TY - GEN
T1 - My Site Knows Where You Are: A Novel Browser Fingerprint to Track User Position
AU - Wu, Tianqi
AU - Song, Yubo
AU - Zhang, Fan
AU - Gao, Shang
AU - Chen, Bin
N1 - Funding Information:
ACKNOWLEDGEMENT This work is supported by Frontiers Science Center for Mobile Information Communication and Security, Southeast University, Nanjing, China. Yubo Song is the corresponding author.
Publisher Copyright:
© 2021 IEEE.
PY - 2021/6
Y1 - 2021/6
N2 - Utilizing browsers to identify and track users has become a routine on the Web in recent years. It is easy for the browser to collect sensitive information and construct comprehensive user profiles while the users are still unaware. As the problem mentioned above, several anti-fingerprint mechanisms have been adopted to protect user privacy. However, our research finds a novel method based on localization fingerprints that may still threaten user privacy. The location fingerprint obtains the response delay of data transmission over the link between the users and the third-party sites. Since the physical link state information between the host and the remote website is distinct and steady, it can be used to extract statistical features and construct user profiles. We implement a multilateration cross-site image resource request scheme to collect link-state information of users and develop a prototype called PingLoc to evaluate the effectiveness. About 1,093 users from all over the world are involved in our experiment. The evaluation shows that the delay features collected are stable, and the accuracy of the localization fingerprint is up to 98%. Pressure testing shows that the PingLoc is robust against various anti-fingerprint mechanisms and achieves 93.5% accuracy for browser switching, 80.6% accuracy for virtual machine disguising, and 88.2% accuracy for IP rotation.
AB - Utilizing browsers to identify and track users has become a routine on the Web in recent years. It is easy for the browser to collect sensitive information and construct comprehensive user profiles while the users are still unaware. As the problem mentioned above, several anti-fingerprint mechanisms have been adopted to protect user privacy. However, our research finds a novel method based on localization fingerprints that may still threaten user privacy. The location fingerprint obtains the response delay of data transmission over the link between the users and the third-party sites. Since the physical link state information between the host and the remote website is distinct and steady, it can be used to extract statistical features and construct user profiles. We implement a multilateration cross-site image resource request scheme to collect link-state information of users and develop a prototype called PingLoc to evaluate the effectiveness. About 1,093 users from all over the world are involved in our experiment. The evaluation shows that the delay features collected are stable, and the accuracy of the localization fingerprint is up to 98%. Pressure testing shows that the PingLoc is robust against various anti-fingerprint mechanisms and achieves 93.5% accuracy for browser switching, 80.6% accuracy for virtual machine disguising, and 88.2% accuracy for IP rotation.
KW - Browser fingerprint
KW - cross-domain resource request
KW - user tracking
UR - http://www.scopus.com/inward/record.url?scp=85115698359&partnerID=8YFLogxK
U2 - 10.1109/ICC42927.2021.9500556
DO - 10.1109/ICC42927.2021.9500556
M3 - Conference article published in proceeding or book
AN - SCOPUS:85115698359
T3 - IEEE International Conference on Communications
SP - 1
EP - 6
BT - ICC 2021 - IEEE International Conference on Communications, Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2021 IEEE International Conference on Communications, ICC 2021
Y2 - 14 June 2021 through 23 June 2021
ER -