A Survey of Browser Fingerprint Research and Application
With the development of modern browsing, the convenience brought by rich browser features has also produced a large number of features, which are called browser fingerprints. This article surveys the latest research results on browser fingerprinting, hoping to provide a convenient navigation for newcomers to research or apply this technology in the future. This paper first briefly introduces the browser fingerprinting technology itself, then classifies the related research on browsers, and analyzes the development of different research directions of browser fingerprinting in detail. And through the analysis of the existing results, the problems faced by different research directions are pointed out. After that, this paper introduces the application of browser fingerprint technology in detail and discusses the application achievements and technical challenges of this technology. Next, this paper introduces the theoretical tools related to the research of browser fingerprinting technology and introduces the application of different theoretical tools and practical significance. Finally, the research achievements of browser fingerprint recognition are summarized, and the future development trend is pointed out.
The wheel of history is rolling forward, and the emergence of browser fingerprint technology is a historical necessity. When users obtain personalized, rich, and dynamic services, they must expose more characteristic information. This is not a loophole or a backdoor but a functional trade-off.
The browser fingerprint is a collection of all feature information that can be collected through the browser, but the feature information does not include the data that the user actively fills in and submits. Browser fingerprints and fingerprint similar to humans rely on the uniqueness of fingerprints browser browsing device itself, and it does not change with changes in the environment. Therefore, even in the case of encrypted network, anonymous network, mobile network, and even crossdomain, it can be identified. Modern browsers are very complex, each component has different characteristics, and these characteristics combined to form a unique fingerprint of the browser.
The main structure of this paper is as follows. Section 1 introduces the background of browser fingerprinting, related definitions, and contributions of this paper. Section 2 briefly introduces browser fingerprinting, and then according to different research directions, it introduces the existing research results and research challenges. Section 3 summarizes the existing application achievements and the application problems faced according to different application scenarios. Section 4 enumerates the mathematical tools and methods in browser fingerprint research, and points out its practical significance. In Section 5, the general situation of browser fingerprinting technology is discussed.
2. Related Research
In 2009, Mayer  published a study on Internet anonymity. In a small sample experiment, he pointed out that users can be identified by collecting characteristic information of browsers, but the concept of browser fingerprints was first proposed in 2010 by Eckersley  of the Electronic Frontier Foundation. It takes advantage of the various features offered by modern browsers. When a user requests a web page, the Web server obtains and sends back some unique information about the user’s browsing device by embedding JS code or another way. The information includes the de browser version, whether cookie is enabled, screen resolution, browser plug-in, system font, time zone, and so on. It can identify unique user entities. Browser fingerprint technology is stateless; that is, the use of browser fingerprints does not require any information to be stored on the client-side, and naturally, users cannot invalidate browser fingerprints by disabling cookies or privacy modes. In addition, browser fingerprints have high information entropy and are easy to obtain, and users will generate the same fingerprint for multiple visits and can be used for crossdomain identification and other excellent features.
In the ensuing time, scholars continued to conduct research on browser fingerprinting technology, trying to further tap the potential of this technology. For example, Mowery and Shacham  in 2012 explored the fingerprint features brought by Canvas in HTML. In 2015, FaizKhademi et al.  studied the detection and defense of browser fingerprints. In 2018, Vastel et al. studied the long-term evolution of browser fingerprints. According to different research directions, we have classified and summarized the existing browser fingerprint-related research, which can be roughly divided into three aspects: feature acquisition research, fingerprint defense research, and fingerprint evolution research. These three directions are discussed separately in the following sections.
2.2. Feature Acquisition Research
The ultimate goal of browser fingerprinting is to track the unique user entity. Therefore, obtaining high-entropy, long-lasting, and preferably crossbrowser-related fingerprint features is the main research direction for scholars in obtaining browser fingerprints. Due to the powerful functions and rich interfaces of modern browsers, it also provides many possibilities for researchers to obtain browser fingerprints. At the end of this section, Table 2 is given, which summarizes the characteristics of the various browser fingerprint acquisition methods.
2.2.2. CSS-Based Fingerprints
2.2.3. Canvas-Based Fingerprint
Modern browser for HTML5 support offers many powerful features to the user but also left a risk, in order to further exploit the browser get more unique fingerprint, Mowery and 2012 documents in . By rendering the text and WebGL scene to the <canvas> element, a brand new fingerprint is obtained. The new fingerprint having uniformity, high entropy, orthogonal to the other fingerprints, transparent to the user, and easily accessible is good property. Then, Acar et al.  on the canvas on a large scale study and the use of modern literature browsers fallback font mechanism to generate more between devices fingerprint high entropy.
