{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T07:57:46Z","timestamp":1773388666259,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":57,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,5,13]],"date-time":"2024-05-13T00:00:00Z","timestamp":1715558400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,5,13]]},"DOI":"10.1145\/3589334.3645493","type":"proceedings-article","created":{"date-parts":[[2024,5,8]],"date-time":"2024-05-08T07:08:13Z","timestamp":1715152093000},"page":"1690-1701","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["The Double Edged Sword: Identifying Authentication Pages and their Fingerprinting Behavior"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6788-7887","authenticated-orcid":false,"given":"Asuman","family":"Senol","sequence":"first","affiliation":[{"name":"COSIC, KU Leuven, Leuven, Belgium"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5128-6200","authenticated-orcid":false,"given":"Alisha","family":"Ukani","sequence":"additional","affiliation":[{"name":"UC San Diego, San Diego, CA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-3928-8640","authenticated-orcid":false,"given":"Dylan","family":"Cutler","sequence":"additional","affiliation":[{"name":"Google, Cambridge, MA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9301-3091","authenticated-orcid":false,"given":"Igor","family":"Bilogrevic","sequence":"additional","affiliation":[{"name":"Google, Zurich, Switzerland"}]}],"member":"320","published-online":{"date-parts":[[2024,5,13]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"Browse Privately. Explore Freely. (Online; accessed 18. Sept. 2023). URL: https: \/\/www.torproject.org\/."},{"key":"e_1_3_2_2_2_1","unstructured":"Chrome User Experience Report. (Online; accessed 05. Sept. 2023). URL: https: \/\/developers.google.com\/web\/tools\/chrome-user-experience-report."},{"key":"e_1_3_2_2_3_1","unstructured":"Disconnect entity list. URL: https:\/\/github.com\/mozilla-services\/shavar-prodlists\/ blob\/master\/disconnect-entitylist.json."},{"key":"e_1_3_2_2_4_1","unstructured":"Freedom from tracking. (Online; accessed 18. Sept. 2023). URL: https:\/\/disconnect. me\/."},{"key":"e_1_3_2_2_5_1","unstructured":"General Data Protection Regulation (GDPR). (Online; accessed 05. Sept. 2023). URL: https:\/\/gdpr-info.eu\/."},{"key":"e_1_3_2_2_6_1","unstructured":"intent.ly. URL: https:\/\/intent.ly\/en\/."},{"key":"e_1_3_2_2_7_1","unstructured":"JShelter. (Online; accessed 18. Sept. 2023). URL: https:\/\/jshelter.org\/."},{"key":"e_1_3_2_2_8_1","unstructured":"Privacy Badger is a browser extension that automatically learns to block invisible trackers. . (Online; accessed 18. Sept. 2023). URL: https:\/\/privacybadger.org\/."},{"key":"e_1_3_2_2_9_1","unstructured":"server.proto. https:\/\/source.chromium.org\/chromium\/chromium\/ src\/\/main:components\/autofill\/core\/browser\/proto\/server.proto;drc= cefcacc55347e318a439f3112d96a1c73cfba56c."},{"key":"e_1_3_2_2_10_1","unstructured":"The best privacy online. (Online; accessed 18. Sept. 2023). URL: https:\/\/brave.com\/."},{"key":"e_1_3_2_2_11_1","unstructured":"ublock. https:\/\/github.com\/gorhill\/uBlock."},{"key":"e_1_3_2_2_12_1","unstructured":"TensorFlow 2015. (Online; accessed 21. Aug. 2023). URL: https:\/\/www.tensorflow. org\/."},{"key":"e_1_3_2_2_13_1","unstructured":"Early browser API accesses and function calls are missed 2023. [Online; accessed 29. Jul. 2023]. URL: https:\/\/github.com\/duckduckgo\/tracker-radar-collector\/ issues\/77."},{"key":"e_1_3_2_2_14_1","unstructured":"Login Forms Ruleset 2023. (Online; accessed 21. Aug. 2023). URL: https:\/\/mozilla. github.io\/fathom\/zoo\/login.html."},{"key":"e_1_3_2_2_15_1","unstructured":"Optimize.Personalize.Monetize. 2023. (Online; accessed 30. Aug. 2023). URL: https:\/\/www.hexagondata.com\/en\/services-marketer\/."},{"key":"e_1_3_2_2_16_1","unstructured":"SignUpFormRuleset.sys.mjs 2023. (Online; accessed 21. Aug. 2023). URL: https:\/\/searchfox.org\/mozilla-central\/source\/toolkit\/components\/ passwordmgr\/SignUpFormRuleset.sys.mjs."},{"key":"e_1_3_2_2_17_1","unstructured":"Take control of payment fraud. 2023. (Online; accessed 30. Aug. 2023). URL: https:\/\/sift.com\/."