How Unique Is Your Web Browser?

Size: px
Start display at page:

Download "How Unique Is Your Web Browser?"

Transcription

1 How Uniqe Is Yor Web Browser? Peter Eckersley Electronic Frontier Fondation, Abstract. We inestigate te degree to wic modern web browsers are sbject to deice ingerrinting ia te ersion and conigration inormation tat tey will transmit to websites on reqest. We imlemented one ossible ingerrinting algoritm, and collected tese ingerrints rom a large samle o browsers tat isited or test side, anoticlick.e.org. We obsere tat te distribtion o or ingerrint contains at least 18.1 bits o entroy, meaning tat i we ick a browser at random, at best we exect tat only one in 286,777 oter browsers will sare its ingerrint. Among browsers tat sort Flas or Jaa, te sitation is worse, wit te aerage browser carrying at least 18.8 bits o identiying inormation. 94.2% o browsers wit Flas or Jaa were niqe in or samle. By obsering retrning isitors, we estimate ow raidly browser ingerrints migt cange oer time. In or samle, ingerrints canged qite raidly, bt een a simle eristic was sally able to gess wen a ingerrint was an graded ersion o a reiosly obsered browser s ingerrint, wit 99.1% o gesses correct and a alse ositie rate o only 0.86%. We discss wat riacy treat browser ingerrinting oses in ractice, and wat contermeasres may be aroriate to reent it. Tere is a tradeo between rotection against ingerrintability and certain kinds o debggability, wic in crrent browsers is weigted eaily against riacy. Paradoxically, anti-ingerrinting riacy tecnologies can be seldeeating i tey are not sed by a sicient nmber o eole; we sow tat some riacy measres crrently all ictim to tis aradox, bt oters do not. 1 Introdction It as long been known tat many kinds o tecnological deices ossess sbtle bt measrable ariations wic allow tem to be ingerrinted. Cameras [1,2], tyewriters [3], and qartz crystal clocks [4,5] are among te deices tat can be Tanks to my colleages at EFF or teir el wit many asects o tis roject, esecially Set Scoen, Tim Jones, Hg D Andrade, Cris Controllini, St Mattews, Rebecca Jescke and Cindy Con; to Jered Wierzbicki, Jon Bckman and Igor Serebryany or MySQL adice; and to Andrew Clasen, Arind Narayanan and Jonatan Mayer or ell discssions abot te data. Tanks to Cris Sogoian or sggesting backo as a deence to ont enmeration.

2 2 entirely or sbstantially identiied by a remote attacker ossessing only otts or commnications rom te deice. Tere are seeral comanies tat sell rodcts wic rort to ingerrint web browsers in some manner [6,7], and tere are anecdotal reorts tat tese rints are being sed bot or analytics and second-layer atentication roses. Bt, aside rom limited reslts rom one recent exeriment [8], tere is to or knowledge no inormation in te blic domain to qantiy ow mc o a riacy roblem ingerrinting may ose. In tis aer we inestigate te real-world eectieness o browser ingerrinting algoritms. We deined one candidate ingerrinting algoritm, and collected tese ingerrints rom a samle o 470,161 browsers oerated by inormed articiants wo isited te website tts://anoticlick.e.org. Te details o te algoritm, and or collection metodology, are discssed in Section 3. Wile or samle o browsers is qite biased, it is likely to be reresentatie o te olation o Internet sers wo ay enog attention to riacy to be aware o te minimal stes, sc as limiting cookies or eras sing roxy serers or sensitie browsing, tat are generally agreed to be necessary to aoid aing most o one s browsing actiities tracked and collated by arios arties. In tis samle o riacy-conscios sers, 83.6% o te browsers seen ad an instantaneosly niqe ingerrint, and a rter 5.3% ad an anonymity set o size 2. Among isiting browsers tat ad eiter Adobe Flas or a Jaa Virtal Macine enabled, 94.2% exibited instantaneosly niqe ingerrints and a rter 4.8% ad ingerrints tat were seen exactly twice. Only 1.0% o browsers wit Flas or Jaa ad anonymity sets larger tan two. Oerall, we were able to lace a lower bond on te ingerrint distribtion entroy o 18.1 bits, meaning tat i we ick a browser at random, at best only one in 286,777 oter browsers will sare its ingerrint. Or reslts are resented in rter detail in Section 4. In or data, ingerrints canged qite raidly. Among te sbset o 8,833 sers wo acceted cookies and isited anoticlick.e.org seeral times oer a eriod o more tan 24 ors, 37.4% exibited at least one ingerrint cange. Tis large ercentage may in art be attribtable to te interactie natre o te site, wic immediately reorted te niqeness or oterwise o ingerrints and tereby encoraged sers to ind ways to alter tem, articlarly to try to make tem less niqe. Een i 37.4% is an oerestimate, tis leel o ingerrint instability was at least momentary gronds or riacy otimism. Unortnately, we ond tat a simle algoritm was able to gess and ollow many o tese ingerrint canges. I asked abot all newly aearing ingerrints in te dataset, te algoritm was able to correctly ick a rogenitor ingerrint in 99.1% o cases, wit a alse ositie rate o only 0.87%. Te analysis o canging ingerrints is resented in Section 5. Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

