beauty and the beast diverting modern web browsers to
play

Beauty and the Beast: Diverting modern web browsers to build unique - PowerPoint PPT Presentation

Dec 25, 2023 •25 likes •215 views

Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints Pierre Laperdrix, Walter Rudametkin, Benoit Baudry 2/19 Example of a fingerprint Attribute Value User agent Mozilla/5.0 (X11; Linux i686; rv:25.0)

  1. Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints Pierre Laperdrix, Walter Rudametkin, Benoit Baudry

  2. 2/19

  3. Example of a fingerprint Attribute Value User agent Mozilla/5.0 (X11; Linux i686; rv:25.0) Gecko/20100101 Firefox/25.0 HTTP headers text/html, application/xhtml+xml, application/xml;q=0.9,*/*;q=0.8 gzip, deflate en-US,en;q=0.5 Plugins Plugin 0: QuickTime Plug-in 7.6.6; libtotem-narrowspace-plugin.so; Plugin 1: Shockwave Flash; Shockwave Flash 11.2 r202; libflashplayer.so; Fonts Century Schoolbook, Source Sans Pro Light, DejaVu Sans Mono, Bitstream Vera Serif, URW Palladio L, Bitstream Vera Sans Mono, Bitstream Vera Sans, ... Platform Linux i686 Screen resolution 1920x1080x24 Timezone -480 (UTC+8) 3/19

  4. Evolution of the browser landscape Explosion of mobile devices More users on • mobile devices Time spent on • mobile devices is bigger than on desktops 4/19

  5. Evolution of the browser landscape New browser Explosion of APIs mobile devices Canvas API WebGL API 5/19

  6. Evolution of the browser landscape New browser Explosion of Disappearance of APIs mobile devices browser plugins NPAPI plugins are • being deprecated Sites using Flash • are dropping 6/19

  7. Example of a fingerprint Attribute Value User agent Mozilla/5.0 (X11; Linux i686; rv:25.0) Gecko/20100101 Firefox/25.0 HTTP headers text/html, application/xhtml+xml, application/xml;q=0.9,*/*;q=0.8 gzip, deflate en-US,en;q=0.5 Plugins Plugin 0: QuickTime Plug-in 7.6.6; libtotem-narrowspace-plugin.so; Plugin 1: Shockwave Flash; Shockwave Flash 11.2 r202; libflashplayer.so; Fonts Century Schoolbook, Source Sans Pro Light, DejaVu Sans Mono, Bitstream Vera Serif, URW Palladio L, Bitstream Vera Sans Mono, Bitstream Vera Sans, ... Platform Linux i686 Screen resolution 1920x1080x24 Timezone -480 (UTC+8) OS Linux 3.14.3-200.fc20.x86 32-bit WebGL vendor NVIDIA Corporation WebGL renderer GeForce GTX 650 Ti/PCIe/SSE2 Canvas 7/19

  8. AmIUnique.org 8/19

  9. Most revealing attributes Normalized Shannon Entropy [0,1] 0.8 0.7 150,000+ • 0.6 fingerprints 0.5 collected so far 0.4 90% of unique • 0.3 fingerprints à 0.2 Tracking possible 0.1 0 All Desktop Mobile 9/19

  10. Boolean attributes Normalized Shannon Entropy [0,1] 0.8 Collection of “Yes” or “No” • 0.7 Very low entropy • 0.6 0.5 0.4 0.3 0.2 0.1 0 Cookies enabled Do Not Track Use of local storage All Desktop Mobile 10/19

  11. Plugins and fonts Normalized Shannon Entropy [0,1] 0.8 Top 3 of the highest revealing • attributes for desktops 0.7 Confirm Panopticlick’s findings in 0.6 • 2010 0.5 Incredible wealth discovered • 0.4 ü 2 458 plugins detected 0.3 0.2 ü 221 804 fonts detected 0.1 0 List of plugins List of fonts All Desktop Mobile 11/19

  12. User agent Normalized Shannon Entropy [0,1] Example from the Facebook application: 0.8 Mozilla/5.0 (iPhone; CPU iPhone OS 9_2_1 like 0.7 Mac OS X) AppleWebKit/601.1.46 (KHTML, like 1 out of 4 smartphones 0.6 Gecko) Mobile/13D15 are uniquely [FBAN/FBIOS;FBAV/46.0.0.54.156;FBBV/189728 0.5 19;FBDV/iPhone7,1;FBMD/iPhone;FBSN/iPhone recognizable with just 0.4 OS;FBSV/9.2.1;FBSS/3; FBCR/Verizon;FBID/phone;FBLC/en_US;FBOP/5] the user agent. 0.3 0.2 à Presence of the model and the firmware 0.1 version à Phone operator added by the app 0 User agent All Desktop Mobile 12/19

