Beyond Cookie Monster Amnesia: Real World Persistent Online Tracking (1905.09581v1)

Abstract: Browser fingerprinting is a relatively new method of uniquely identifying browsers that can be used to track web users. In some ways it is more privacy-threatening than tracking via cookies, as users have no direct control over it. A number of authors have considered the wide variety of techniques that can be used to fingerprint browsers; however, relatively little information is available on how widespread browser fingerprinting is, and what information is collected to create these fingerprints in the real world. To help address this gap, we crawled the 10,000 most popular websites; this gave insights into the number of websites that are using the technique, which websites are collecting fingerprinting information, and exactly what information is being retrieved. We found that approximately 69\% of websites are, potentially, involved in first-party or third-party browser fingerprinting. We further found that third-party browser fingerprinting, which is potentially more privacy-damaging, appears to be predominant in practice. We also describe \textit{FingerprintAlert}, a freely available browser extension we developed that detects and, optionally, blocks fingerprinting attempts by visited websites.

Real World Persistent Online Tracking: Insights into Browser Fingerprinting

Browser fingerprinting has emerged as a substantial method for identifying and tracking web users, surpassing traditional methods like cookies in terms of privacy intrusiveness. The paper "Beyond Cookie Monster Amnesia: Real World Persistent Online Tracking" by Al-Fannah, Li, and Mitchell provides an empirical investigation into the prevalence and nature of browser fingerprinting among widely visited websites.

The authors undertook a large-scale web crawling of the 10,000 most popular websites to assess the scope and methods of fingerprinting. Their findings indicate a significant use of browser fingerprinting practices: approximately 69% of these websites potentially engage in first-party or third-party fingerprinting. Notably, third-party fingerprinting is predominant, posing greater privacy risks as it enables tracking across multiple web domains.

The types of information collected to construct a browser fingerprint range from screen resolution, language, and character set to more complex data like WebGL properties and installed plugins. In total, the paper identified 284 distinct fingerprinting attributes, organized into six major categories. This breadth suggests a sophisticated approach by websites in utilizing fingerprinting for user tracking and profiling.

These findings underscore the persistent and expansive nature of fingerprinting in the web ecosystem, aligning with previous studies that highlight the intrusive capability of this tracking method. The paper also emphasizes the lack of transparency and user control regarding fingerprinting, further exacerbated by the ineffectiveness of popular browsers in alerting users or mitigating fingerprinting without external tools.

As a practical contribution, the authors developed a browser extension named FingerprintAlert, designed to detect and optionally block fingerprinting attempts. This tool provides users with increased awareness and some degree of control over their interaction with fingerprinting sites. Empirical evaluation shows its effectiveness in blocking detected fingerprinting attributes, though it acknowledges inherent limitations due to the dynamic and obscure nature of data transmission in real websites.

From a theoretical standpoint, this paper contributes to the ongoing exploration of privacy in digital spaces, emphasizing the urgent need for regulatory frameworks akin to those for cookies. As browser fingerprinting evolves, the research underscores the necessity for continuing vigilance and innovation in privacy-enhancing technologies.

Future developments in this domain could involve exploring automated tools capable of identifying a more diverse range of attributes, enhancing both the scope and efficacy of detection methods. Moreover, confronting the challenge of fingerprinting encryption practices requires novel computational approaches. Engaging in these areas implies a promising trajectory for advancing user privacy protection in an increasingly monitored web environment.

The paper significantly broadens our understanding of browser fingerprinting's real-world application and impact, providing a critical baseline for both theoretical inquiry and practical countermeasures in the field of information security and privacy.