Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors
This addresses the challenge of protecting users from opaque tracking while maintaining website functionality, though it is incremental as it builds on existing detection methods.
The paper tackled the problem of detecting browser fingerprinting, an invasive tracking technique, by proposing FP-Inspector, a machine learning approach that detects 26% more fingerprinting scripts than the state-of-the-art and reduces website breakage by a factor of 2 with an API-level countermeasure.
Browser fingerprinting is an invasive and opaque stateless tracking technique. Browser vendors, academics, and standards bodies have long struggled to provide meaningful protections against browser fingerprinting that are both accurate and do not degrade user experience. We propose FP-Inspector, a machine learning based syntactic-semantic approach to accurately detect browser fingerprinting. We show that FP-Inspector performs well, allowing us to detect 26% more fingerprinting scripts than the state-of-the-art. We show that an API-level fingerprinting countermeasure, built upon FP-Inspector, helps reduce website breakage by a factor of 2. We use FP-Inspector to perform a measurement study of browser fingerprinting on top-100K websites. We find that browser fingerprinting is now present on more than 10% of the top-100K websites and over a quarter of the top-10K websites. We also discover previously unreported uses of JavaScript APIs by fingerprinting scripts suggesting that they are looking to exploit APIs in new and unexpected ways.