3 2 Fingerrints as Treats to Web Priacy 3 Te most common way to track web browsers (by track we mean associate te browser s actiities at dierent times and wit dierent websites) is ia HTTP cookies, oten set by wit 3rd arty analytics and adertising domains [9]. Tere is growing awareness among web sers tat HTTP cookies are a serios treat to riacy, and many eole now block, limit or eriodically delete tem. Awareness o sercookies is lower, bt olitical and PR ressres may eentally orce irms like Adobe to make teir sercookies comly wit te browser s normal HTTP cookie riacy settings. In te mean time, a ser seeking to aoid being ollowed arond te Web mst ass tree tests. Te irst is tricky: ind aroriate settings tat allow sites to se cookies or necessary ser interace eatres, bt reent oter less welcome kinds o tracking. Te second is arder: learn abot all te kinds o sercookies, eras inclding some qite obscre tyes [10,11], and ind ways to disable tem. Only a tiny minority o eole will ass te irst two tests, bt tose wo do will be conronted by a tird callenge: ingerrinting. As a tracking mecanism or se against eole wo limit cookies, ingerrinting also as te insidios roerty tat it may be mc arder or inestigators to detect tan sercookie metods, since it leaes no ersistent eidence o tagging on te ser s comter. 2.1 Fingerrints as Global Identiiers I tere is enog entroy in te distribtion o a gien ingerrinting algoritm to make a recognisable sbset o sers niqe, tat ingerrint may essentially be sable as a Global Identiier or tose sers. Sc a global identiier can be togt o as akin to a cookie tat cannot be deleted excet by a browser conigration cange tat is large enog to break te ingerrint. Global identiier ingerrints are a worst case or riacy. Bt een sers wo are not globally identiied by a articlar ingerrint may be lnerable to more context-seciic kinds o tracking by te same ingerrint algoritm, i te rint is sed in combination wit oter data. 2.2 Fingerrint + IP address as Cookie Regenerators Some websites se Adobe s Flas LSO sercookies as a way to regenerate normal cookies tat te ser as deleted, or more discretely, to link te ser s reios cookie ID wit a newly assigned cookie ID [12]. Fingerrints may ose a similar cookie regeneration treat, een i tose ingerrints are not globally identiying. In articlar, a ingerrint tat carries no more tan bits o identiying inormation will in almost all cases be sicient to niqely identiy a articlar browser, gien its IP address, its sbnet, or een jst its Atonomos System Nmber. 1 I te ser deletes teir cookies 1 One ossible excetion is tat worklaces wic syncronize teir deskto sotware installations comletely may roide anonymity sets against tis tye o attack. We Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

