Re: Detecting incognito mode from Nataliia Bielova on 2019-06-18 (public-privacy@w3.org from April to June 2019)

From: Nataliia Bielova <nataliia.bielova@inria.fr>
Date: Tue, 18 Jun 2019 22:25:52 +0200
To: Pete Snyder <psnyder@brave.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Cc: Samuel Weiler <weiler@w3.org>, Shivan Kaul Sahib <shivankaulsahib@gmail.com>, Nick Doty <npdoty@ischool.berkeley.edu>
Message-Id: <74966620-0768-4E60-9A1C-016550460401@inria.fr>

Dear all,

in the past we’ve done some research on browser fingerprinting by browser extensions [1], and in particular we have looked into fingerprinting by tracking protection extensions: AdBlock, Disconnect, Ghostery and Privacy Badger. We analyzed the tradeoff between the privacy loss (how fingerprintable users with such extensions are) and the level of protection provided by these extensions — see Section 7 for more details.

[1] http://www-sop.inria.fr/members/Nataliia.Bielova/papers/Guly-etal-18-WPES.pdf


Best, 
Nataliia

---
Nataliia Bielova
Researcher at Inria
http://www-sop.inria.fr/members/Nataliia.Bielova/
https://twitter.com/nataliabielova

> On 18 Jun 2019, at 18:35, Pete Snyder <psnyder@brave.com> wrote:
> 
> I’m currently not planning on being in Montreal, so sadly I won’t be able to join you.  But there is a sig amount of research work in this area (identifying / fingerprinting users based on their use of privacy tools, and the privacy properties of private browsing modes).
> 
> I know some of those papers have been shared on this mailing list already, but I’d be happy to gather and (re)share some if it’d be helpful.
> 
> Pete Snyder
> {pes,psnyder}@brave.com
> Brave Software
> Privacy Researcher
> 
>> On Jun 18, 2019, at 5:14 AM, Samuel Weiler <weiler@w3.org> wrote:
>> 
>> On 6/16/19 4:29 PM, Shivan Kaul Sahib wrote:
>>> Thanks Nick.
>>> A couple of IETFs ago at the f2f PING meeting, folks discussed building a "Panopticlick <https://panopticlick.eff.org/> for Private Browsing Mode" i.e. a web page that a user can navigate to while in private-browsing mode and check if 1) they are detectable, 2) what guarantees their browser provides them while in private-browsing (doesn't retain cookies, etc). It would also be somewhat similar to the WebRTC Local IP Address leak page we worked on last year (though I hope with prettier UI/marketing): https://ntblk.github.io/webrtc-privacy/
>>> If there's interest and people are showing up for IETF next month in Montreal, we could get a table at the hackathon, else async.
>> 
>> That would amuse me, and I plan to be around.  Anyone else?
>> 
> 
>

Received on Tuesday, 18 June 2019 20:26:18 UTC