2.2.4. Hardware and Software-Based Fingerprints
2.2.5. Fingerprint Based on Audio API
Similar to the above WebGL technology, Englehardt et al. proposed the fingerprint based on Web Audio API in literature  in 2016. In this paper, the signal generated by Oscillator Node, a script for processing audio, is used as the unique audio fingerprint. Queiroz et al. went a step further . The author tested various browsers and related hardware and software combinations in detail to obtain detailed fingerprint data, but the author still pointed out that using Web Audio API alone as a fingerprint is not very reliable.
2.2.6. Plugin-Based Fingerprint
Browser plugins bring convenience to users but also bring more characteristic information. In 2017, Sjosten et al.  proposed to use Web Accessible Resources to detect whether the specified browser plug-in is installed. Both Chrome and Firefox require extension resources referenced in regular web pages. That is, you can determine whether the specified plug-in exists by accessing the URL in the form “extension:///.” While most plug-ins can already be detected this way, not every extension has this accessible resource; so, there will still be some plug-ins that will not be detected by this technique. In the same year, Starov et al.  adopted different methods to detect the installation of browser plug-ins. The principle is that many plug-ins will modify the DOM of web pages. By detecting the relevant modifications, the plug-in installation of relevant users can be learned, and then the unique user can be determined. In the same year, Sanchez-Rola et al.  proposed a new time-side channel attack for access control to detect the installation of browser plug-ins. The author claimed that his detection effect was better than all previous extended fingerprint detection methods. In 2019, Starov et al.  further advanced the previous research on the side effects of browser plug-ins modifying web elements, including the possibility of injecting empty placeholders, injecting script or style tags, or sending messages on the page. The authors analyzed 58,034 extension stores from Chrome and found that 5.7% of them contained fingerprint able bloat. 61% of these extensions are recognized.
2.2.7. Other Browser Fingerprint Acquisition Technologies
2.3. Fingerprint Defense Research
Browser fingerprints are a huge hazard to privacy for identification, especially fingerprint acquisition in most cases without the user noticing it. The use of browser fingerprints is best to be safe and controllable; that is, in addition to accurately tracking users when they need to be identified, they can also be protected when users do not want to expose their browser fingerprints. Scholars’ technical research on browser fingerprint protection is dedicated to providing safe and effective protection methods when users want to hide themselves. At the end of this section, Table 3 is presented to compare the advantages and disadvantages of various protection methods.
2.3.1. Browser Protection Plugin
After the publication of Eckersley et al.’s study , people became more and more aware of the harm of browser fingerprint to privacy, and more and more researches on browser fingerprint protection began to be carried out. Boda has released a browser plug-in for browser fingerprints called Firegloves . The plug-in returns random values when querying certain properties, but because the same properties can be retrieved through different browser API, users of Firegloves are easier to identify than users who have not installed the extension. Torres et al. developed FP-Block  to address the problem of crossdomain tracing of browser fingerprints. It generates different fingerprints for different sites, without affecting continuous tracking and isolating cross-domain tracking. Faiz Khademi et al. proposed  to detect whether websites were collecting fingerprints by monitoring web objects running on users’ browsers, protect users from fingerprint identification by randomization strategy and two filtering technologies, and put relevant websites into blacklist, but this approach relies on the ability to identify anomalies on the site. Since both of these plug-ins return random values, they have similar problems with Firegloves.
2.3.2. Randomization Method
2.3.3. Uniform Methods
The opposite of randomization is unification. Wu et al. proposed a method of unifying WebGL  to combat browser fingerprints. The author analyzed the reasons for the differences in WebGL and proposed a new system called UNIGL to rewrite GLSL. The program is that WebGL presents the same rendering effect to erase the fingerprint of WebGL. Also in 2014, Fiore et al.’s idea  is even simpler. The author directly constructs a set of fake fingerprint information to deal with browser fingerprint tracking, but if it cannot be changed reasonably, the goal of tracking the user’s identity, regardless of true and false fingerprints, will provide tracking effects.