4 4 wile contining to se an IP address, sbnet or ASN tat tey ae sed reiosly, te cookie-setter cold, wit ig robability, link teir new cookie to te old one. 2.3 Fingerrint + IP address in te Absence o Cookies A inal se or ingerrints is as a means o distingising macines beind a single IP address, een i tose macines block cookies entirely. It is ery likely tat ingerrinting will work or tis rose in all bt a tiny nmber o cases. 3 Metodology 3.1 A Browser Fingerrinting Algoritm We imlemented a browser ingerrinting algoritm by collecting a nmber o commonly and less-commonly known caracteristics tat browsers make aailable to websites. Some o tese can be inerred rom te content o simle, static HTTP reqests; oters were collected by AJAX 2. We groed te measrements into eigt searate strings, tog some o tese strings comrise mltile, related details. Te ingerrint is essentially te concatenation o tese strings. Te sorce o eac measrement and is indicated in Table 3.1. In some cases te inormational content o te strings is straigtorward, wile in oters te measrement can catre more sbtle acts. For instance, a browser wit JaaScrit disabled will record dealt ales or ideo, lgins, onts and sercookies, so te resence o tese measrements indicates tat JaaScrit is actie. More sbtly, browsers wit a Flas blocking add-on installed sow Flas in te lgins list, bt ail to obtain a list o system onts ia Flas, tereby creating a distinctie ingerrint, een tog neiter measrement (lgins, onts) exlicitly detects te Flas blocker. Similarly many browsers wit orged User Agent strings are distingised becase te oter measrements do not comort wit te User Agent. 3 An examle o te ingerrint measrements is sown in Table A. In act, Table A sows te modal ingerrint among browsers tat inclded Flas or Jaa lgins; it was obsered 16 times rom 16 distinct IP addresses. Tere are many oter measrements wic cold conceiably ae been inclded in a ingerrint. Generally, tese were omitted or one o tree reasons: were able to detect installations like tis becase o te aearance o interleaed cookies (A ten B ten A) wit te same ingerrint and IP. Fingerrints tat se ardware measrements sc as clock skew [5] (see also note 4) wold oten be able to distingis amongst tese sorts o cloned systems. 2 AJAX is JaaScrit tat rns inside te browser and sends inormation back to te serer. 3 We did not set ot to systematically stdy te realence o orged User Agents in or data, bt in assing we noticed 378 browsers sending ipone User Agents bt wit Flas layer lgins installed (te ipone does not crrently sort Flas), and 72 browsers tat identiied temseles as Fireox bt sorted Internet Exlorer serdata sercookies. Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

5 5 Variable Sorce Remarks User Agent Transmitted by HTTP, Contains Browser micro-ersion, OS logged by serer ersion, langage, toolbars and sometimes oter ino. HTTP ACCEPT eaders Transmitted by HTTP, logged by serer Cookies enabled? Inerred in HTTP, logged by serer Screen resoltion JaaScrit AJAX ost Timezone JaaScrit AJAX ost Browser lgins, lgin ersions and MIME tyes System onts Partial sercookie test JaaScrit AJAX ost Sorted beore collection. Microsot Internet Exlorer oers no way to enmerate lgins; we sed te PlginDetect JaaScrit library to ceck or 8 common lgins on tat latorm, ls extra code to estimate te Adobe Acrobat Reader ersion. Flas alet or Jaa Not sorted; see Section 6.4. alet, collected by JaaScrit/AJAX JaaScrit AJAX ost We did not imlement tests or Flas LSO cookies, Silerligt cookies, HTML 5 databases, or DOM globalstorage. Table 1. Browser measrements inclded in Panoticlick Fingerrints 1. We were naware o te measrement, or lacked te time to imlement it correctly inclding te ll se o Microsot s ActieX and Silerligt APIs to collect ingerrintable measres (wic inclde CPU tye and many oter details); detection o more lgins in Internet Exlorer; tests or oter kinds o sercookies; detection o system onts by CSS introsection, een wen Flas and Jaa are absent [13]; te order in wic browsers send HTTP eaders; ariation in HTTP Accet eaders across reqests or dierent content tyes; clock skew measrements; TCP stack ingerrinting [14]; and a wide range o sbtle JaaScrit beaioral tests tat may indicate bot browser add-ons and tre browser ersions [15]. 2. We did not beliee tat te measrement wold be siciently stable witin a gien browser inclding geolocation, IP addresses (eiter yors or yor gateway s) as detected sing Flas or Jaa, and te CSS istory detection ack [16]. 3. Te measrement reqires consent rom te ser beore being collectable or instance, Google Gears sercookie sort or te wireless roter based geolocation eatres inclded in recent browsers [17] (wic are also non-constant). Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

