Re: Font Based Fingerprinting Papers from Pete Snyder on 2019-04-19 (public-privacy@w3.org from April to June 2019)

From: Pete Snyder <psnyder@brave.com>
Date: Fri, 19 Apr 2019 23:07:29 +0200
To: Aleecia M McDonald <aleecia@aleecia.com>
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <5CEA8BFA-2BFD-4D28-884F-1D7137526699@brave.com>

Thanks for sharing this Aleecia.  Its a good paper! Antonine Vastel (the lead author) did an internship with me last summer at Brave, and I can give him a 👍 recommendation for anyone here looking for a privacy researcher.

However, I don’t think the finding / argument in the paper quite applies in this case, since (presumably, hopefully) changes to the standard would result in changes to implementors (i.e. the common browser cores).  So the mitigation wouldn’t result in people accidentally winding up in unexpectedly small anonymity sets (since all users of the browser[s] would be shifted to the same change).  Does that match your understanding of the situation?

P.S. the TL;DR; of the paper is that there are a lot of privacy tools that advertise / try to improve web privacy by (for example) blocking a fingerprintable browser characteristic (say, unique details of how chrome does Canvas on a specific piece of hardware).  The authors find that a lot of these tools actually make users more identifiable, because they make narrow changes.  Before installing the tool, the user was in the anonymity set of people using that version of chrome on that hardware.  After installing the tool, they may have blocked access to the canvas FP vector (some privacy benefit), but they’ve shot themselves in the foot because they’re in the much smaller anonymity set of people using the given tool.  The argument is a bit more involved than that, but thats the 9/10ths high level of it.

But, again, I dont think it applies here, because if all users of an implementation picked up the same mitigation / protection, the anonymity set would strictly increase (i.e. the user would be more private).

Pete Snyder
{pes,psnyder}@brave.com
Brave Software
Privacy Researcher

> On Apr 19, 2019, at 10:45 PM, Aleecia M McDonald <aleecia@aleecia.com> wrote:
> 
> Marginally relevant paper from Aug 2018 @ USENIX: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-vastel.pdf
> 
> Tl;dr — techniques to obfuscate fingerprinting often harm more than help. 
> 
> (Also contains citations to papers quantifying fingerprinting in the wild but I lack time to chase them down)
> 
> Title: Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies 
> Authors: Antonine Vastel, Pierre Laperdrix, Walter Rudametkin, Romain Rouvoy
> 
>  Aleecia
> 
> 
>

Received on Friday, 19 April 2019 21:07:54 UTC