2.3.4. Other Protective Way
In 2015, Yokoyama and Uda  proposed a method of using local agent to rewrite the browser fingerprint value to prevent the third party from pursuing individual users. Its advantage is that for a single user in the LAN, there is no need to install redundant hardware and software locally, but the disadvantage is that there is nothing you can do with a local technique that returns a HASH value after calculating the fingerprint. In Baumann et al.’s literature , the author made a revision to protect browser fingerprint directly based on Chromium, so that Flash and Canvas fingerprint recognition can be prevented without disabling Flash and HTML5 canvas functions, and the returned fingerprints are all real collected fingerprints, which are fixed in the whole browsing session. It reduces the possibility of being identified by the site as an abnormal fingerprint. Later, Laperdrix et al.  also adopted the same idea and proposed a revision based on Firefox, adding fingerprint protection against AudioContext. As for obtaining browser fingerprints from XSS attacks mentioned above , Mitropoulos et al. proposed a training method in the literature  to deal with known XSS attacks. Later, ElBanna and Abdelbaki proposed a framework to reduce browser fingerprint , which is mainly aimed at fingerprint tracking of WebGL and Canvas.
Although there seems to be a lot of research on browser fingerprint defense, for individual users, there are almost only random ways to protect themselves, that is, using plug-ins or browsers that randomly generate fingerprints. The reason lies in two aspects: (1)It is almost impossible for the client to determine whether the website’s call to feature information is illegal or legal. For example, for a request for screen resolution information, the user cannot determine whether the website is for adapting the web page layout or just for recording user device information(2)The unification of a small number of users is meaningless: the unification of the interface requires the cooperation of various manufacturers and related technical institutions to achieve, such as formulating a unified WebGL and Canvas rendering effect, which seems to be a very ideal solution, but there is almost nothing individual users can do about it
2.4. Fingerprint Evolution Research
In life, we judge whether a person has touched something by directly comparing his fingerprint with the fingerprint on the object. But with browser fingerprinting, the situation gets more complicated, and leaving aside the issue of fake fingerprints, a single user’s browser fingerprint can change even if he uses the same browser on the same device for multiple visits. We call this the evolution of browser fingerprinting. There may be various reasons for this, such as upgrading the browser version, installing certain plug-ins, and using only certain settings, which may cause changes in the browser fingerprint of the same user. At the end of this section, Table 4 compares the browser fingerprint evolution tracking algorithms proposed by different articles.
In the early days of browser fingerprinting concepts, at the time of Eckersley’s original article , the author stated that 37.4% of users who allowed cookies to visit the site multiple times showed more than one fingerprint over time. But fortunately, the paper also points out that these changes are not random, and a reasonable matching algorithm can be used to continuously track the evolving fingerprint. A simple correlation algorithm is given in this paper, and the feasibility of tracking the evolving fingerprint is proved by experiments.
In general, the research on browser fingerprint evolution still has the following problems: (1)The long-term fingerprint evolution dataset problem: due to the privacy problem of browser fingerprinting, many researchers refuse to disclose their own datasets, and in the article , the author only open-sources some of the data. However, new researchers often lack enough time to collect long-term fingerprint evolution data. This supply-demand conflict looks set to continue in the short-term(2)Matching algorithm performance issues: in the article , it is pointed out that for many matching algorithms, once the data set is expanded to the millions level, the time consumption cannot be ignored. Considering the number of daily visits to large commercial websites, this is an unavoidable problem(3)Long-term tracking of browser fingerprint evolution: track users’ browser fingerprinting for as long as possible, and there is always room for reoptimization
3. Browser Fingerprint Application
3.1. Commercial Advertisement Recommendation
When the browser fingerprint was first proposed , it was pointed out that it could be used to track users, and its characteristics were similar to cookies. It was pointed out in the article that the browser fingerprint could be used as a unique identification mark alone or in combination with other marks to uniquely locate users. So, browser fingerprints can generally be used to do all the things that require identifying a user. Its workflow is shown in Figure 1. One of the first and largest applications is that commercial companies use to target users for advertising, price discrimination, and to collect users’ physical and financial status and other privacy . In 2013, Nikiforakis et al. conducted a large-scale study on the application of browser fingerprint in business . The author captured as many as 20 pages from each of the top 10,000 Alexa sites for analysis, and the final results showed that the research results showed that fingerprint identification has become a part of some of the most popular Internet sites.