6 6 In general, it sold be assmed tat commercial browser ingerrinting serices wold not ae omitted measrements or reason 1 aboe, and tat as a reslt, commercial ingerrinting metods wold be more owerl tan te one stdied ere Matematical Treatment Sose tat we ae a browser ingerrinting algoritm F ( ), sc tat wen new browser installations x come into being, te otts o F (x) on tem ollow a discrete robability density nction P ( n ), n [0, 1,.., N]. 5 Recall tat te sel-inormation or srrisal o a articlar ott rom te algoritm is gien by: I ( F (x) = n ) = log2 ( P (n ) ), (1) Te srrisal I is measred ere in nits o bits, as a reslt o te coice o 2 as te logaritm base. Te entroy o te distribtion P ( n ) is te exected ale o te srrisal oer all browsers, gien by: H(F ) = N ( P ( n ) log 2 P (n ) ) (2) n=0 Srrisal can be togt o as an amont o inormation abot te identity o te object tat is being ingerrinted, were eac bit o inormation cts te nmber o ossibilities in al. I a website is reglarly isited wit eqal robability by a set o X dierent browsers, we wold intitiely estimate tat a articlar browser x X wold be niqely recognisable i I ( F (x) ) log 2 X. Te binomial distribtion cold be alied to relace tis intition wit roer conidence interals, bt it trns ot tat wit real ingerrints, mc bigger ncertainties arise wit or estimates o P ( n ), at least wen trying to answer 4 Wile tis aer was nder reiew, we were sent a qote rom a Gartner reort on ingerrinting serices tat stated, Arcot... claims it is able to ascertain PC clock rocessor seed, along wit more-common browser actors to el identiy a deice. 41st Parameter looks at more tan 100 arameters, and at te core o its algoritm is a time dierential arameter tat measres te time dierence between a ser s PC (down to te millisecond) and a serer s PC. TreatMetrix claims tat it can detect irreglarities in te TCP/IP stack and can ierce trog roxy serers... Ioation roides deice tagging (trog LSOs) and clientless [ingerrinting], and is best distingised by its retation database, wic as data on millions o PCs. 5 Real browser ingerrints are te reslt o decentralised decisions by sotware deeloers, sotware sers, and occasionally, tecnical accident. It is not obios wat te set o ossible ales is, or een ow large tat set is. Altog it is inite, te set is large and sarse, wit all o te attendant roblems or riacy tat tat oses [18]. Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

7 7 qestions abot wic browsers are niqely recognisable. Tis toic will be rerised in Section 4.1, ater more details on or metodology and reslts. In te case o a ingerrint ormed by combining seeral dierent measrements F s ( ), s S, it is meaningl to talk abot te srrisal o any articlar measrement, and to deine entroy or tat comonent o te ingerrint accordingly: I s ( n,s ) = log 2 ( P (n,s ) ) (3) H s (F s ) = N ( P ( s,n ) log 2 P (s,n ) ) (4) n=0 Note tat te srrisal o two ingerrint comonents F s and F t can only be added linearly i te two ariables are statistically indeendent, wic tends not to be te case. Instead, conditional sel-inormation mst be sed: I s+t ( n,s, n,t ) = log 2 ( P (n,s n,t ) ) (5) Cases like te identiication o a Flas blocker by combination o searate lgin and ont measrements (see Section 3.1) are redicted accordingly, becase P (onts = not detected Flas lgins) is ery small. 3.3 Data Collection and Prerocessing We deloyed code to collect or ingerrints and reort tem along wit simle sel-inormation measrements calclated rom lie ingerrint tallies at anoticlick.e.org. A large nmber o eole eard abot te site trog websites like Slasdot, BoingBoing, Lieacker, Ars Tecnica, io9, and trog social media cannels like Twitter, Facebook, Digg and Reddit. Te data or tis aer was collected between te 27t o Janary and te 15t o Febrary, For eac HTTP client tat ollowed te test me link at anoticlick. e.org, we recorded te ingerrint, as well as a 3-mont ersistent HTTP cookie ID (i te browser acceted cookies), an HMAC o te IP address (sing a key tat we later discarded), and an HMAC o te IP address wit te least signiicant octet erased. We ket lie tallies o eac ingerrint, bt in order to redce doble-conting, we did not increment te lie tally i we ad reiosly seen tat recise ingerrint wit tat recise cookie ID. Beore comting te statistics reorted trogot tis aer, we ndertook seeral rter oline rerocessing stes. Firstly, we exclded a nmber o or early data oints, wic ad been collected beore te diagnosis and correction o some minor bgs in or client side JaaScrit and database tyes. We exclded te records tat ad been directly aected by tese bgs, and (in order to redce biasing) oter records collected wile te bgs were resent. Next, we ndertook some rerocessing to correct or te act tat some sers wo blocked, deleted or limited te dration o cookies ad been mlti-conted Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