  13. Canvas fingerprinting Normalized Shannon Entropy [0,1] 0.8 Canvas API to draw shapes and • render strings 0.7 0.6 First large-scale analysis on • AmIUnique 0.5 Depends on both hardware and • 0.4 software 0.3 0.2 0.1 0 Canvas All Desktop Mobile 13/19

  14. Canvas fingerprinting: how it works Send JavaScript script Receive canvas result 14/19

  15. Canvas fingerprinting: our test 1 2 3 15/19

  16. Canvas fingerprinting: our results 4 th highest revealing attribute • Really stable test • “Smiling face with Diversity of renderings between devices • open mouth” emoji U+1F603 Diversity of emojis between smartphones • 16/19

  17. Future scenario The end of browser plugins Entropy NPAPI support 1 Enabled 0.9 Disabled 0.8 Removed 0.7 0.6 The global entropy • 0.5 of plugins is rapidly 0.4 dropping. 0.3 0.2 0.1 Their use in • 0 fingerprinting is becoming limited. 17/19

  18. Future scenario Life without JavaScript Simulation of an unlikely return to a static web • Percentage of unique fingerprints 100 90 80 70 60 50 40 30 20 10 0 With JS Without JS Without JS + Generic UA 18/19

  19. Conclusion Browser fingerprinting in 2016 is still as easy as it • was in 2010 Canvas fingerprinting is stable and has high • entropy Mobile fingerprinting is possible but different • than desktops Simple browser modifications could drastically • improve privacy without impacting the way the web currently works 19/19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

BEAUTY AND THE BEAUTY AND THE BEAST BEAST Eta Haskell for JVM JAREK RATAJSKI JAREK RATAJSKI

BEAUTY AND THE BEAUTY AND THE BEAST BEAST Eta Haskell for JVM JAREK RATAJSKI JAREK RATAJSKI

BEAUTY AND THE BEAUTY AND THE BEAST BEAST Eta Haskell for JVM JAREK RATAJSKI JAREK RATAJSKI @jarek000000 Loves programming since the first line I wrote for C64 Anarchitect @ Engenius GmbH Java developer (since 1999) with a functional

1.31k views • 114 slides
Fairytale By: David, Destinee, Erik, Lauren A is for Aladdin B is for Beauty and the Beast C is

Fairytale By: David, Destinee, Erik, Lauren A is for Aladdin B is for Beauty and the Beast C is

Fairytale By: David, Destinee, Erik, Lauren A is for Aladdin B is for Beauty and the Beast C is for Cinderella D is for Donkey (from shrek) E is for Evil Stepmother F is for Princess and the Frog G is for Goldilocks and the Three Bears H is

459 views • 27 slides
The Beauty and the Beast Vulnerabilities in Red Hats Packages Stephan Neuhaus

The Beauty and the Beast Vulnerabilities in Red Hats Packages Stephan Neuhaus

The Beauty and the Beast Vulnerabilities in Red Hats Packages Stephan Neuhaus <Stephan.Neuhaus@disi.unitn.it> Thomas Zimmermann <tzimmer@microsoft.com> Vulnerabilities are important because fixing them costs a lot of money (2005

1.9k views • 73 slides
Pinot Noir: The Savage Yet Seductive Grape The Beauty and the Beast Dr. Karl Kaiser

Pinot Noir: The Savage Yet Seductive Grape The Beauty and the Beast Dr. Karl Kaiser

Pinot Noir: The Savage Yet Seductive Grape The Beauty and the Beast Dr. Karl Kaiser CCOVI Professional Affiliate Brock University, St. Catharines, ON Introduction to Pinot Noir The Story of the Origin Quotes taken from Pinot

818 views • 38 slides
Pinot Noir: The Savage Yet Seductive Grape The Beauty and the Beast Dr. Karl Kaiser

Pinot Noir: The Savage Yet Seductive Grape The Beauty and the Beast Dr. Karl Kaiser