3.2. Strengthen Safety Certification
Browser fingerprint not only threatens user privacy but can also be used to strengthen security authentication. For example, Unger et al. use browser fingerprint to strengthen HTTP and HTTPS identity authentication . Preuveneers and Joosen’s literature  propose a protocol that detects various parameters in session authentication and then uses adaptive and dynamic context fingerprints based on Hoeffding trees to continuously determine whether the user’s identity is real or not. In 2019, Joosen et al.  used Canvas fingerprints made from software and hardware stacks, combined with deep learning technology, to authenticate users and thus protect against replay attacks. The entire authentication process is supported natively by any major browser, client-side stateless, transparent to the user, and very user-friendly to the user experience. In the same year, Laperdrix also adopted Canvas fingerprint to strengthen identity authentication . Unlike Rocket, which uses deep learning to extract features and then compare them, Laperdrix, like Cooke, generates unique, unpredictable, and highly diverse canvas images each time a user logs into the service. The next user link must check that the current Canvas image is a perfect match for each pixel previously generated or reauthenticate. In 2021, Andriamilanto et al.  conducted a large-scale experiment on browser fingerprints to strengthen web authentication. Users will verify the fingerprints of the login browser each time they log in. The error rate in the author’s experiment is only 0.61%, but browser fingerprint verification is best just a secondary verification; otherwise, users may fall into the river with their web accounts and mobile phones.
3.3. Protection Service Provider
Web service providers can also use browser fingerprint technology to protect themselves. Traditional intrusion detection and other network attack defense methods are relatively passive, whose main purpose is to prevent attackers and protect servers. The addition of browser fingerprint technology can trace the source of network attackers to a certain extent, so as to find out the real identity of the attackers, which, to some extent, gives web service providers the active defense ability, increases the attack cost of the attackers, and can deter the attackers to a certain extent. In 2016, Liu et al.  proposed to use enhanced browser fingerprint to track attackers, mainly introducing secondary attributes that are helpful for correlation judgment but are not easy to change and utilizing the storage technology of the browser. Later, Jia et al. further combined browser fingerprint and honeypot  and proposed a mini honeypot for browser fingerprint, which is more convenient for users to deploy and use. On the internal network of a service provider, there may be a complex intranet, and the configurations of different devices may be complex and full of vulnerabilities. Browser fingerprint technology can quickly and easily reflect the hardware and software configuration of different devices. Network administrators can perform security configuration and monitoring.
3.4. Browser Fingerprints Prevent Robot Accounts
Many companies have already adopted a variety of methods to detect robots and scripts, such as ThreatMetrix , Distil Networks , MaxMind , which all use browser fingerprints to detect robots and abnormal activities. In the literature  the authors mentioned that their Picasso system can successfully distinguish between the browser series (Chrome, Firefox, etc.) and the operating system series (Windows, iOS, OSX, etc.) more than 52 million clients, 100% of which accuracy. It can be used to combat script abuse in the Play Store or other mobile application markets, and it can also protect user accounts from logging in from unknown devices. In 2016, Quanzhu et al. already  aimed at the current hospital’s online registration service for popular expert accounts that have been robbed by the scalpers, combined with the characteristics of browser fingerprint technology that can identify the identity of the browser visiting users, and designed an identifiable registration system for the prevention of scalpers by the identity of the registered person. In Qingxuan’s article , in response to the problem of false evaluation, combined with the characteristics of device fingerprints that can identify the identity of the browser visiting users, an identification system that can identify the identity of false orders is designed.
3.5. Reverse User Software and Hardware
In the article by Schwarz et al. , it is mentioned that reverse thinking is adopted, and the characteristics of browser fingerprints are used to reverse the characteristics of users. The user’s software and hardware information can be obtained through browser fingerprints. Many users cannot install security patches or upgrade security in time; so, attackers can use the public CVE  vulnerabilities to carry out targeted attacks. Malwarebyte has extensively documented how malicious advertisements use fingerprints to send malware to vulnerable devices in the literature . Attackers use browser fingerprinting technology to check whether users have exploitable vulnerabilities, and if so, jump to contain malicious code. Page. In 2016, Saito et al. proposed  to use browser fingerprints to infer the user’s CPU characteristics, mainly to determine whether the CPU supports Advanced Encryption Standard New Instructions (AES-NI) and Intel Turbo Boost Technology (Turbo Boost). Later, the author carried out further advancement , able to identify more CPUs, and the number of CPU cores with higher precision. After the Spectre and Meltdown vulnerabilities were exposed, it can be said that the leakage of this information poses a significant security threat to users. Concerning results were shown in a 2020  study, and browser extension fingerprinting may lead to personal data leakage, such as religious and medical. issues. Fortunately, these are not direct leaks, but the author’s inferences based on the description of the plug-in, but it is still worth alerting.