8 8 in te lie data, wile tose wose browsers acceted or ersistent cookie wold not be. We assmed tat all browsers wit identical ingerrints and identical IP addresses were te same. Tere was one excetion to te (ingerrint, IP) rle. I a (ingerrint, IP) tle exibited interleaed cookies, all distinct cookies at tat IP were conted as searate instances o tat ingerrint. Interleaed meant tat te same ingerrint was seen rom te same IP address irst wit cookie A, ten cookie B, ten cookie A again, wic wold likely indicate tat mltile identical systems were oerating beind a single irewall. We saw interleaed cookies rom 2,585 IP addresses, wic was 3.5% o te total nmber o IP addresses tat exibited eiter mltile signatres or mltile cookies. Starting wit 1,043,426 its at te test website, te sccessie stes described aboe rodced a olation o 470,161 ingerrint-instances, wit minimal mlti-conting, or statistical analysis. Lastly we considered weter oer-conting migt occr becase o osts canging IP addresses. We were able to detect sc IP canges among cookieacceting browsers; 14,849 sers canged IPs, wit teir sbseqent destinations making 4.6% o te 321,155 IP addresses rom wic sers acceted cookies. Tis ercentage was small enog to accet it as an error rate; ad it been large, we cold ae redced te weigt o eery non-cookie ingerrint by tis ercentage, in order to conteract te oer-conting o non-cookie sers wo were isiting te site rom mltile IPs. 4 Reslts Te reqency distribtion o ingerrints we obsered is sown in Figre 1. Were te x axis not logaritmic, it wold be a strongly L -saed distribtion, wit 83.6% in an extremely long tail o niqe ingerrints at te bottom rigt, 8.1% aing ingerrints tat were airly non rare, wit anonymity set sizes in or samle o 10, and 8.2% in te joint o te L-cre, wit ingerrints tat were seen between 2 and 9 times. Figre 2 sows te distribtion o srrisal or dierent browsers. In general, modern deskto browsers are ery oorly, and arond 90% o tese are niqe. Te least niqe deskto browsers oten ae JaaScrit disabled (eras ia NoScrit). ipone and Android browsers are signiicantly more niorm and arder to ingerrint tan deskto browsers; or te time being, tese smartones do not ae te ariety o lgins seen on deskto systems. 6 Sadly, ipones and Androids lack good cookie control otions like session-cookies-only or blacklists, so teir sers are eminently trackable by non-ingerrint means. Figre 3 sows te sizes o te anonymity sets tat wold be indced i eac o or eigt measrements were sed as a ingerrint on its own. In general, lgins and onts are te most identiying metrics, ollowed by User Agent, 6 Android and ipone onts are also ard to detect or te time being, so tese are also less ingerrintable Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

9 Freqency or Anonymity Set Size ,296 Distinct Fingerrints Fig. 1. Te obsered distribtion o ingerrints is extremely skewed, wit 83.6% o ingerrints lying in te tail on te rigt. HTTP Accet, and screen resoltion, tog all o te metrics are niqely identiying in some cases. 4.1 Global Uniqeness We know tat in te articlar samle o browsers obsered by Panoticlick, 83.6% ad niqe ingerrints. Bt we migt be interested in te qestion o wat ercentage o browsers in existence are niqe, regardless o weter tey isited or test website. Mayer as arged [8] tat it is almost imossible to reac any conclsions abot te global niqeness o a browser ingerrint, becase te mltinominal teorem indicates tat te maximm likeliood or te robability o any ingerrint tat was niqe in a samle o size N is: P ( i ) = 1 N (6) A ingerrint wit tis robability wold be ar rom niqe in te global set o browsers G, becase G N. Tis may indeed be te maximm sbjectie likeliood or any single ingerrint tat we obsere, bt in act, tis conclsion is wildly oer-otimistic or riacy. I te robability o eac niqe ingerrint in te samle N ad been 1 N, te alying te mltinomial exansion or tose 392,938 eents o robabilty 1 N, it wold ae been inordinately nlikely tat we wold ae seen eac o tese eents recisely once. Essentially, te maximm likeliood aroac as assigned a robability o zero or all ingerrints tat Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

