{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T07:00:22Z","timestamp":1760598022137},"reference-count":30,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"1","license":[{"start":{"date-parts":[[2020,11,9]],"date-time":"2020-11-09T00:00:00Z","timestamp":1604880000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,1,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Fueled by advertising companies\u2019 need of accurately tracking users and their online habits, web fingerprinting practice has grown in recent years, with severe implications for users\u2019 privacy. In this paper, we design, engineer and evaluate a methodology which combines the analysis of JavaScript code and machine learning for the automatic detection of web fingerprinters.<\/jats:p>\n               <jats:p>We apply our methodology on a dataset of more than 400, 000 JavaScript files accessed by about 1, 000 volunteers during a one-month long experiment to observe adoption of fingerprinting in a real scenario. We compare approaches based on both static and dynamic code analysis to automatically detect fingerprinters and show they provide different angles complementing each other. This demonstrates that studies based on either static or dynamic code analysis provide partial view on actual fingerprinting usage in the web. To the best of our knowledge we are the first to perform this comparison with respect to fingerprinting.<\/jats:p>\n               <jats:p>Our approach achieves 94% accuracy in small decision time. With this we spot more than 840 fingerprinting services, of which 695 are unknown to popular tracker blockers. These include new actual trackers as well as services which use fingerprinting for purposes other than tracking, such as anti-fraud and bot recognition.<\/jats:p>","DOI":"10.2478\/popets-2021-0004","type":"journal-article","created":{"date-parts":[[2020,12,22]],"date-time":"2020-12-22T11:47:01Z","timestamp":1608637621000},"page":"43-63","source":"Crossref","is-referenced-by-count":21,"title":["Unveiling Web Fingerprinting in the Wild Via Code Mining and Machine Learning"],"prefix":"10.56553","volume":"2021","author":[{"given":"Valentino","family":"Rizzo","sequence":"first","affiliation":[{"name":"Ermes Cyber Security S.R.L. , Turin , Italy"}]},{"given":"Stefano","family":"Traverso","sequence":"additional","affiliation":[{"name":"Ermes Cyber Security S.R.L. , Turin , Italy"}]},{"given":"Marco","family":"Mellia","sequence":"additional","affiliation":[{"name":"Politecnico di Torino & Ermes Cyber Security S.R.L. , Turin , Italy"}]}],"member":"35752","published-online":{"date-parts":[[2020,11,9]]},"reference":[{"key":"2022042317253586701_j_popets-2021-0004_ref_001_w2aab3b7b8b1b6b1ab1ab1Aa","unstructured":"[1] Battery Status API has been removed from Firefox. https:\/\/www.fxsitecompat.dev\/en-CA\/docs\/2016\/battery-status-api-has-been-removed\/."},{"key":"2022042317253586701_j_popets-2021-0004_ref_002_w2aab3b7b8b1b6b1ab1ab2Aa","unstructured":"[2] Princeton web census. https:\/\/webtransparency.cs.princeton.edu\/webcensus\/."},{"key":"2022042317253586701_j_popets-2021-0004_ref_003_w2aab3b7b8b1b6b1ab1ab3Aa","unstructured":"[3] test262 Test Suite. https:\/\/github.com\/tc39\/test262."},{"key":"2022042317253586701_j_popets-2021-0004_ref_004_w2aab3b7b8b1b6b1ab1ab4Aa","unstructured":"[4] Device tracking by web sites can be a good thing. https:\/\/www.zdnet.com\/article\/device-tracking-by-web-sites-can-be-a-good-thing\/, 2013."