Web browser fingerprinting Farhan Jiva Computer Science Department The University of Georgia

1. Web browser fingerprinting Farhan Jiva Computer Science Department The University of Georgia jiva@cs.uga.edu Problem • Modern web browsers suffer from a fundamental privacy/information leakage flaw. • Websites you visit can query your web browser for instance-specific information. • Using this information, one can attach a certain uniqueness to your browser thereby creating a very persistent, cookie-less tracking mechanism. • My work aims to show how this “fingerprint” can be created, can be extended to include mobile platforms and can be used for a variety of applications. Background • Special variables in modern web browsers contain information regarding your specific browser instance • browser plug-in details • MIME types your browser can accept • which fonts are installed • screen resolution • others • This information can be easily queried from websites you visit (javascript). • Each piece of information contributes a certain amount of uniqueness to your browser, effectively creating a browser fingerprint. Approach • Currently, I'm working on a system which I've dubbed Bprobe. • The Bprobe project is a web analytics engine aimed at providing web site owners with in-depth information regarding their user base. • uses the browser fingerprint and very-persistent cookie methods • It also has the ability to be included in certain web applications • web-voting (repeat-vote detection) • certain web bot detection Contributions -Bprobe References 1. Panopticlick (http://panopticlick.eff.org/) 2. BrowserSpy (http://browserspy.dk/) Acknowledgments I would like to thank my advisor Dr. Kang Li for his guidance as well as my former cohort Dr. Doug Brewer for allowing me to pick his brain. Finally, I would like to thank the NSF for funding my work.