Presentation is loading. Please wait.

Presentation is loading. Please wait.

Quantifying the Fingerprintability of Browser Extensions

Published byJoshua Harrell Modified over 6 years ago

Similar presentations

Presentation on theme: "Quantifying the Fingerprintability of Browser Extensions"— Presentation transcript:

1 Quantifying the Fingerprintability of Browser Extensions
XHOUND Quantifying the Fingerprintability of Browser Extensions Authors – Oleksii Starov and Nick Nikiforakis Presented By – Jordan Wong

2 Motivation Browser extensions enhance browsers
Users have an average of 5 extensions Are there any costs to these extensions? Extensions allow you to be tracked Naïve countermeasures do not work Private browsing Deleting cookies

3 Background Plugin Extension Types of tracking
Deliver non-traditional HTML E.g. FlashPlayer JavaScript to get list of installed plugins Extension Extend browser functionality E.g. AdBlock Must analyze Document Object Model (DOM) Types of tracking Arbitrary domain – Tracking on any webpage Specific domain – Tracking on a specific webpage

4 Purpose of this paper How many extensions introduce detectable DOM changes? What types of DOM changes are introduced? How many users are fingerprintable based on their extensions? Can a tracking script check what extensions are installed?

5 XHound A human can analyze the DOM and infer presence of extension
But not scalable to ALL the available extensions XHound – Tool to determine DOM changes made by extensions 2 step approach Place hooks on functions of interest Dynamic analysis to stimulate DOM changing code

6 OnTheFlyDOM OnTheFlyDom library
Create queried elements ‘on-the-fly’ Record created elements Return created elements Forces extensions to activate and make DOM changes

7 Methodology Need to compare DOM ‘before’ and ‘after’ extension
Navigate to page with and without extension Webpage DOMs are dynamic Can’t determine cause of DOM changes

8 Methodology Visit honey pages Contains various elements
Text Videos Images Contains OnTheFlyDOM library ‘Redirect’ URL’s to localhost (780 URLs)

9 Fingerprintability of Extensions (1st RQ)
Applied to top 10,000 extensions in Chrome store >9% are fingerprintable on arbitrary domain >16% are fingerprintable on specific domain Applied to top 1,000 extensions in Chrome store >13% are fingerprintable on arbitrary domain >23% are fingerprintable on specific domain

10 Fingerprintability of Extensions (1st RQ)
Most fingerprintable by category Shopping Social media Longitudinal study (4 months) 88% still fingerprintable Same analysis performed on Firefox Same results

11 Types of DOM Modification (2nd RQ)
4 types of modification Adding a DOM element Deleting a DOM element Change a tag’s attribute Change text on a page

12 Fingerprintability based on user extensions(3rd RQ)
850 extensions and users were analyzed Users grouped into anonymity sets Each set represents users who have the same extension-based fingerprint The smaller the set, the more trackable the user 14% of users are uniquely identifiable based on their extensions

13 Can a tracking script determine installed extensions(4th RQ)
Tracking script takes less than 5ms to check for an extension Users have an average of 5 extensions More information can be deduced based on user extensions Interests Income levels

14 Countermeasures Encapsulation Namespace pollution
Shadow DOM – ‘Package element’ to separate presentation from content Does not work for all types of changes Namespace pollution Adding random DOM changes to the DOM Gives false positives to tracking scripts Hard to achieve – need to maintain original page functionality

15 Criticism – Browsers Did not consider effects of different browser versions There are other popular browsers which were not explored Safari Microsoft Edge Internet Explorer

16 Criticism – Extension Source
Some extensions require setup before they can activate Redux DevTools Responsive WebTester XHound does not configure extensions Extension source Only Chrome store used Third party sources not considered

17 Criticism - Frameworks
Multiple front-end frameworks Angular React Significantly different resulting DOMs May impact the fingerprintability of extensions but not considered

18 Criticism Provided a convincing argument on the vulnerabilities
Opportunity for future work

19 Thank you Q & A

Download ppt "Quantifying the Fingerprintability of Browser Extensions"

Similar presentations

What is Multimedia ? Multi ( Multiple ) and Media ! So…. Information in multiple formats, including text, images, audio, video and animation :) It makes.

What is Multimedia ? Multi ( Multiple ) and Media ! So…. Information in multiple formats, including text, images, audio, video and animation :) It makes.
Iframes & Images Using HTML.

Iframes & Images Using HTML.
HTML 5. What is HTML5? HTML5 will be the new standard for HTML, XHTML, and the HTML DOM. The previous version of HTML came in 1999. The web has changed.

HTML 5. What is HTML5? HTML5 will be the new standard for HTML, XHTML, and the HTML DOM. The previous version of HTML came in The web has changed.
Languages for Dynamic Web Documents

Languages for Dynamic Web Documents
The Internet 8th Edition Tutorial 1 Browser Basics.

The Internet 8th Edition Tutorial 1 Browser Basics.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.

1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
1 Using jQuery JavaScript & jQuery the missing manual (Second Edition)

1 Using jQuery JavaScript & jQuery the missing manual (Second Edition)
The Internet & Web Browsers Business Webpage Design Kelly Seale.

The Internet & Web Browsers Business Webpage Design Kelly Seale.
Chapter 11 Adding Media and Interactivity. Flash is a software program that allows you to create low-bandwidth, high-quality animations and interactive.

Chapter 11 Adding Media and Interactivity. Flash is a software program that allows you to create low-bandwidth, high-quality animations and interactive.
Danielle Baldwin, ITS Web Services CMS Administrator Application Overview and Joomla 1.5 RC 1 Highlights.

Danielle Baldwin, ITS Web Services CMS Administrator Application Overview and Joomla 1.5 RC 1 Highlights.
HTML5. What is HTML5? HTML5 will be the new standard for HTML. HTML5 is the next generation of HTML. HTML5 is still a work in progress. However, the major.

HTML5. What is HTML5? HTML5 will be the new standard for HTML. HTML5 is the next generation of HTML. HTML5 is still a work in progress. However, the major.
DHTML - Introduction Introduction to DHTML, the DOM, JS review.

DHTML - Introduction Introduction to DHTML, the DOM, JS review.
Computer Concepts 2014 Chapter 7 The Web and E-mail.

Computer Concepts 2014 Chapter 7 The Web and .
WWW and HTML. Annoucement n Many people submitted the.vbp file and lost points n Can resubmit the.frm file to my , and get most.

WWW and HTML. Annoucement n Many people submitted the.vbp file and lost points n Can resubmit the.frm file to my , and get most.
The Internet 8th Edition Tutorial 9 Creating Effective Web Pages.

The Internet 8th Edition Tutorial 9 Creating Effective Web Pages.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
Windows Internet Explorer 9 Chapter 1 Introduction to Internet Explorer.

Windows Internet Explorer 9 Chapter 1 Introduction to Internet Explorer.
HTML Structure & syntax

HTML Structure & syntax
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.

Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
Unit 1 – Web Concepts Instructor: Brent Presley. ASSIGNMENT Read Chapter 1 Complete lab 1 – Installing Portable Apps.

Unit 1 – Web Concepts Instructor: Brent Presley. ASSIGNMENT Read Chapter 1 Complete lab 1 – Installing Portable Apps.

Similar presentations

Ads by Google