},{"key":"2022042317253586701_j_popets-2021-0004_ref_005_w2aab3b7b8b1b6b1ab1ab5Aa","unstructured":"[5] Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation). Official Journal of the European Union L119 (May 2016), 1\u201388."},{"key":"2022042317253586701_j_popets-2021-0004_ref_006_w2aab3b7b8b1b6b1ab1ab6Aa","doi-asserted-by":"crossref","unstructured":"[6] Acar, G., Eubank, C., Englehardt, S., Ju\u00e1rez, M., Narayanan, A., and D\u00edaz, C. The web never forgets: Persistent tracking mechanisms in the wild. In ACM Conference on Computer and Communications Security (2014).10.1145\/2660267.2660347","DOI":"10.1145\/2660267.2660347"},{"key":"#cr-split#-2022042317253586701_j_popets-2021-0004_ref_007_w2aab3b7b8b1b6b1ab1ab7Aa.1","doi-asserted-by":"crossref","unstructured":"[7] Acar, G., Juarez, M., Nikiforakis, N., Diaz, C., G\u00fcrses, S., Piessens, F., and Preneel, B. Fpdetective: Dusting the web for fingerprinters. In Proceedings of the 2013 ACM SIGSAC Conference on Computer &#38","DOI":"10.1145\/2508859.2516674"},{"key":"#cr-split#-2022042317253586701_j_popets-2021-0004_ref_007_w2aab3b7b8b1b6b1ab1ab7Aa.2","unstructured":"Communications Security (New York, NY, USA, 2013), CCS '13, ACM, pp. 1129-1140."},{"key":"2022042317253586701_j_popets-2021-0004_ref_008_w2aab3b7b8b1b6b1ab1ab8Aa","doi-asserted-by":"crossref","unstructured":"[8] Boda, K., F\u00f6ldes, A. M., Guly\u00e1s, G. G., and Imre, S. User tracking on the web via cross-browser fingerprinting. In Proceedings of the 16th Nordic Conference on Information Security Technology for Applications (Berlin, Heidelberg, 2012), NordSec\u201911, Springer-Verlag, pp. 31\u201346.10.1007\/978-3-642-29615-4_4","DOI":"10.1007\/978-3-642-29615-4_4"},{"key":"2022042317253586701_j_popets-2021-0004_ref_009_w2aab3b7b8b1b6b1ab1ab9Aa","unstructured":"[9] Bojinov, H., Michalevsky, Y., Nakibly, G., and Boneh, D. Mobile device identification via sensor finger-printing. CoRR abs\/1408.1416 (2014)."},{"key":"2022042317253586701_j_popets-2021-0004_ref_010_w2aab3b7b8b1b6b1ab1ac10Aa","doi-asserted-by":"crossref","unstructured":"[10] Eckersley, P. How unique is your web browser? In Privacy Enhancing Technologies (Berlin, Heidelberg, 2010), M. J. Atallah and N. J. Hopper, Eds., Springer Berlin Heidelberg, pp. 1\u201318.10.1007\/978-3-642-14527-8_1","DOI":"10.1007\/978-3-642-14527-8_1"},{"key":"2022042317253586701_j_popets-2021-0004_ref_011_w2aab3b7b8b1b6b1ab1ac11Aa","doi-asserted-by":"crossref","unstructured":"[11] Englehardt, S., and Narayanan, A. Online tracking: A 1-million-site measurement and analysis. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2016), CCS \u201916, ACM, pp. 1388\u20131401.10.1145\/2976749.2978313","DOI":"10.1145\/2976749.2978313"},{"key":"2022042317253586701_j_popets-2021-0004_ref_012_w2aab3b7b8b1b6b1ab1ac12Aa","doi-asserted-by":"crossref","unstructured":"[12] Englehardt, S., Reisman, D., Eubank, C., Zimmerman, P., Mayer, J., Narayanan, A., and Felten, E. W. Cookies that give you away: The surveillance implications of web tracking. In Proceedings of the 24th International Conference on World Wide Web (Republic and Canton of Geneva, Switzerland, 2015), WWW \u201915, International World Wide Web Conferences Steering Committee, pp. 289\u2013299.10.1145\/2736277.2741679","DOI":"10.1145\/2736277.2741679"},{"key":"2022042317253586701_j_popets-2021-0004_ref_013_w2aab3b7b8b1b6b1ab1ac13Aa","doi-asserted-by":"crossref","unstructured":"[13] FaizKhademi, A., Zulkernine, M., and Weldemariam, K. FPGuard: Detection and Prevention of Browser Fingerprinting. In 