Although browser fingerprinting technology has been applied in many scenarios, it still has not become an almost necessary technology for the web like cookies, mainly because of the following reasons. (1)Performance consumption is a problem: compared with cookie technology, the performance consumption of browser fingerprinting technology cannot be ignored. Its main performance consumption is reflected in three aspects. The first is the acquisition of web front-end browser features, which usually requires running a large amount of JS code, which will consume a lot of user resources to run. The second point is that when transmitting fingerprint data, network delay and bandwidth are unavoidable. The third point is the performance consumption of the server for browser fingerprint matching. The consumption of these three stages is unavoidable and can only be optimized according to the needs(2)Iterative problem of technology update: browser fingerprinting is an accessory of the rapid development of web technology, and many ways of acquiring fingerprint features will change or disappear with technological upgrades. For example, Flash-based acquisition methods no longer exist. If you want to use the browser fingerprint technology for a long time, you need to constantly follow the relevant web technology to upgrade your browser fingerprint related code
4. Evaluation and Processing Methods of Browser Fingerprints
4.1. Browser Fingerprinting Feature Evaluation Tool
Browser fingerprints are complicated, and different components have different occurrence probabilities. How to describe and measure the uncertainty of this information is a common problem faced by all scholars. In 1948, Shannon proposed the concept of “information entropy,” which solved the problem of people’s quantitative measurement of information. In the literature , the information of the browser fingerprint is modeled. The article assumes that there is a browser fingerprint algorithm , which is similar to the Hash function, for each input browser fingerprint . There is a unique output . The probability of each result is . Then, you can get the corresponding self-information amount:
The result is rounded up to indicate how many bits are needed to represent the information, and the information entropy of the corresponding browser fingerprint is the expectation of information entropy. Here is the following formula:
The browser fingerprint is composed of the hardware and software components of multiple browsers. A similar method can be used to define the definition of a single component of the browser. The fingerprint of a single component is . The self-information amount and information entropy of its individual components are defined as follows:
If the components are independent of each other, their information entropy can be linearly added, but this is not the case. The fingerprint components of multiple browsers are often related to each other. For example, the Edge browser is mostly related to the Windows system, while the Safari browser is often bounded to the IOS system; so, it is necessary to use conditional self-information to measure multiple components together:
The method of information entropy can be used to demonstrate the feasibility of using browser fingerprints to identify users. Since the actual probability cannot be obtained, a statistical approximation can only be obtained. Therefore, when the browser fingerprint algorithm is actually used for user tracking, it is best to first perform statistical collection of browser fingerprint information and reasonably evaluate the information volume and information entropy of each component of the browser fingerprint. When performing the comparison of browser fingerprints, a certain weight can be selected according to different information entropies.
4.2. Browser Fingerprint Evolution Evaluation Tool
But more often, we hope to quantify the degree of difference between the two browsers. Yamada uses the edit distance to describe the degree of difference . Edit distance, also known as Levenshtein distance, is a quantitative measurement of the degree of difference between two-character strings (such as English characters): another string. The formula is as follows:
In its original edit distance, the unit of comparison is each character. In Yamada’s paper, the original version was not used directly. Since the format of each browser plug-in or version is fixed, such as Firefox 50.0 and Chrome 60.5, the author regards each plug-in version description as a single character when comparing. Then, take the entire list of plug-ins as a string and compare them according to the edit distance. The author calls this method YIKS distance.
There is also a time-based difference characterization called disagreement decay. Disagreement decay is the probability that an entity changes the value of an attribute s within the time . This probability is denoted by . We can characterize the probability distribution function of this probability through mathematical statistics, specifically expressed as follows:
The absolute value represents the number of samples, which corresponds to an agreement decay. As the name suggests, agreement decay is the probability that an entity remains the same value of an attribute s within the time . Similar to the above, it is not explained.
