Unveiling Web Fingerprinting in the Wild Via Code Mining and Machine Learning

Fueled by advertising companies’ need of ac- curately tracking users and their online habits, web fin- gerprinting practice has grown in recent years, with se- vere implications for users’ privacy. In this paper, we de- sign, engineer and evaluate a methodology which com- bines the analysis of JavaScript code and machine learn- ing for the automatic detection of web fingerprinters. We apply our methodology on a dataset of more than 400, 000 JavaScript files accessed by about 1, 000 volunteers during a one-month long experiment to observe adoption of fingerprinting in a real scenario. We compare approaches based on both static and dynamic code analysis to automatically detect fingerprinters and show they provide different angles complementing each other. This demonstrates that studies based on either static or dynamic code analysis provide partial view on ac- tual fingerprinting usage in the web. To the best of our knowledge we are the first to perform this comparison with respect to fingerprinting. Our approach achieves 94% accuracy in small decision time. With this we spot more than 840 fingerprinting services, of which 695 are unknown to popular tracker blockers. These include new actual trackers as well as services which use fingerprinting for purposes other than tracking, such as anti-fraud and bot recognition