- From: Gunes Acar <Gunes.Acar@esat.kuleuven.be>
- Date: Mon, 14 Oct 2013 13:00:50 +0200
- To: public-privacy@w3.org, derhoermi@gmx.net
- Message-ID: <525BCEE2.3030805@esat.kuleuven.be>
Hi Bjoern, Just for clarity, we logged the following events by modifying the WebKit code base of Chromium and PhantomJS. * font load attempts by intercepting calls to/CSSFontFace::getFontData /and/CSSFontSelector::getFontData /methods/ / * access to the following navigator properties and methods:/userAgent, appCodeName, product, productSub, vendor, vendorSub, onLine, appVersion, language, plugins, mimeTypes, cookieEnabled(), javaEnabled()/ * access to/navigator.plugins: name, filename, description, length/ * access to /navigator.mimeTypes: enabledPlugin, description, suffixes, type/ * /window.screen /properties/: horizontalDPI,verticalDPI, height, width, colorDepth, pixelDepth, availLeft, availTop, availHeight, availWidth/ * access to/offsetWidth /and /offsetHeight /properties and/getBoundingRect /method of HTML elements/./ For the Flash files, we grepped for the ActionScript calls that are listed in the paper (Appendix B) <http://www.cosic.esat.kuleuven.be/publications/article-2334.pdf> after decompilation. That includes, for example, /enumerateFonts, getFontList,/ /XMLSocket, getLocal/ and so on. Also please note that our tool requires some manual analysis to get rid of false positives and (safely) determining a script/SWF is fingerprinting or not. That includes e.g., checking the WHOIS records, company websites and reviewing fingerprinting code (if it's not obfuscated). But this is for discovering new "fingerprinters"; for the ones we listed on the last page of the paper, one just need to grep on the HTTP request URLs - like Ghostery, AdBlock or similar tools do. Best regards, Gunes Acar -------------------------------------------------------------------------- PhD Student University ofLeuven Dept. Electrical Engineering-ESAT / COSIC Kasteelpark Arenberg 10, B-3001 Leuven, Belgium Office: 01.17 tel: +32 16 32 11 29 fax: +32 16 32 19 69 email: gunes.acar (at) esat.kuleuven.be web page: http://www.esat.kuleuven.be/cosic/?page_id=126 http://homes.esat.kuleuven.be/~gacar/fpdetective/ <http://homes.esat.kuleuven.be/%7Egacar/fpdetective/> On 10/14/2013 12:08 PM, Bjoern Hoehrmann wrote: > * Christine Runnegar wrote: >> http://www.kuleuven.be/english/news/several-top-websites-use-device-fingerprinting-to-secretly-track-users >> To detect websites using device fingerprinting technologies, the >> researchers developed a tool called FPDetective. The tool crawls and >> analyses websites for suspicious scripts. This tool will be freely >> available at http://homes.esat.kuleuven.be/~gacar/fpdetective/ for other >> researchers to use and build upon. > I take it they customised open source web browsers so they report when > web sites attempt to probe which fonts are installed on a client system > and perhaps a few other properties and they are "in the process of > preparing the FPDetective framework for public release." That's funny, > some years ago I did something quite similar (though more ambitiously I > wanted to simply trace all function calls and property accesses, it is > actually quite odd that typical frameworks do not already ship with the > capability) but I also did not develop into something I could bring my- > self to release to the general public... It will be interesting to see > how much of a hack their code is, or if it can easily be adapted to > solve the more general problem of tracing everything (in which case new > forms of malicious behavior could easily be identified through `grep` > and Excel).
Received on Monday, 14 October 2013 11:01:20 UTC