},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833711"},{"key":"e_1_3_2_2_19_1","first-page":"2061","volume-title":"Al Roomi and Frank Li. A Large-Scale Measurement of Website Login Policies. In 32nd USENIX Security Symposium (USENIX Security 23)","author":"Suood","year":"2023","unstructured":"Suood Al Roomi and Frank Li. A Large-Scale Measurement of Website Login Policies. In 32nd USENIX Security Symposium (USENIX Security 23), pages 2061-- 2078, Anaheim, CA, August 2023. USENIX Association."},{"key":"e_1_3_2_2_20_1","first-page":"289","volume-title":"Device Fingerprinting for Augmenting Web Authentication: Classification and Analysis of Methods. In Proceedings of the 32nd Annual Conference on Computer Security Applications","author":"Alaca Furkan","year":"2016","unstructured":"Furkan Alaca and Paul C. van Oorschot. Device Fingerprinting for Augmenting Web Authentication: Classification and Analysis of Methods. In Proceedings of the 32nd Annual Conference on Computer Security Applications, pages 289--301, 2016."},{"key":"e_1_3_2_2_21_1","volume-title":"Ga\u00ebtan Le Guelvouit, and Alexandre Garel. A Large-scale Empirical Analysis of Browser Fingerprints Properties for Web Authentication. ACM Transactions on the Web (TWEB), 16(1):1--62","author":"Andriamilanto Nampoina","year":"2021","unstructured":"Nampoina Andriamilanto, Tristan Allard, Ga\u00ebtan Le Guelvouit, and Alexandre Garel. A Large-scale Empirical Analysis of Browser Fingerprints Properties for Web Authentication. ACM Transactions on the Web (TWEB), 16(1):1--62, 2021."},{"key":"e_1_3_2_2_22_1","volume-title":"Sam Macbeth. DuckDuckGo Tracker Radar Collector, 2021","author":"Konrad","year":"2023","unstructured":"Konrad Dzwinel et al. Brad Slayter, Sam Macbeth. DuckDuckGo Tracker Radar Collector, 2021. (Online; accessed 01. Jan. 2023). URL: https:\/\/github.com\/ duckduckgo\/tracker-radar-collector."},{"key":"e_1_3_2_2_23_1","volume-title":"Chrome's Headless mode gets an upgrade: introducing headless=new","author":"Bynens Mathias","year":"2023","unstructured":"Mathias Bynens and Peter Kvitek. Chrome's Headless mode gets an upgrade: introducing headless=new, 2023. (Online; accessed 21. Aug. 2023). URL: https: \/\/developer.chrome.com\/articles\/new-headless\/."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131391"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.56553\/popets-2023-0119"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417869"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-80825-9_12"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978313"},{"key":"e_1_3_2_2_29_1","first-page":"21","author":"Erik Rose Daniel Hertenstein","year":"2017","unstructured":"Daniel Hertenstein Erik Rose. Fathom, 2017. (Online; accessed 21. Aug. 2023). URL: https:\/\/github.com\/mozilla\/fathom.","journal-title":"Fathom"},{"key":"e_1_3_2_2_30_1","first-page":"21","author":"Erik Rose Daniel Hertenstein","year":"2017","unstructured":"Daniel Hertenstein Erik Rose. Ruleset Zoo, 2017. (Online; accessed 21. Aug. 2023). URL: https:\/\/mozilla.github.io\/fathom\/zoo.html.","journal-title":"Ruleset Zoo"},{"key":"e_1_3_2_2_31_1","first-page":"1475","volume-title":"An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web. In 27th USENIX Security Symposium (USENIX Security 18)","author":"Ghasemisharif Mohammad","year":"2018","unstructured":"Mohammad Ghasemisharif, Amrutha Ramesh, Stephen Checkoway, Chris Kanich, and Jason Polakis. O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web. In 27th USENIX Security Symposium (USENIX Security 18), pages 1475--1492, 2018."},{"key":"e_1_3_2_2_32_1","first-page":"106","volume-title":"Wouter Joosen. Accelerometer-Based Device Fingerprinting for Multi-factor Mobile Authentication. In International Symposium on Engineering Secure Software and Systems","author":"Goethem Tom Van","year":"2016","unstructured":"Tom Van Goethem, Wout Scheepers, Davy Preuveneers, and Wouter Joosen. Accelerometer-Based Device Fingerprinting for Multi-factor Mobile Authentication. In International Symposium on Engineering Secure Software and Systems, pages 106--121. Springer, 2016."},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00017"},{"key":"e_1_3_2_2_34_1","volume-title":"The Internet with Privacy Policies: Measuring The Web Upon Consent. ACM Transactions on the Web (TWEB), 16(3):1--24","author":"Jha Nikhil","year":"2022","unstructured":"Nikhil Jha, Martino Trevisan, Luca Vassio, and Marco Mellia. The Internet with Privacy Policies: Measuring The Web Upon Consent. ACM Transactions on the Web (TWEB), 16(3):1--24, 2022."