FP-Radar: Longitudinal Measurement and Early Detection of Browser Fingerprinting

Authors: Pouneh Nikkhah Bahrami (University of California, Davis), Umar Iqbal (University of Washington), Zubair Shafiq (University of California, Davis)

Volume: 2022
Issue: 2
Pages: 557–577
DOI: https://doi.org/10.2478/popets-2022-0056

Download PDF

Abstract: Browser fingerprinting is a stateless tracking technique that aims to combine information exposed by multiple different web APIs to create a unique identifier for tracking users across the web. Over the last decade, trackers have abused several existing and newly proposed web APIs to further enhance the browser fingerprint. Existing approaches are limited to detecting a specific fingerprinting technique(s) at a particular point in time. Thus, they are unable to systematically detect novel fingerprinting techniques that abuse different web APIs. In this paper, we propose FP-Radar, a machine learning approach that leverages longitudinal measurements of web API usage on top-100K websites over the last decade for early detection of new and evolving browser fingerprinting techniques. The results show that FP-Radar is able to early detect the abuse of newly introduced properties of already known (e.g., WebGL, Sensor) and as well as previously unknown (e.g., Gamepad, Clipboard) APIs for browser fingerprinting. To the best of our knowledge, FP-Radar is the first to detect the abuse of the Visibility API for ephemeral fingerprinting in the wild.

Keywords: browser fingerprinting, Wayback Machine, web APIs

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.