Pinot Noir: The Savage Yet Seductive Grape The Beauty and the Beast Dr. Karl Kaiser CCOVI Professional Affiliate Brock University, St. Catharines, ON Introduction to Pinot Noir The Story of the Origin Quotes taken from Pinot Noir

710 views • 39 slides
Revelation 13 The Beast and the Number 666 Becoming Closer The Beast from the Sea (Rev 13:1-2

Revelation 13 The Beast and the Number 666 Becoming Closer The Beast from the Sea (Rev 13:1-2

Revelation 13 The Beast and the Number 666 Becoming Closer The Beast from the Sea (Rev 13:1-2 NIV) And the dragon stood on the shore of the sea. And I saw a beast coming out of the sea. He had ten horns and seven heads, with ten crowns on

259 views • 15 slides
An Analysis of Private Browsing Modes in Modern Browsers

An Analysis of Private Browsing Modes in Modern Browsers

Stanford Computer Security Lab An Analysis of Private Browsing Modes in Modern Browsers Gaurav Aggarwal, Elie Bursztein, Collin Jackson, Dan Boneh Usenix

653 views • 40 slides
Automatic Abstraction for Congruences A Story of Beauty and the Beast Andy King and Harald

Automatic Abstraction for Congruences A Story of Beauty and the Beast Andy King and Harald

Automatic Abstraction for Congruences A Story of Beauty and the Beast Andy King and Harald Sndergaard Portcullis Computer Security University of Melbourne Andy King and Harald Sndergaard Automatic Abstraction for Congruences Structure of

516 views • 12 slides
BEAST 2 BEAST 2 RB subst model BEAST Add-Ons Remco R. Bouckaert

BEAST 2 BEAST 2 RB subst model BEAST Add-Ons Remco R. Bouckaert

BEAST 2 Remco Bouckaert BEAST 2 BEAST 2 RB subst model BEAST Add-Ons Remco R. Bouckaert remco@cs.{auckland|waikato}.ac.nz rrb@xm.co.nz Department of Computer Science University of Auckland & University of Waikato 1 BEAST 2 What

659 views • 20 slides
Wonders of Modern Architecture Oh, the wonders of modern architecture! The geniuses of

Wonders of Modern Architecture Oh, the wonders of modern architecture! The geniuses of

Wonders of Modern Architecture Oh, the wonders of modern architecture! The geniuses of architecture today continue to create design masterpieces that could make one proud of being a citizen of the 21st Century! Enjoy the beauty of these modern

832 views • 52 slides
Best Practices For developing a web game in modern browsers Colt "MainRoach" McAnlis

Best Practices For developing a web game in modern browsers Colt "MainRoach" McAnlis

Best Practices For developing a web game in modern browsers Colt "MainRoach" McAnlis 3.05.2012 The call me "web game" Content Server Database Gameplay Server Google App Engine Google Analytics Social Graph Client

677 views • 57 slides
Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr)

Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr)

Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr) Digital Publishing Summit May 26, 2019 Automated typesetting and pagination for print Make PDF outputs of HTML contents from browsers Flux

823 views • 67 slides
Feeding Feeding the the beast: beast: science science cases cases for for SHAR(K)

Feeding Feeding the the beast: beast: science science cases cases for for SHAR(K)

Feeding Feeding the the beast: beast: science science cases cases for for SHAR(K) SHAR(K)-NIR@LB NIR@LBT Valentina DOrazi INAF Padova Francesca Bacciotti (INAF Arcetri), Angela Bongiorno (INAF Roma) and the science team ADONI 2016,

554 views • 18 slides
Taming the Beast Workshop Bayesian inference of species tree Species & gene trees *BEAST

Taming the Beast Workshop Bayesian inference of species tree Species & gene trees *BEAST

Taming the Beast Taming the Beast Workshop Bayesian inference of species tree Species & gene trees *BEAST Species tree prior Multispecies coalescent Bayesian inference of species tree Molecular clock model Felsenstein likelihood and

205 views • 19 slides
OUR BUSINESS OUR BEAUTY IS multiplied BY SIX We also care for what is naturally beautiful:

OUR BUSINESS OUR BEAUTY IS multiplied BY SIX We also care for what is naturally beautiful:

BEAUTY IS OUR BUSINESS OUR BEAUTY IS multiplied BY SIX We also care for what is naturally beautiful: Brazil BEAUTY MADE IN 4,000 PLANTS retail stores So Jos dos Pinhais (iResearch Center) Camaari 1,750 DISTRIBUTION CENTERS cities