},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.14722\/madweb.2020.23008"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-62105-0_7"},{"key":"e_1_3_2_2_37_1","first-page":"507","volume-title":"Jason Polakis. Fill in the Blanks: Empirical Analysis of the Privacy Threats of Browser Form Autofill. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, CCS '20","author":"Lin Xu","year":"2020","unstructured":"Xu Lin, Panagiotis Ilia, and Jason Polakis. Fill in the Blanks: Empirical Analysis of the Privacy Threats of Browser Form Autofill. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, CCS '20, page 507--519. Association for Computing Machinery, 2020."},{"key":"e_1_3_2_2_38_1","first-page":"1651","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Lin Xu","year":"2022","unstructured":"Xu Lin, Panagiotis Ilia, Saumya Solanki, and Jason Polakis. Phish in Sheep's Clothing: Exploring the Authentication Pitfalls of Browser Fingerprinting. In 31st USENIX Security Symposium (USENIX Security 22), pages 1651--1668, Boston, MA, August 2022. USENIX Association."},{"key":"e_1_3_2_2_39_1","volume-title":"ETH Zurich","author":"Lodrant Luka","year":"2022","unstructured":"Luka Lodrant. Designing a generic web forms crawler to enable legal compliance analysis of authentication sections. Master's thesis, ETH Zurich, 2022."},{"key":"e_1_3_2_2_40_1","first-page":"13","author":"Trevisan Martino","year":"2020","unstructured":"nikhiljha95 Martino Trevisan, Antonino Musmeci. Priv-Accept, 2020. (Online; accessed 13. Jul. 2023). URL: https:\/\/github.com\/marty90\/priv-accept.","journal-title":"Antonino Musmeci. Priv-Accept"},{"key":"e_1_3_2_2_41_1","first-page":"302","volume-title":"Voelker. Web Feature Deprecation: A Case Study for Chrome. In 2019 IEEE\/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP)","author":"Mirian Ariana","year":"2019","unstructured":"Ariana Mirian, Nikunj Bhagat, Caitlin Sadowski, Adrienne Porter Felt, Stefan Savage, and Geoffrey M. Voelker. Web Feature Deprecation: A Case Study for Chrome. In 2019 IEEE\/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), pages 302--311, 2019."},{"key":"e_1_3_2_2_42_1","volume-title":"Firefox rolls out Total Cookie Protection by default to all usersworldwide. Mozilla Blog","year":"2022","unstructured":"Mozilla. Firefox rolls out Total Cookie Protection by default to all usersworldwide. Mozilla Blog, 2022. URL: https:\/\/blog.mozilla.org\/en\/mozilla\/firefox-rolls-outtotal- cookie-protection-by-default-to-all-users-worldwide\/."},{"key":"e_1_3_2_2_43_1","first-page":"820","volume-title":"Benjamin Livshits. PriVaricator: Deceiving Fingerprinters with Little White Lies. In Proceedings of the 24th International Conference on World Wide Web","author":"Nikiforakis Nick","year":"2015","unstructured":"Nick Nikiforakis, Wouter Joosen, and Benjamin Livshits. PriVaricator: Deceiving Fingerprinters with Little White Lies. In Proceedings of the 24th International Conference on World Wide Web, pages 820--830, 2015."},{"key":"e_1_3_2_2_44_1","first-page":"2165","volume-title":"Proceedings of the 29th USENIX Conference on Security Symposium","author":"Oesch Sean","year":"2020","unstructured":"Sean Oesch and Scott Ruoti. ThatWas Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers. In Proceedings of the 29th USENIX Conference on Security Symposium, pages 2165-- 2182, 2020."},{"key":"e_1_3_2_2_45_1","first-page":"2185","volume-title":"Preuveneers and Wouter Joosen. SmartAuth: Dynamic Context Fingerprinting for Continuous User Authentication. In Proceedings of the 30th Annual ACM Symposium on Applied Computing","author":"Davy","year":"2015","unstructured":"Davy Preuveneers and Wouter Joosen. SmartAuth: Dynamic Context Fingerprinting for Continuous User Authentication. In Proceedings of the 30th Annual ACM Symposium on Applied Computing, pages 2185--2191, 2015."},{"key":"e_1_3_2_2_46_1","volume-title":"Ben Stock. The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web. In 2023 IEEE Symposium on Security and Privacy","author":"Rautenstrauch Jannis","year":"2023","unstructured":"Jannis Rautenstrauch, Giancarlo Pellegrino, and Ben Stock. The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web. In 2023 IEEE Symposium on Security and Privacy, 2023."