Hiding in the Crowd: an Analysis of the Effectiveness of Browser Fingerprinting at Large Scale

Wanted to raise folks’ attention to this study by Inria of browser fingerprinting at scale <https://www.doc.ic.ac.uk/~maffeis/331/EffectivenessOfFingerprinting.pdf> wherein they found that 33.6% of browser fingerprints are unique.  They conducted this study by placing a fingerprinting script on one of the top 15 websites in France and collecting data from users who had consented to cookie collection over six months.

Their notable findings are:
- The population you are fingerprinting matters; they found that 33.6% of fingerprints are unique, in part, because they were collecting from a general interest site as opposed to a site dedicated to collecting fingerprints;
- That 35.7% of personal computers are unique and that 18.5% of mobile device fingerprints are unique;
- That content language and time zone provided significant herd immunity;
- That removing fingerprinting elements that are collected via Javascript removes the percentage of unique devices from 18.5% on mobile to 4.3% and from 35.7% on desktop to 0.7% (they grant that “[t]he improvement in privacy by removing Javascript is highly visible, but the cost to the ease and comfort of using web services could be overly high”).
- That the list of plugins, canvas, user agent, and fonts are the most distinctive attributes. 


Received on Monday, 2 July 2018 16:40:23 UTC