29th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC) (Fairfax, VA, United States, July 2015), P. Samarati, Ed., vol. LNCS-9149 of Data and Applications Security and Privacy XXIX, Springer International Publishing, pp. 293\u2013308. Part 7: Net-work and Internet Security.10.1007\/978-3-319-20810-7_21","DOI":"10.1007\/978-3-319-20810-7_21"},{"key":"2022042317253586701_j_popets-2021-0004_ref_014_w2aab3b7b8b1b6b1ab1ac14Aa","doi-asserted-by":"crossref","unstructured":"[14] Ferreira Torres, C., Jonker, H., and Mauw, S. Fp-block: Usable web privacy by controlling browser fingerprinting. 3\u201319.10.1007\/978-3-319-24177-7_1","DOI":"10.1007\/978-3-319-24177-7_1"},{"key":"2022042317253586701_j_popets-2021-0004_ref_015_w2aab3b7b8b1b6b1ab1ac15Aa","unstructured":"[15] Haanen, S., and van Zalingen, T. Detection of browser fingerprinting by static javascript code classification."},{"key":"2022042317253586701_j_popets-2021-0004_ref_016_w2aab3b7b8b1b6b1ab1ac16Aa","doi-asserted-by":"crossref","unstructured":"[16] Ikram, M., Asghar, H. J., Kaafar, M. A., Mahanti, A., and Krishnamurthy, B. Towards seamless tracking-free web: Improved detection of trackers via one-class learning. Proceedings on Privacy Enhancing Technologies 2017, 1 (2017), 79 \u2013 99.","DOI":"10.1515\/popets-2017-0006"},{"key":"2022042317253586701_j_popets-2021-0004_ref_017_w2aab3b7b8b1b6b1ab1ac17Aa","doi-asserted-by":"crossref","unstructured":"[17] Krishnamurthy, B., and Wills, C. Privacy diffusion on the web: A longitudinal perspective. In Proceedings of the 18th International Conference on World Wide Web (New York, NY, USA, 2009), WWW \u201909, ACM, pp. 541\u2013550.10.1145\/1526709.1526782","DOI":"10.1145\/1526709.1526782"},{"key":"2022042317253586701_j_popets-2021-0004_ref_018_w2aab3b7b8b1b6b1ab1ac18Aa","doi-asserted-by":"crossref","unstructured":"[18] Laperdrix, P., Rudametkin, W., and Baudry, B. Beauty and the beast: Diverting modern web browsers to build unique browser fingerprints. In 2016 IEEE Symposium on Security and Privacy (SP) (May 2016), pp. 878\u2013894.10.1109\/SP.2016.57","DOI":"10.1109\/SP.2016.57"},{"key":"2022042317253586701_j_popets-2021-0004_ref_019_w2aab3b7b8b1b6b1ab1ac19Aa","unstructured":"[19] Lerner, A., Simpson, A. K., Kohno, T., and Roesner, F. Internet jones and the raiders of the lost trackers: An archaeological study of web tracking from 1996 to 2016. In 25th USENIX Security Symposium (USENIX Security 16) (Austin, TX, 2016), USENIX Association."},{"key":"2022042317253586701_j_popets-2021-0004_ref_020_w2aab3b7b8b1b6b1ab1ac20Aa","doi-asserted-by":"crossref","unstructured":"[20] Mayer, J. R., and Mitchell, J. C. Third-party web tracking: Policy and technology. In 2012 IEEE Symposium on Security and Privacy (May 2012), pp. 413\u2013427.10.1109\/SP.2012.47","DOI":"10.1109\/SP.2012.47"},{"key":"2022042317253586701_j_popets-2021-0004_ref_021_w2aab3b7b8b1b6b1ab1ac21Aa","unstructured":"[21] Mowery, K., and Shacham, H. Pixel perfect: Fingerprinting canvas in HTML5. In Proceedings of W2SP (2012): 1-12. (2012)."},{"key":"2022042317253586701_j_popets-2021-0004_ref_022_w2aab3b7b8b1b6b1ab1ac22Aa","unstructured":"[22] Mulazzani, M., Reschl, P., Huber, M., Leithner, M., Schrittwieser, S., Weippl, E., and Wien, F. Fast and reliable browser identification with javascript engine finger-printing. In Web 2.0 Workshop on Security and Privacy (W2SP) (2013), vol. 5, Citeseer."