626 views • 23 slides
MODERN 1 MODERN 2 MODERN 3 MODERN 4 MODERN A peep at some distant orb has power to raise

MODERN 1 MODERN 2 MODERN 3 MODERN 4 MODERN A peep at some distant orb has power to raise

MODERN 1 MODERN 2 MODERN 3 MODERN 4 MODERN A peep at some distant orb has power to raise and purify our thoughts like a strain picture, or a passage from the grander poets. It always does one good. 5 MODERN 6 MODERN 7 MODERN 8

524 views • 24 slides
RDKit (cheminformatics) Neo4j Integration Mentors: Christian Pilger (BASF) Presenter - Evgeny

RDKit (cheminformatics) Neo4j Integration Mentors: Christian Pilger (BASF) Presenter - Evgeny

RDKit (cheminformatics) Neo4j Integration Mentors: Christian Pilger (BASF) Presenter - Evgeny Sorokin Greg Landrum (RDKit) Stefan Armbruster (Neo4j) Motivation Neo4j = useful tool to map knowledge Chemical/pharmaceutical R&D:

726 views • 14 slides
Online Trust and Digital Certificates: Tech Tutorial Edward W. Felten Professor of Computer

Online Trust and Digital Certificates: Tech Tutorial Edward W. Felten Professor of Computer

Online Trust and Digital Certificates: Tech Tutorial Edward W. Felten Professor of Computer Science and Public Affairs Princeton University Secure connection means: 1.Protected channel to some server 2. Authentication of the servers

461 views • 27 slides
with GPU in Hybrid Storage Systems Prince Hamandawana, Awais Khan, Changgyu Lee , Sungyong Park,

with GPU in Hybrid Storage Systems Prince Hamandawana, Awais Khan, Changgyu Lee , Sungyong Park,

Accelerating the Data Deduplication Performance with GPU in Hybrid Storage Systems Prince Hamandawana, Awais Khan, Changgyu Lee , Sungyong Park, Youngjae Kim Department of Computer Science and Engineering Sogang University, Seoul, Republic of

441 views • 15 slides
Clock Around the Clock Time-Based Device Fingerprinting Iskander Sanchez-Rola, Igor Santos,

Clock Around the Clock Time-Based Device Fingerprinting Iskander Sanchez-Rola, Igor Santos,

Clock Around the Clock Time-Based Device Fingerprinting Iskander Sanchez-Rola, Igor Santos, Davide Balzarotti Device Fingerprinting Exploits different features to uniquely identify a machine. The entity interested in computing the fingerprint is

2.42k views • 62 slides
TLS Fingerprinting Techniques Zlatina Gancheva advised by Patrick Sattler, Lars Wstrich Friday

TLS Fingerprinting Techniques Zlatina Gancheva advised by Patrick Sattler, Lars Wstrich Friday

Chair of Network Architectures and Services Department of Informatics Technical University of Munich TLS Fingerprinting Techniques Zlatina Gancheva advised by Patrick Sattler, Lars Wstrich Friday 24 th January, 2020 Chair of Network

2.56k views • 20 slides
Computer and Information Security Fall 2019 User Authentication and Access Control Tyler Bletsch

Computer and Information Security Fall 2019 User Authentication and Access Control Tyler Bletsch

ECE590 Computer and Information Security Fall 2019 User Authentication and Access Control Tyler Bletsch Duke University User Authentication Determining if a user is who they say they are before giving them access. 2 The four means of

1.02k views • 70 slides
Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting

Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting

Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting Pierre Laperdrix , Gildas Avoine, Benoit Baudry, Nick Nikiforakis DIMVA 2019 In Introduction Web attacks and data breaches 2 Attacks on the

945 views • 66 slides
VISABIO : French Biometric Visa System 1 CONTENTS Lessons learnt from the BIODEV 1 Pilot

VISABIO : French Biometric Visa System 1 CONTENTS Lessons learnt from the BIODEV 1 Pilot

VISABIO : French Biometric Visa System 1 CONTENTS Lessons learnt from the BIODEV 1 Pilot Project The VISABIO project : Perimeter, schedule, challenges Toward the future : connecting to the VIS project and automates at the border,

297 views • 13 slides

More recommend