Use this URL to cite or link to this record in EThOS: https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.766815
Title: Defences against browser fingerprinting techniques
Author: Luangmaneerote, Sakchan
ISNI:       0000 0004 7656 4355
Awarding Body: University of Southampton
Current Institution: University of Southampton
Date of Award: 2018
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Please try the link below.
Access from Institution:
Abstract:
When users interact with a web page, it is often straightforward to extract user data which can then be used to create a profile of that user and even to establish the identity of the user. This identity can be used to collect the behaviour of that individual user while surfing the web. In the past, users have been tracked by small files stored on their computers (e.g., web cookies, flash cookies or supercookies). These small files stored on the user's computer are designed to be a reliable mechanism for websites to recall stateful information, but can also record the user's browsing activity. If any users desire to prevent this tracking, they can select tracking-prevention features provided on all modern web browsers. However, the problem of the user privacy does not seem to be easily alleviated. The technique of browser fingerprinting has recently emerged as a novel technique which is fundamentally different from the cookie approach, in particular no files need to be stored on the user computer. The inability to observe tracking files on the user computer means that the tracking is essentially invisible and has raised considerable concern about user privacy on the Internet. This invisible tracking then can become a major problem for users who do not realise that they are being tracked by somebody without their consent. The main inspiration for this thesis is the limited provision of existing countermeasures to assist users who wish to avoid fingerprint tracking. This research proposes a new browser fingerprinting countermeasure, called 'FP-prevention'. The primary function of FP-prevention is to obfuscate the monitoring undertaken by websites using fingerprinting algorithms by changing the user identity on every request from the web browser to the web server. Changing the user identity using this new approach will not only assist users to avoid fingerprint tracking but also provides a significant benefit for users: when users are surfing websites, the 'look and feel' is similar to using the unmodified browser. In part of the overall evaluation, FP-prevention is assessed on four aspects. At first, FP-prevention is measured on the web browser performance through three JavaScript benchmarks. The result suggests that FP-prevention shows trivial side effects on the web browser performance compared with an unmodified web browser. In terms of efficiency of fingerprinting prevention, FP-prevention is measured on the effectiveness of fingerprinting prevention by observing fingerprinting ID provided by three fingerprinters. The result suggests that FP-prevention is the third most effective countermeasure compared with three countermeasures. Then, FP-prevention is measured on the information paradox by observing the change of browser's attributes during a visit to the fingerprint website multiple times. The result suggests that FP-prevention shows negligible side effects on the problem of information paradox. Finally, FP-prevention is measured on the user satisfaction by conducting the survey. The result suggests that FP-prevention yields the highest score in all metrics related to the user satisfaction. With all obtained results, the research considers whether the proposed countermeasure (FP-prevention) is sufficiently robust to prevent fingerprinting tracking efficiently in combination with introducing only limited side effects to the web browsing experience.
Supervisor: Zaluska, Edward Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.766815  DOI: Not available
Share: