FP-Block usable web privacy by controlling browser fingerprinting - PowerPoint PPT Presentation

More ways to fingerprint [W2SP11] – fingerprinting JavaScript implementations Hooray for the speedwars! [W2SP12] – fingerprinting HTML5 font rendering All Arials are equal... except most aren't. [W2SP13] – fingerprinting JS engine errors. “Foutje, bedankt.” 64 / 112

More ways to fingerprint [W2SP11] – fingerprinting JavaScript implementations Hooray for the speedwars! [W2SP12] – fingerprinting HTML5 font rendering All Arials are equal... except most aren't. [W2SP13] – fingerprinting JS engine errors. “Foutje, bedankt.” Clock skew can be passively detected, proxies don't help. 65 / 112

Fighting fingerprinting 66 / 112

Fighting fingerprinting • Do Not Track header? [NSDI12]: X 67 / 112

Fighting fingerprinting • Do Not Track header? [NSDI12]: X • Blacklisting fingerprinters? [W2SP11]: X 68 / 112

Fighting fingerprinting • Do Not Track header? [NSDI12]: X • Blacklisting fingerprinters? [W2SP11]: X • FireGloves [NordSec11]? [CCS13]: X • Tor Browser? [CCS13]: X 69 / 112

Fighting fingerprinting • Do Not Track header? [NSDI12]: X • Blacklisting fingerprinters? [W2SP11]: X • FireGloves [NordSec11]? [CCS13]: X • Tor Browser? [CCS13]: X • Again: defensive paradox. 70 / 112

Privacy plugins ... 71 / 112

Typical countermeasures ID' Browser Browser ID 72 / 112

Typical countermeasures Website A Website A A,ID' ID' Browser Browser ID 73 / 112

Typical countermeasures Website A Website A A,ID' B ID' Browser Browser ID 74 / 112

Typical countermeasures Website A Website B Website A Website B A,ID' A,ID' B ID' Browser Browser ID 75 / 112

Typical countermeasures Website A Website B Website C Website A Website B Website C A,ID' A,ID' C,ID' B ID' Browser Browser ID 76 / 112

Typical countermeasures Website A Website B Website C Website A Website B Website C A,ID' A,ID' C,ID' B B ID' Browser Browser ID 77 / 112

Typical countermeasures Website A Website B Website C Website A Website B Website C C,ID' A,ID' A,ID' C,ID' B B ID' Browser Browser ID 78 / 112

Overcoming the defensive paradox The defense can be detected … ... which makes you more unique. 79 / 112

Overcoming the defensive paradox The defense can be detected … ... which makes you more unique. How to overcome? • Leverage this uniqueness; • Allow local tracking. 80 / 112

Option 1: constant fingerprint / site ID* Browser Browser ID 81 / 112

Option 1: constant fingerprint / site Website A Website A A,IDa ID* Browser Browser ID 82 / 112

Option 1: constant fingerprint / site Website A Website A A,IDa B ID* Browser Browser ID 83 / 112

Option 1: constant fingerprint / site Website A Website B Website A Website B A,IDb A,IDa B ID* Browser Browser ID 84 / 112

Option 1: constant fingerprint / site Website A Website B Website C Website A Website B Website C A,IDb A,IDa C,IDc B ID* Browser Browser ID 85 / 112

Option 1: constant fingerprint / site Website A Website B Website C Website A Website B Website C A,IDb A,IDa C,IDc B B ID* Browser Browser ID 86 / 112

Option 1: constant fingerprint / site Website A Website B Website C Website A Website B Website C C,IDb A,IDb A,IDa C,IDc B B ID* Browser Browser ID 87 / 112

Option 1: constant fingerprint / site Website A Website B Website C Website A Website B Website C C,IDb A,IDb A,IDa C,IDc B B ID* Browser Browser ID 88 / 112

Option 1: constant fingerprint / site Website A Website B Website C Website A Website B Website C A,IDa ID* Browser Browser ID 89 / 112

Option 1: constant fingerprint / site A,IDa Website A Website B Website C Website A Website B Website C A,IDa ID* Browser Browser ID 90 / 112

Option 2: separate web identities ID* Browser Browser ID 91 / 112

Option 2: separate web identities Website A Website A A,IDa ID* Browser Browser ID 92 / 112

Option 2: separate web identities Website A Website A A,IDa B ID* Browser Browser ID 93 / 112

Option 2: separate web identities Website A Website B Website A Website B A,IDa A,IDa B ID* Browser Browser ID 94 / 112

Option 2: separate web identities Website A Website B Website C Website A Website B Website C A,IDa A,IDa C,IDc B ID* Browser Browser ID 95 / 112

Option 2: separate web identities Website A Website B Website C Website A Website B Website C A,IDa A,IDa C,IDc B B ID* Browser Browser ID 96 / 112

Option 2: separate web identities Website A Website B Website C Website A Website B Website C C,IDc A,IDa A,IDa C,IDc B B ID* Browser Browser ID 97 / 112

Option 2: separate web identities ID a ≠ ID c Website A Website B Website C Website A Website B Website C C,IDc A,IDa A,IDa C,IDc B B ID* Browser Browser ID 98 / 112

Option 2: separate web identities Website A Website B Website C Website A Website B Website C A,IDa ID* Browser Browser ID 99 / 112

Option 2: separate web identities A,IDa Website A Website B Website C Website A Website B Website C A,IDa ID* Browser Browser ID 100 / 112