Proceedings of the XXth Conference of Open Innovations Association FRUCT (Nov 2017)
Analysis of Paradoxes in Fingerprint Countermeasures
Abstract
The widespread usage of new user tracking methods, i.e. web-based fingerprinting, is becoming a serious privacy concern as third parties try to track users across different websites. Meanwhile, it is usually difficult or impossible for users to opt-out fingerprinting if they want to fully benefit the services provided by the application or website. Several studies tried to address the privacy issue in browser fingerprinting, mostly by faking attribute values. However, such configuration spoofing may lead to inconsistencies that paradoxically make the user stand out even more. This study analyzes these paradoxes in browser configuration with the creation of a Markov model based on a test dataset. Given a target spoofed attribute, the implemented tool in this study outputs the other attributes that must be consequently altered, not to cause paradoxical configuration. Similarly, this tool can suggest a set of random attributes to be spoofed with suggested values, not creating a paradoxical configuration. The tool Implemented in this study can be used by browser extension developers and should help them spoof browser attributes more sophistically, thus preserving users' privacy against cross-site web-based browser fingerprinting.