4.3. Matching Performance Evaluation Tool
No matter what feature is used, in order to judge whether the incoming visit comes from the previous user, the website must match the browser fingerprints one by one. When the amount of browser fingerprint data is large, the positive and negative samples in the matching process are unbalanced, because the new visit must originate from a certain user, which means that the rest are negative samples. The traditional accuracy rate can no longer measure the performance of the matching algorithm. Usually, selected indicators are F1-score, G-mean, MCC ,and AUCPRC. Among them, AUCPRC stands for area under precision-recall curve, and the other three formulas are as follows:
The measurement standard F1-score is based on the harmonic average of precision and recall, which means that in fingerprint recognition, the cost of misclassification of positive and negative samples is the same. While G-mean represents the geometric mean of classifier precision and recall, F1-score and G-mean give more importance to smaller values. MCC is the Matthews correlation coefficient, which is a relatively balanced indicator, which essentially describes the correlation coefficient between the predicted results and the actual results. When the gap between the F1-score of a classification and the MCC is large, it means that a single indicator cannot measure all the advantages and disadvantages of classifiers.
The rise of browser fingerprint technology conforms to the general trend that people pay more and more attention to privacy. Traditional cookie-based user tracking technology has exposed more and more limitations. For example, cookies may be hijacked , modified , forged, and even injected from cookies . More and more users choose to ban cookies or install privacy protection plug-ins, and even recently, Google announced that it would ban third-party cookies . Browser fingerprint technology will become an important way for future user tracking due to its statelessness, no storage, and wide feature sources. We have comprehensively analyzed the results of previous studies and believe that future research will have the following trends: (1)The application of machine learning technology: this part is mainly applied to the method of browser fingerprint matching. If it is only to match whether the fingerprints are the same as in the article [11, 56], then it is only necessary to match whether the fingerprints are the same. If the fingerprint evolution is considered [5, 8, 45–49], a corresponding matching algorithm is required. Early literatures [5, 8, 58, 73] built efficient matching algorithms based on rules. With the development of machine learning and deep learning, more authors choose to use machine learning methods to analyze browser fingerprint features. For example, the literature [4, 7] uses clustering algorithm and further in order to automatically extract fingerprint signs. Some literatures [8, 9] started to use machine learning algorithms such as neural networks for fingerprint matching. It is believed that there will be more research on the combination of browser fingerprinting and machine learning technology in the future(2)Browser fingerprint application research: although many applications of browser fingerprinting have been listed above [52–55, 58, 59, 63, 64], these applications mainly take advantage of two aspects: one is the immutability of fingerprints, and the other is the use of fingerprints. Get feature information. However, with the advancement of related research on software and hardware fingerprinting [15, 16] and related research on browser fingerprinting evolution [8, 45–49], there are more potential applications of browser fingerprinting that can be tapped, such as crossbrowser fingerprinting. Tracking, crossdomain tracking, and user portrait characterization(3)Research on fingerprint characteristics of modern browsers: as browsers and related network technologies are constantly iterating, many technologies will be discontinued. For example, Microsoft , Google , and even Adobe  themselves have announced the discontinuation of flash technical support. With the rapid development of technologies such as HTML5 and CSS3, the fingerprints of the browser in the metropolis have different characteristics in different eras
The hidden worries of browser technology development are as follows: although browser fingerprinting technology is relatively mature, relevant laws, regulations, and technical specifications have long lagged behind practice . If the information leakage of the previous studies [66–68] is concerned, it is still about the technical security of device information. The research of the article  shows the social harm of browser fingerprinting technology to personal privacy. For related solutions, in the short-term, manufacturers should continuously update versions and prohibit the acquisition of some features. In the long run, the fundamental solution still requires governments to establish relevant laws and regulations to constrain and guide relevant technology development.
The current research on browser fingerprints has made certain achievements, which can be used as an important part of user identity tracking technology. Although browser fingerprints are used alone as a sign of user identity, there are still many problems, but the combination of browser fingerprints and traditional user identity tracking technology can be applied in many directions, such as identity tracking, user authentication, and security defense. This article summarizes the relevant research status from three aspects of browser fingerprint acquisition, defense, and long-term tracking, proposes to further discuss the application of this technology in various aspects, and finally summarizes the related research theoretical methods of browser fingerprints.
The experimental data used to support the findings of this study are available from the corresponding author upon request.
