Fueled by advertising companies’ need of ac- curately tracking users and their online habits, web fin- gerprinting practice has grown in recent years, with se- vere implications for users’ privacy. In this paper, we de- sign, engineer and evaluate a methodology which com- bines the analysis of JavaScript code and machine learn- ing for the automatic detection of web fingerprinters. We apply our methodology on a dataset of more than 400, 000 JavaScript files accessed by about 1, 000 volunteers during a one-month long experiment to observe adoption of fingerprinting in a real scenario. We compare approaches based on both static and dynamic code analysis to automatically detect fingerprinters and show they provide different angles complementing each other. This demonstrates that studies based on either static or dynamic code analysis provide partial view on ac- tual fingerprinting usage in the web. To the best of our knowledge we are the first to perform this comparison with respect to fingerprinting. Our approach achieves 94% accuracy in small decision time. With this we spot more than 840 fingerprinting services, of which 695 are unknown to popular tracker blockers. These include new actual trackers as well as services which use fingerprinting for purposes other than tracking, such as anti-fraud and bot recognition
Unveiling Web Fingerprinting in the Wild Via Code Mining and Machine Learning / Rizzo, Valentino; Traverso, Stefano; Mellia, Marco. - In: PROCEEDINGS ON PRIVACY ENHANCING TECHNOLOGIES. - ISSN 2299-0984. - ELETTRONICO. - 1:1(2021), pp. 44-63. [10.2478/popets-2021-0004]
Titolo: | Unveiling Web Fingerprinting in the Wild Via Code Mining and Machine Learning | |
Autori: | ||
Data di pubblicazione: | 2021 | |
Rivista: | ||
Digital Object Identifier (DOI): | http://dx.doi.org/10.2478/popets-2021-0004 | |
Appare nelle tipologie: | 1.1 Articolo in rivista |
File in questo prodotto:
File | Descrizione | Tipologia | Licenza | |
---|---|---|---|---|
PoPETS fingerprinting.pdf | versione finale | 2a Post-print versione editoriale / Version of Record | ![]() | Visibile a tuttiVisualizza/Apri |
http://hdl.handle.net/11583/2852687