 2016 International Conference on Information Society (i-Society). 2016 International Conference on Information Society (i-Society). pp. 137–141. doi:10.1109/i-Society.2016.7854198. Luangmaneerote2016.

Merzdovnik, Georg; Huber, Markus; Buhov, Damjan; Nikiforakis, Nick; Neuner, Sebastian; Schmiedecker, Martin; Weippl, Edgar (April 2017). "Block Me If You Can: A Large-Scale Study of Tracker-Blocking Tools". 2017 IEEE European Symposium on Security and Privacy (EuroS P). 2017 IEEE European Symposium on Security and Privacy (EuroS P). pp. 319–333. doi:10.1109/EuroSP.2017.26. Merzdovnik2017.

Mowery, Keaton; Bogenreif, Dillon; Yilek, Scott; Shacham, Hovav (2011). "Fingerprinting Information in JavaScript Implementations": 11. Mowery2011. {{cite journal}}: Cite journal requires |journal= (help)

Mowery, Keaton; Shacham, Hovav (2012). "Pixel Perfect: Fingerprinting Canvas in HTML5": 12. Mowery2012. {{cite journal}}: Cite journal requires |journal= (help)

Mulazzani, Martin; Reschl, Philipp; Huber, Markus; Leithner, Manuel; Schrittwieser, Sebastian; Weippl, Edgar (2013). "Fast and Reliable Browser Identification with JavaScript Engine Fingerprinting". IEEE-Security. Mulazzani2013. {{cite journal}}: Cite journal requires |journal= (help)

Nair, K. V.; Rose Lalson, E. (2018). "The Unique Id's you Can't Delete: Browser Fingerprints". 2018 International Conference on Emerging Trends and Innovations In Engineering And Technological Research (ICETIETR). pp. 1–5. doi:10.1109/ICETIETR.2018.8529040. ISBN 978-3-642-29615-4. Nair2018.

Nakibly, Gabi; Shelef, Gilad; Yudilevich, Shiran (2015-03-11). "Hardware Fingerprinting Using HTML5". arXiv:1503.01408. Nakibly2015. {{cite journal}}: Cite journal requires |journal= (help)

Nikiforakis, Nick; Kapravelos, Alexandros; Wouter, Joosen; Kruegel, Christopher; Piessens, Frank; Vigna, Giovanni (2013). "Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting". Cookieless Monster:Exploring the Ecosystem of Web-based Device Fingerprinting. pp. 541–555. doi:10.1109/SP.2013.43. ISBN 978-0-7695-4977-4. S2CID 14235205. Nikiforakis2013.

Nikiforakis, Nick; Joosen, Wouter; Livshits, Benjamin (2015). "PriVaricator: Deceiving Fingerprinters with Little White Lies". Proceedings of the 24th International Conference on World Wide Web. WWW '15. Republic and Canton of Geneva, Switzerland: International World Wide Web Conferences Steering Committee. pp. 820–830. doi:10.1145/2736277.2741090. ISBN 978-1-4503-3469-3. Nikiforakis2015.

Olejnik, Lukasz; Castelluccia, Claude; Janc, Artur (2012-07-13). "Why Johnny Can't Browse in Peace: On the Uniqueness of Web Browsing History Patterns". Olejnik2012. {{cite journal}}: Cite journal requires |journal= (help)

Olejnik, Łukasz; Acar, Gunes; Castelluccia, Claude; Diaz, Claudia (2016). "The Leaking Battery". In Joaquin Garcia-Alfaro, Guillermo Navarro-Arribas, Alessandro Aldini, Fabio Martinelli, Neeraj Suri (eds.) (ed.). Data Privacy Management, and Security Assurance. Lecture Notes in Computer Science. Cham: Springer International Publishing. pp. 254–263. doi:10.1007/978-3-319-29883-2_18. ISBN 978-3-319-29883-2. Olejnik2016. {{cite conference}}: |editor= has generic name (help)CS1 maint: multiple names: editors list (link)

Saito, Takamichi; Yasuda, Koki; Ishikawa, Takayuki; Hosoi, Rio; Takahashi, Kazushi; Chen, Yongyan; Zalasiński, Marcin (July 2016). "Estimating CPU Features by Browser Fingerprinting". 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS). 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS). pp. 587–592. doi:10.1109/IMIS.2016.108. Saito2016.

Sanchez-Rola, Iskander; Santos, Igor; Balzarotti, Davide (2017). Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies. 26th {USENIX} Security Symposium ({USENIX} Security 17). pp. 679–694. ISBN 978-1-931971-40-9. Sanchez-Rola2017.

Sjösten, Alexander; Van Acker, Steven; Sabelfeld, Andrei (2017). "Discovering Browser Extensions via Webible Resources". Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. CODASPY '17. New York, NY, USA: ACM. pp. 329–336. doi:10.1145/3029806.3029820. ISBN 978-1-4503-4523-1. Sjösten2017.