},{"key":"e_1_3_2_2_47_1","unstructured":"Walter Rudametkin. Improving the Security and Privacy of the Web through Browser Fingerprinting. PhD thesis Universit\u00e9 de Lille 2021."},{"key":"e_1_3_2_2_48_1","first-page":"317","volume-title":"Zakir Durumeric. A World Wide View of Browsing the World WideWeb. In Proceedings of the 22nd ACMInternet Measurement Conference","author":"Ruth Kimberly","year":"2022","unstructured":"Kimberly Ruth, Aurore Fass, Jonathan Azose, Mark Pearson, Emma Thomas, Caitlin Sadowski, and Zakir Durumeric. A World Wide View of Browsing the World WideWeb. In Proceedings of the 22nd ACMInternet Measurement Conference, pages 317--336, 2022."},{"key":"e_1_3_2_2_49_1","first-page":"374","volume-title":"Zakir Durumeric. Toppling Top Lists: Evaluating the Accuracy of Popular Website Lists. In Proceedings of the 22nd ACM Internet Measurement Conference","author":"Ruth Kimberly","year":"2022","unstructured":"Kimberly Ruth, Deepak Kumar, Brandon Wang, Luke Valenta, and Zakir Durumeric. Toppling Top Lists: Evaluating the Accuracy of Popular Website Lists. In Proceedings of the 22nd ACM Internet Measurement Conference, pages 374--387, 2022."},{"key":"e_1_3_2_2_50_1","volume-title":"Building a more private web: A path towards making third party cookies obsolete. Chromium Blog","author":"Schuh Justin","year":"2020","unstructured":"Justin Schuh. Building a more private web: A path towards making third party cookies obsolete. Chromium Blog, 2020. URL: https:\/\/blog.chromium.org\/2020\/ 01\/building-more-private-web-path-towards.html."},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2013.33"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3019612.3019798"},{"key":"e_1_3_2_2_53_1","volume-title":"SSO-Monitor: Fully-Automatic Large-Scale Landscape, Security, and Privacy Analyses of Single Sign-On in the Wild. arXiv preprint arXiv:2302.01024","author":"Westers Maximilian","year":"2023","unstructured":"Maximilian Westers, Tobias Wich, Louis Jannett, Vladislav Mladenov, Christian Mainka, and Andreas Mayer. SSO-Monitor: Fully-Automatic Large-Scale Landscape, Security, and Privacy Analyses of Single Sign-On in the Wild. arXiv preprint arXiv:2302.01024, 2023."},{"key":"e_1_3_2_2_54_1","volume-title":"Full third-party cookie blocking and more. WebKit","author":"Wilander John","year":"2020","unstructured":"John Wilander. Full third-party cookie blocking and more. WebKit, 2020. URL: https:\/\/webkit.org\/blog\/10218\/full-third-party-cookie-blocking-and-more\/."},{"key":"e_1_3_2_2_55_1","volume-title":"Yinzhi Cao. Him of Many Faces: Characterizing Billion-scale Adversarial and Benign Browser Fingerprints on Commercial Websites. In 30th Annual Network and Distributed System Security Symposium, NDSS","author":"Wu Shujiang","year":"2023","unstructured":"Shujiang Wu, Pengfei Sun, Yao Zhao, and Yinzhi Cao. Him of Many Faces: Characterizing Billion-scale Adversarial and Benign Browser Fingerprints on Commercial Websites. In 30th Annual Network and Distributed System Security Symposium, NDSS, 2023."},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380104"},{"key":"e_1_3_2_2_57_1","first-page":"495","volume-title":"Zhou and David Evans. SSOScan: Automated Testing ofWeb Applications for Single Sign-on Vulnerabilities. In Proceedings of the 23rd USENIX Conference on Security Symposium, SEC'14","author":"Yuchen","year":"2014","unstructured":"Yuchen Zhou and David Evans. SSOScan: Automated Testing ofWeb Applications for Single Sign-on Vulnerabilities. In Proceedings of the 23rd USENIX Conference on Security Symposium, SEC'14, page 495--510, USA, 2014. USENIX Association."}],"event":{"name":"WWW '24: The ACM Web Conference 2024","location":"Singapore Singapore","acronym":"WWW '24","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the ACM Web Conference 2024"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589334.3645493","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3589334.3645493","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T00:28:42Z","timestamp":1755822522000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589334.3645493"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5,13]]},"references-count":57,"alternative-id":["10.1145\/3589334.3645493","10.1145\/3589334"],"URL":"https:\/\/doi.org\/10.1145\/3589334.3645493","relation":{},"subject":[],"published":{"date-parts":[[2024,5,13]]},"assertion":[{"value":"2024-05-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}