Conflicts of Interest
The authors declare that they have no conflicts of interest.
This work was supported by the National Natural Science Foundation of China (No. 62176264).
J. R. Mayer, Any person… a pamphleteer: Internet Anonymity in the Age of Web 2.0, Princeton University, 2009, Undergraduate Senior Thesis.
K. Mowery and H. Shacham, “Pixel perfect: Fingerprinting canvas in HTML5,” in Proceedings of W2SP, pp. 1–12, San Francisco, CA, USA, 2012.View at: Google Scholar
A. Faiz Khademi, M. Zulkernine, and K. Weldemariam, “FPGuard: detection and prevention of browser fingerprinting,” DBSec 2015: Data and Applications Security and Privacy XXIX, Springer, Cham, pp. 293–308, 2015.View at: Google Scholar
N. Takei, T. Saito, K. Takasu, and T. Yamada, “Web browser fingerprinting using only cascading style sheets,” in 2015 10th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), pp. 57–63, Krakow, Poland, 2015.View at: Google Scholar
P. Laperdrix, O. Starov, Q. Chen, A. Kapravelos, and N. Nikiforakis, Fingerprinting in style: detecting browser extensions via injected style sheets, 2021, https://www.usenix.org/conference/usenixsecurity21/presentation/laperdrix.
G. Acar, C. Eubank, S. Englehardt, M. Juarez, A. Narayanan, and C. Diaz, “The web never forgets: persistent tracking mechanisms in the wild,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 674–689, Vienna, Austria, 2014.View at: Google Scholar
P. Laperdrix, W. Rudametkin, and B. Baudry, “Beauty and the beast: diverting modern web browsers to build unique browser fingerprints,” in 2016 IEEE Symposium on Security and Privacy (SP), pp. 878–894, San Jose, CA, USA, 2016.View at: Google Scholar
Y. Cao, S. Li, and E. Wijmans, “(Cross-) browser fingerprinting via os and hardware level features,” in 24th Annual Network and Distributed System Security Symposium, Scottsdale, Arizona, USA, 2017.View at: Google Scholar
I. Sánchez-Rola, I. Santos, and D. Balzarotti, “Extension breakdown: security analysis of browsers extension resources control policies,” 2017, https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/sanchez-rola.View at: Google Scholar
Ł. Olejnik, G. Acar, C. Castelluccia, and C. Diaz, “The leaking battery - a privacy analysis of the HTML5 Battery Status API,” Data Privacy Management, and Security Assurance, Springer International Publishing, Cham, pp. 254–263, 2016.View at: Google Scholar
C. F. Torres, H. Jonker, and S. Mauw, “FP-Block: usable web privacy by controlling browser fingerprinting,” Computer Security-ESORICS 2015-20th European Symposium on Research in Computer Security, Springer International Publishing, Cham, 2015.View at: Google Scholar
F. Besson, N. Bielova, and T. Jensen, “Browser randomisation against fingerprinting: a quantitative information flow approach,” Secure IT Systems -19th Nordic Conference, NordSec 2014, Springer International Publishing, Cham, pp. 181–196, 2014.View at: Google Scholar
P. Laperdrix, W. Rudametkin, and B. Baudry, “Mitigating browser fingerprint tracking: multi-level reconfiguration and diversification,” in 2015 IEEE/ACM 10th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, pp. 98–108, Florence, Italy, May 2015.View at: Publisher Site | Google Scholar
E. Trickel, O. Starov, A. Kapravelos, N. Nikiforakis, and A. Doupé, “Everyone is Different: Client-side Diversification for Defending Against Extension Fingerprinting,” 2019, https://www.usenix.org/conference/usenixsecurity19/presentation/trickel.View at: Google Scholar
S. Wu, S. Li, Y. Cao, and N. Wang, “Rendered private: making GLSL execution uniform to prevent WebGL-based Browser fingerprinting,” 28th USENIX Security Symposium 2019, 2019, https://www.usenix.org/conference/usenixsecurity19/presentation/wu.View at: Google Scholar
U. Fiore, A. Castiglione, A. D. Santis, and F. Palmieri, “Countering browser fingerprinting techniques: constructing a fake profile with Google Chrome,” in 2014 17th International Conference on Network-Based Information Systems, pp. 355–360, Salerno, Italy, September 2014.View at: Publisher Site | Google Scholar
