Core Concepts
Web APIs can be exploited for browser fingerprinting, posing privacy risks.
Abstract
The study assesses the risk of browser fingerprinting using Web APIs, focusing on entropy as a key metric. It addresses limitations of previous research by considering correlations among Web APIs and provides realistic entropy estimates based on actual user data. The results confirm the utility of entropy as a proxy for fingerprinting risk and offer insights into website categories' entropy distribution.
Structure:
- Abstract: Discusses the vulnerability of Web APIs to construct browser fingerprints.
- Introduction: Highlights the use of Web APIs in modern websites and the privacy risks associated with browser fingerprinting.
- Related Work: Summarizes prior studies on browser uniqueness and attribute selection.
- Notation and Terminology: Defines terms related to web population, surfaces, and observations.
- Efficient Entropy Estimation: Provides a theorem for estimating entropy with confidence intervals.
- Experimental Methodology: Describes how surfaces were selected, data collected, and entropy estimated.
- Results: Presents findings on surface call frequency, clustering, session entropy distribution, fingerprinting signatures correlation with entropy, and anti-fingerprinting methods evaluation.
- Caveats: Acknowledges limitations in data collection and interpretation of results.
Stats
前の研究の制限を考慮して、実際のChromeブラウザから報告された数千万の訪問ページとWeb APIに基づいて、ブラウザフィンガープリントリスクを評価する最初の研究。
サーフェス値が観測されるセッション全体でのエントロピーを推定することで、セッションエントロピー分布をプロットし、エントロピーが指紋メトリックとして妥当かどうかを検証。
ブラウザフィンガープリントリスクを評価し、新しい抗フィンガープリンティング提案の設計に向けた洞察を提供。