},{"key":"2022042317253586701_j_popets-2021-0004_ref_023_w2aab3b7b8b1b6b1ab1ac23Aa","doi-asserted-by":"crossref","unstructured":"[23] Nikiforakis, N., Joosen, W., and Livshits, B. Privaricator: Deceiving fingerprinters with little white lies. In Proceedings of the 24th International Conference on World Wide Web (Republic and Canton of Geneva, Switzerland, 2015), WWW \u201915, International World Wide Web Conferences Steering Committee, pp. 820\u2013830.10.1145\/2736277.2741090","DOI":"10.1145\/2736277.2741090"},{"key":"2022042317253586701_j_popets-2021-0004_ref_024_w2aab3b7b8b1b6b1ab1ac24Aa","doi-asserted-by":"crossref","unstructured":"[24] Nikiforakis, N., Kapravelos, A., Joosen, W., Kruegel, C., Piessens, F., and Vigna, G. Cookieless monster: Exploring the ecosystem of web-based device fingerprinting. In 2013 IEEE Symposium on Security and Privacy (May 2013), pp. 541\u2013555.10.1109\/SP.2013.43","DOI":"10.1109\/SP.2013.43"},{"key":"2022042317253586701_j_popets-2021-0004_ref_025_w2aab3b7b8b1b6b1ab1ac25Aa","doi-asserted-by":"crossref","unstructured":"[25] Olejnik, \u0141., Acar, G., Castelluccia, C., and Diaz, C. The leaking battery. In Data Privacy Management, and Security Assurance (Cham, 2016), J. Garcia-Alfaro, G. Navarro-Arribas, A. Aldini, F. Martinelli, and N. Suri, Eds., Springer International Publishing, pp. 254\u2013263.10.1007\/978-3-319-29883-2_18","DOI":"10.1007\/978-3-319-29883-2_18"},{"key":"2022042317253586701_j_popets-2021-0004_ref_026_w2aab3b7b8b1b6b1ab1ac26Aa","unstructured":"[26] Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., and Duchesnay, E. Scikit-learn: Machine learning in Python. Journal of Machine Learning Research 12 (2011), 2825\u20132830."},{"key":"2022042317253586701_j_popets-2021-0004_ref_027_w2aab3b7b8b1b6b1ab1ac27Aa","doi-asserted-by":"crossref","unstructured":"[27] Reiter, A., and Marsalek, A. Webrtc: Your privacy is at risk. In Proceedings of the Symposium on Applied Computing (New York, NY, USA, 2017), SAC \u201917, ACM, pp. 664\u2013669.10.1145\/3019612.3019844","DOI":"10.1145\/3019612.3019844"},{"key":"2022042317253586701_j_popets-2021-0004_ref_028_w2aab3b7b8b1b6b1ab1ac28Aa","doi-asserted-by":"crossref","unstructured":"[28] Upathilake, R., Li, Y., and Matrawy, A. A classification of web browser fingerprinting techniques. In 2015 7th International Conference on New Technologies, Mobility and Security (NTMS) (July 2015), pp. 1\u20135.10.1109\/NTMS.2015.7266460","DOI":"10.1109\/NTMS.2015.7266460"},{"key":"2022042317253586701_j_popets-2021-0004_ref_029_w2aab3b7b8b1b6b1ab1ac29Aa","doi-asserted-by":"crossref","unstructured":"[29] Xu, W., Zhang, F., and Zhu, S. The power of obfuscation techniques in malicious javascript code: A measurement study. In Malicious and Unwanted Software (MALWARE), 2012 7th International Conference on (2012), IEEE, pp. 9\u201316.","DOI":"10.1109\/MALWARE.2012.6461002"}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/content.sciendo.com\/view\/journals\/popets\/2021\/1\/article-p43.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.sciendo.com\/pdf\/10.2478\/popets-2021-0004","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T16:31:17Z","timestamp":1658334677000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2021\/popets-2021-0004.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,9]]},"references-count":30,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2020,11,9]]},"published-print":{"date-parts":[[2021,1,1]]}},"alternative-id":["10.2478\/popets-2021-0004"],"URL":"https:\/\/doi.org\/10.2478\/popets-2021-0004","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,11,9]]}}}