- From: Gunes Acar <Gunes.Acar@esat.kuleuven.be>
- Date: Mon, 14 Oct 2013 13:00:50 +0200
- To: public-privacy@w3.org, derhoermi@gmx.net
- Message-ID: <525BCEE2.3030805@esat.kuleuven.be>
Hi Bjoern,
Just for clarity, we logged the following events by modifying the WebKit
code base of Chromium and PhantomJS.
* font load attempts by intercepting calls to/CSSFontFace::getFontData
/and/CSSFontSelector::getFontData /methods/
/
* access to the following navigator properties and methods:/userAgent,
appCodeName, product, productSub, vendor, vendorSub, onLine,
appVersion, language, plugins, mimeTypes, cookieEnabled(),
javaEnabled()/
* access to/navigator.plugins: name, filename, description, length/
* access to /navigator.mimeTypes: enabledPlugin, description,
suffixes, type/
* /window.screen /properties/: horizontalDPI,verticalDPI, height,
width, colorDepth, pixelDepth, availLeft, availTop, availHeight,
availWidth/
* access to/offsetWidth /and /offsetHeight /properties
and/getBoundingRect /method of HTML elements/./
For the Flash files, we grepped for the ActionScript calls that are
listed in the paper (Appendix B)
<http://www.cosic.esat.kuleuven.be/publications/article-2334.pdf> after
decompilation.
That includes, for example, /enumerateFonts, getFontList,/ /XMLSocket,
getLocal/ and so on.
Also please note that our tool requires some manual analysis to get rid
of false positives and (safely) determining a script/SWF is
fingerprinting or not. That includes e.g., checking the WHOIS records,
company websites and reviewing fingerprinting code (if it's not obfuscated).
But this is for discovering new "fingerprinters"; for the ones we listed
on the last page of the paper, one just need to grep on the HTTP request
URLs - like Ghostery, AdBlock or similar tools do.
Best regards,
Gunes Acar
--------------------------------------------------------------------------
PhD Student
University ofLeuven
Dept. Electrical Engineering-ESAT / COSIC
Kasteelpark Arenberg 10, B-3001 Leuven, Belgium
Office: 01.17
tel: +32 16 32 11 29 fax: +32 16 32 19 69
email: gunes.acar (at) esat.kuleuven.be
web page: http://www.esat.kuleuven.be/cosic/?page_id=126
http://homes.esat.kuleuven.be/~gacar/fpdetective/
<http://homes.esat.kuleuven.be/%7Egacar/fpdetective/>
On 10/14/2013 12:08 PM, Bjoern Hoehrmann wrote:
> * Christine Runnegar wrote:
>> http://www.kuleuven.be/english/news/several-top-websites-use-device-fingerprinting-to-secretly-track-users
>> To detect websites using device fingerprinting technologies, the
>> researchers developed a tool called FPDetective. The tool crawls and
>> analyses websites for suspicious scripts. This tool will be freely
>> available at http://homes.esat.kuleuven.be/~gacar/fpdetective/ for other
>> researchers to use and build upon.
> I take it they customised open source web browsers so they report when
> web sites attempt to probe which fonts are installed on a client system
> and perhaps a few other properties and they are "in the process of
> preparing the FPDetective framework for public release." That's funny,
> some years ago I did something quite similar (though more ambitiously I
> wanted to simply trace all function calls and property accesses, it is
> actually quite odd that typical frameworks do not already ship with the
> capability) but I also did not develop into something I could bring my-
> self to release to the general public... It will be interesting to see
> how much of a hack their code is, or if it can easily be adapted to
> solve the more general problem of tracing everything (in which case new
> forms of malicious behavior could easily be identified through `grep`
> and Excel).
Received on Monday, 14 October 2013 11:01:20 UTC