10 Proortion o browsers Fireox (258,898) MSIE (57,207) Oera (28,002) Crome (64,870) Android (1,446) ipone (6,907) Konqeror (1,686) BlackBerry (259) Saari (35,055) Text mode browsers (1,274) Srrisal (bits) Fig. 2. Srrisal distribtions or dierent categories o browser (belieing te User Agent naiely; see note 3). were not seen in te samle N, wen in act many new ingerrints wold aear in a larger samle G. Wat we cold attemt to meaninglly iner is te global roortion o niqeness. Te best way to do tat wold be to it a ery-long-tailed robability density nction so tat it reasonably redicts Figre 1. Ten, we cold emloy Monte Carlo simlations to estimate leels o niqeness and ingerrint entroy in a global olation o any gien size G. Frtermore, tis metod cold oer conidence interals or te roosition tat a ingerrint niqe in N wold remain niqe in G. We did not rioritise condcting tat analysis or a airly rosaic reason: te dataset collected at anoticlick.e.org is so biased towards tecnically edcated and riacy-conscios sers tat it is somewat meaningless to extraolate it ot to a global olation size. I oter ingerrint datasets are collected tat do not ser rom tis leel o bias, it may be interesting to extraolate rom tose. Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

11 11 c Nmber o Browsers in Anonymity Sets o Size k t t s s t ts s t t tc s t t t t t tt tt t t t tt t t t t t t t tt tt t s s t s ser_agent lgins onts ideo s sercookies tt_accet t timezone c cookie_enabled s s t t t t Anonymity Set Size, k Fig. 3. Nmber o sers in anonymity sets o dierent sizes, considering eac ariable searately. 5 How Stable are Browser Fingerrints? Many eents can case a browser ingerrint to cange. In te case o te algoritm we deloyed, tose eents inclde grades to te browser, grading a lgin, disabling cookies, installing a new ont or an external alication wic incldes onts, or connecting an external monitor wic alters te screen resoltion. By collecting oter tracking inormation alongside ingerrints, we were able to obsere ow constant or cangeable ingerrints were among Panoticlick sers. In articlar, we sed cookies to recognise browsers tat were retrning isitors, and cecked to see weter teir ingerrints ad canged. Or obserations robably oerstate te rate at wic ingerrints cange in te real world, becase te interactie natre o te Panoticlick website encorages to exeriment wit alterations to teir browser conigration. Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

12 Canging Fingerrints as a Fnction o Time Among or serbase, rates o ingerrint cange or retrning cookie-acceting sers were ery ig, wit 37.4% o sers wo isited te site more tan once 7 exibiting more tan one ingerrint oer time. 100 ercentage o ingerrints canged days between recisely two isits wit a gien cookie Fig. 4. Proortion o ingerrints tat cange oer gien interals (area o dataoints indicates nmber o obserations encomassed, N = 4,638) Te time-deendence o ingerrint canges is illstrated in Figre 4, wic lots te roortion o ingerrints tat was constant among cookies tat were seen by Panoticlick exactly twice, wit a sbstantial time interal in between. Te olation wit recisely two time-searated its was selected becase tis gro is signiicantly less likely to be actiely trying to alter teir browser ingerrints (we assme tat most eole exerimenting in order to make teir browsers niqe will reload te age romtly at some oint). Uon irst examination, te ig rate o cange or ingerrints een i it oerstates te rate o cange in te wider Internet olation aears to constitte a owerl rotection against ingerrinting attacks. 5.2 Following canging ingerrints We erormed a simle test to see weter a connection can be inerred between te old and new ales o ingerrints tat cange oer time. 7 Or measre o retrning isitors was based on cookies, and did not cont reloads witin 1 2 ors o te irst isit. Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