P. Baumann, S. Katzenbeisser, M. Stopczynski, and E. Tews, “Disguised Chromium browser: Robust browser, Flash and Canvas fingerprinting protection,” in Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society, Sofia, Bulgaria, 2016.View at: Google Scholar
P. Laperdrix, B. Baudry, and V. Mishra, “FPRandom: randomizing core browser objects to break advanced device fingerprinting techniques,” Engineering Secure Software and Systems -9th International Symposium, ESSoS 2017, Springer International Publishing, Cham, pp. 97–114, 2017.View at: Google Scholar
T. Yamada, T. Saito, K. Takasu, and N. Takei, “Robust identification of browser fingerprint comparison using edit distance,” in 2015 10th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), pp. 107–113, Krakow, Poland, November 2015.View at: Publisher Site | Google Scholar
L. Qixu, L. Xinyu, L. Cheng, W. Junnan, C. Langping, and L. Jiaxi, “An android browser fingerprint recognition method based on bidirectional recurrent neural network,” Computer Research and Development, vol. 57, no. 11, pp. 2294–2311, 2020, (In Chinese).View at: Google Scholar
P. Laperdrix, G. Avoine, B. Baudry, and N. Nikiforakis, “Morellian analysis for browsers: making web authentication stronger with Canvas fingerprinting,” Detection of Intrusions and Malware, and Vulnerability Assessment -16th International Conference, DIMVA 2019, Springer International Publishing, Cham, pp. 43–66, 2019.View at: Google Scholar
ThreatMetrix, ThreatMetrix Announces Cookieless Device Identification to Prevent Online Fraud While Protecting Customer Privacy, https://www.threatmetrix.com/press-releases/threatmetrix-announces-cookieless-device-identification-to-prevent-online-fraud-while-protecting-customer-privacy/.
D. Networks, The Evolution of Hi-Def Fingerprinting in Bot Mitigation, https://resources.distilnetworks.com/all-blog-posts/device-fingerprinting-solution-bot-mitigation.
MaxMind, Device Tracking Add-on for Minfraud Services, https://dev.maxmind.com/minfraud/device/.
Y. Quanzhu, J. Pengfei, Y. Lijing, and Z. Hongfang, “An anti-scalper registration system based on browser fingerprinting technology,” Computer Applications, vol. 36, no. S2, p. 276, 2016, (In Chinese).View at: Google Scholar
X. Qingxuan, “Fake order recognition system based on browser fingerprint,” Electronic Production, vol. 2, p. 3, 2019, (In Chinese).View at: Google Scholar
CVE, Common Vulnerabilities and Exposures-The Standard for Information Security Vulnerability Names, https://cve.mitre.org/.
Malwarebytes, Operation Fingerprint-A Look into Several Angler Exploit Kit Malvertising Campaigns, https://malwarebytes.app.box.com/v/operation-fingerprint.
T. Saito, K. Yasuda, K. Tanabe, and K. Takahashi, “Web Browser Tampering: Inspecting CPU Features from Side-Channel Information,” Advances on Broad-Band Wireless Computing, Communication and Applications, Springer International Publishing, Cham, pp. 392–403, 2018.View at: Google Scholar
S. Karami, P. Ilia, K. Solomos, and J. Polakis, “Carnus: exploring the privacy threats of browser extension fingerprinting,” 2020, https://www.ndss-symposium.org/ndss-paper/carnus-exploring-the-privacy-threats-of-browser-extension-fingerprinting/.View at: Google Scholar
Google, “Charting a course towards a more privacy-first web,” https://blog.google/products/ads-commerce/a-more-privacy-first-web/.View at: Google Scholar
Z. Liangfeng, W. Yi, W. Yuanyi, and K. Rui, “Statistics-based browser fingerprinting technology,” Information Network Security, vol. 11, pp. 49–55, 2019, (In Chinese).View at: Google Scholar
Microsoft, Adobe Flash end of support on December 31, 2020, https://docs.microsoft.com/en-us/lifecycle/announcements/adobe-flash-end-of-support.
Google, Saying goodbye to Flash in Chrome, https://www.blog.google/products/chrome/saying-goodbye-flash-chrome/.
Adobe, “Adobe Flash Player EOL General Information Page,” https://www.adobe.com/products/flashplayer/end-of-life.html.View at: Google Scholar