Dodge: A Client-Side Framework for Application-Layer Video Fingerprinting Defenses

Authors: Ethan Witwer (Linköping University), David Hasselquist (Linköping University, Sectra Communications), Tobias Pulls (Karlstad University), Niklas Carlsson (Linköping University)

Volume: 2026
Issue: 3
Pages: 84–99
DOI: https://doi.org/10.56553/popets-2026-0072

Download PDF

Abstract: As reliance on online video continues to increase throughout all facets of society, it is critical to address the security and privacy threat of video fingerprinting, in which a local, passive adversary monitors a victim’s encrypted connection to a video server to infer which videos they are watching. These attacks attain high accuracy in realistic scenarios, while defenses that offer an acceptable trade-off between protection, overhead, and user experience are lacking. In this paper, we motivate application-layer defenses against video fingerprinting and present Dodge, a client-side framework for application-layer video fingerprinting defenses, implemented as a fork of the dash.js video player. Dodge provides the infrastructure and building blocks for defenses as well as a plug-and-play interface, making defense development and use straightforward while still providing maximal control over video flows. As a proof of concept, we use Dodge to implement a mimicry defense and show through live deployments that Dodge and the defense operate seamlessly, with modest overhead and very low user experience impact, while reducing attacker success close to theoretical bounds. Dodge can easily be deployed at scale and in a number of scenarios, with no changes to servers or network components; our analyses also lead to a host of insights that we hope will aid in deployment efforts.

Keywords: traffic analysis, video fingerprinting, framework, defenses

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.