Starov, Oleksii; Nikiforakis, Nick (May 2017). "XHOUND: Quantifying the Fingerprintability of Browser Extensions". 2017 IEEE Symposium on Security and Privacy (SP). 2017 IEEE Symposium on Security and Privacy (SP). pp. 941–956. doi:10.1109/SP.2017.18. Starov2017.

Starov, Oleksii; Laperdrix, Pierre; Kapravelos, Alexandros; Nikiforakis, Nick (2019). "Unnecessarily Identifiable: Quantifying the Fingerprintability of Browser Extensions Due to Bloat". The World Wide Web Conference. WWW '19. New York, NY, USA: ACM. pp. 3244–3250. doi:10.1145/3308558.3313458. ISBN 978-1-4503-6674-8. Starov2019.

Takei, Naoki; Saito, Takamichi; Takasu, Ko; Yamada, Tomotaka (2015). "Web Browser Fingerprinting Using Only Cascading Style Sheets". 2015 10th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA). 2015 10th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA). pp. 57–63. doi:10.1109/BWCCA.2015.105. Takei2015.

Torres, Christof Ferreira; Jonker, Hugo; Mauw, Sjouke (2015). "FP-Block: Usable Web Privacy by Controlling Browser Fingerprinting". In Günther Pernul, Peter Y A Ryan, Edgar Weippl (eds.) (ed.). Computer Security -- ESORICS 2015. Springer International Publishing. pp. 3–19. ISBN 978-3-319-24177-7. Torres2015. {{cite conference}}: |editor= has generic name (help)CS1 maint: multiple names: editors list (link)

Unger, Thomas; Mulazzani, Martin; Frühwirt, Dominik; Huber, Markus; Schrittwieser, Sebastian; Weippl, Edgar (September 2013). "SHPF: Enhancing HTTP(S) Session Security with Browser Fingerprinting". 2013 International Conference on Availability, Reliability and Security. 2013 International Conference on Availability, Reliability and Security. pp. 255–261. doi:10.1109/ARES.2013.33. Unger2013.

Upathilake, R.; Li, Y.; Matrawy, A. (2015). "A classification of web browser fingerprinting techniques". 2015 7th International Conference on New Technologies, Mobility and Security (NTMS). Upathilake2015.

Vastel, A.; Laperdrix, P.; Rudametkin, W.; Rouvoy, R. (2018). "FP-STALKER: Tracking Browser Fingerprint Evolutions". 2018 IEEE Symposium on Security and Privacy (SP). 2018 IEEE Symposium on Security and Privacy (SP). pp. 728–741. doi:10.1109/SP.2018.00008. Vastel201805.

Vastel, Antoine; Laperdrix, Pierre; Rudametkin, Walter; Rouvoy, Romain (2018). Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies (PDF). Baltimore, MD: {USENIX} Association. pp. 135–150. ISBN 978-1-939133-04-5. Vastel201806. {{cite book}}: Unknown parameter |book-title= ignored (help)

Wang, Tao; Cai, Xiang; Nithyanand, Rishab; Johnson, Rob; Goldberg, Ian (2014). Effective Attacks and Provable Defenses for Website Fingerprinting. {USENIX} Association. pp. 143–157. ISBN 978-1-931971-15-7. Wang2014. {{cite book}}: Unknown parameter |book-title= ignored (help)

Yamada, Tomotaka; Saito, Takamichi; Takasu, Ko; Takei, Naoki (2015). "Robust Identification of Browser Fingerprint Comparison Using Edit Distance". 2015 10th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA). 2015 10th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA). pp. 107–113. doi:10.1109/BWCCA.2015.106. Yamada2015.

Yen, Ting-Fang; Huang, Xin; Monrose, Fabian; Reiter, Michael K. (2009). "Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications". In Ulrich Flegel, Danilo Bruschi (eds.) (ed.). Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture Notes in Computer Science. Berlin, Heidelberg: Springer. pp. 157–175. doi:10.1007/978-3-642-02918-9_10. ISBN 978-3-642-02918-9. Yen2009. {{cite conference}}: |editor= has generic name (help)

Yen, Ting-Fang; Xie, Yinglian; Yu, Fang; Yu, Roger Peng; Abadi, Martın (2012). "Host Fingerprinting and Tracking on the Web: Privacy and Security Implications": 16. Yen2012. {{cite journal}}: Cite journal requires |journal= (help)

Al-Fannah; Mohammed, Nasser; Mitchell, Chris (2020). "Too Little Too Late: Can We Control Browser Fingerprinting?". 21 (2). ACM: 165–180. doi:10.1108/JIC-04-2019-0067. S2CID 212957853. Al-Fannah2020. {{cite journal}}: Cite journal requires |journal= (help); Unknown parameter |book-title= ignored (help)

[edit]


Category:Fingerprinting algorithms Category:Computer network security Category:Internet privacy Category:Web analytics