Privacy Enhancing Technologies

We investigate the degree to which modern web browsers are subject to “device fingerprinting” via the version and configuration information that they will transmit to websites upon request. We implemented one possible fingerprinting algorithm, and collected these fingerprints from a large sample of browsers that visited our test side, panopticlick.eff.org. We observe that the distribution of our fingerprint contains at least 18.1 bits of entropy, meaning that if we pick a browser at random, at best we expect that only one in 286,777 other browsers will share its fingerprint. Among browsers that support Flash or Java, the situation is worse, with the average browser carrying at least 18.8 bits of identifying information. 94.2% of browsers with Flash or Java were unique in our sample. By observing returningvisitors, we estimate how rapidly browser fingerprints might change over time. In our sample, fingerprints changed quite rapidly, but even a simple heuristic was usually able to guess when a fingerprint was an “upgraded” version of a previously observed browser’s fingerprint, with 99.1% of guesses correct and a false positive rate of only 0.86%. We discuss what privacy threat browser fingerprinting poses in practice, and what countermeasures may be appropriate to prevent it. There is a tradeoff between protection against fingerprintability and certain kinds of debuggability, which in current browsers is weighted heavily against privacy. Paradoxically, anti-fingerprinting privacy technologies can be self-defeating if they are not used by a sufficient number of people; we show that some privacy measures currently fall victim to this paradox, but others do not.

[1]  Radu Sion,et al.  On the Computational Practicality of Private Information Retrieval , 2006 .

[2]  Felipe Saint-Jean Java Implementation of a Single-Database Computationally Symmetric Private Information Retrieval (cSPIR) Protocol , 2005 .

[3]  Xinwen Fu,et al.  CAP: A Context-Aware Privacy Protection System for Location-Based Services , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[4]  A. Khoshgozaran,et al.  SPIRAL: A Scalable Private Information Retrieval Approach to Location Privacy , 2008, 2008 Ninth International Conference on Mobile Data Management Workshops, MDMW.

[5]  Ian Goldberg,et al.  Achieving Efficient Query Privacy for Location Based Services , 2010, Privacy Enhancing Technologies.

[6]  Urs Hengartner,et al.  Hiding Location Information from Location-Based Services , 2007, 2007 International Conference on Mobile Data Management.

[7]  Elisa Bertino,et al.  A Hybrid Technique for Private Location-Based Queries with Database Protection , 2009, SSTD.

[8]  Palash Sarkar,et al.  Symmetrically Private Information Retrieval (Extended Abstract) , 2000 .

[9]  Chi-Yin Chow,et al.  A peer-to-peer spatial cloaking algorithm for anonymous location-based service , 2006, GIS '06.

[10]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[11]  Gabriel Ghinita Understanding the privacy-efficiency trade-off in location based queries , 2008, SPRINGL '08.

[12]  Moni Naor,et al.  Private Information Retrieval by Keywords , 1998, IACR Cryptol. ePrint Arch..

[13]  Amos Beimel,et al.  Robust Information-Theoretic Private Information Retrieval , 2002, SCN.

[14]  Steve Kopp,et al.  Understanding Map Projections , 2001 .

[15]  Ying Cai,et al.  Location anonymity in continuous location-based services , 2007, GIS.

[16]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[17]  Sean W. Smith,et al.  Protecting client privacy with trusted computing at the server , 2005, IEEE Security & Privacy Magazine.

[18]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[19]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[20]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[21]  Elisa Bertino,et al.  Position transformation: a location privacy protection method for moving objects , 2008, SPRINGL '08.

[22]  Sushil Jajodia,et al.  Proceedings of the 1st International Workshop on Privacy in Location-Based Applications, Malaga, Spain, October 9, 2008 , 2008, PiLBA.

[23]  Ling Liu,et al.  Supporting anonymous location queries in mobile environments with privacygrid , 2008, WWW.

[24]  Marco Gruteser,et al.  USENIX Association , 1992 .

[25]  Ian Goldberg,et al.  Improving the Robustness of Private Information Retrieval , 2007 .

[26]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[27]  Niv Gilboa,et al.  Computationally private information retrieval (extended abstract) , 1997, STOC '97.

[28]  Dawn Xiaodong Song,et al.  Practical forward secure group signature schemes , 2001, CCS '01.

[29]  Alec Wolman,et al.  Lockr: better privacy for social networks , 2009, CoNEXT '09.