13 13 We imlemented a ery simle algoritm to eristically estimate weter a gien ingerrint migt be an eoled ersion o a ingerrint seen reiosly. Te algoritm (set ot below) oerated on an int ingerrint q, were F i (g), i {1..8} are te 8 ingerrint comonents illstrated in Table 3.1, and G is te set o all browsers obsered in or dataset. Te algoritm did not attemt to gess a receding ingerrint i q indicated tat te browser did not ae Flas or Jaa installed. Algoritm 1 gesses wic oter ingerrint migt ae canged into q candidates [ ] or all g G do or i {1..8} do i or all j {1..8}, j i : F j(g) = F j(q) ten candidates candidates + (g, j) end i end or end or i lengt(candidates) = 1 ten g, j candidates[0] i j {cookies?, ideo, timezone, sercookies} ten retrn g else # j {ser agent, tt accet, lgins, onts} i SeqenceMatcer(F j(g), F j(q)).ratio() < 0.85 ten retrn g end i end i end i retrn NULL dilib.seqencematcer().ratio() is a Pyton standard library nction or estimating te similarity o strings. We sed Pyton We ran or algoritm oer te set o sers wose cookies indicated tat tey were retrning to te site 1 2 ors or more ater teir irst isit, and wo now ad a dierent ingerrint. Exclding sers wose ingerrints canged becase tey disabled jaascrit (a common case in resonse to isiting anoticlick. e.org, bt eras not so common in te real world), or eristic made a correct gess in 65% o cases, an incorrect gess in 0.56% o cases, and no gess in 35% o cases. 99.1% o gesses were correct, wile te alse ositie rate was 0.86%. Or algoritm was clearly ery crde, and no dobt cold be signiicantly imroed wit eort. Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

14 14 6 Deending Against Fingerrinting 6.1 Te Paradox o Fingerrintable Priacy Enancing Tecnologies Sometimes, tecnologies intended to enance ser riacy trn ot to make ingerrinting easier. Extreme examles inclde many orms o User Agent sooing (see note 3) and Flas blocking browser extensions, as discssed in Section 3.1. Te aradox, essentially, is tat many kinds o measres to make a deice arder to ingerrint are temseles distinctie nless a lot o oter eole also take tem. Examles o measres tat migt be intended to imroe riacy bt wic aear to be ineectie or een otentially conterrodctie in te ace o ingerrinting inclde Flas blocking (te mean srrisal o browsers wit Flas blockers is 18.7), and User Agent alteration (see note 3). A small gro o sers ad Prioxy in teir User Agent strings; tose User Agents alone aeraged 15.5 bits o srrisal. All 7 sers o te rortedly riacy-enancing Browzar browser were niqe in or dataset. Tere are some commendable excetions to tis aradox. TorBtton as eoled to gie considerable togt to ingerrint resistance [19] and may be receiing te leels o scrtiny necessary to scceed in tat roject [15]. NoScrit is a sel riacy enancing tecnology tat seems to redce ingerrintability Enmeratable Caracteristics s Testable Caracteristics One signiicant API coice tat seeral lgin and browser endors made, wic strengtens ingerrints tremendosly, is oering nction calls tat enmerate large amonts o system inormation. Te naigator.lgins object is one examle, as are te ont lists retrned by Flas and Jaa. Microsot Internet Exlorer deseres an onorable mention or not allowing lgin enmeration, and een tog we collected ersion nmbers or 8½ lgins, 9 te lgin entroy on IE was 16.5 bits, somewat lower tan te 17.7 seen in non-ie browsers. Te beneits o allowing Jaa and Flas to read exastie system ont lists is qestionable. Any website tat cares weter someone as te False Positie BRK ont installed 10 cold srely test or it exlicitly. Tere are robably stronger ease-o-deeloment argments or making lgins enmeratable, bt te examle o IE sows tat it is not strictly necessary. We recommend tat browsers switc to conirm-only testing or onts and lgins, wit an exonential backo to reent exastie searces by malicios jaascrit. 8 We did not try to deise a detection metod or NoScrit, tog tey robably exist i sers allow scrits rom certain imortant domains. 9 Or ersion nmbers or Acrobat were aroximate and limited to te major ersion nmber. 10 We noticed tat ont wile greing trog te ott o one o or analysis scrits. Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

15 Fingerrintability Debggability Mc o te entroy we obsere in browsers comes rom te recise micro-ersion nmbers o all o teir lgins. Tis is somewat tre een in IE, were we were limited to testing te ersion nmbers o 8½ common lgins sing PlginDetect and cstom JaaScrit. A similar, tog less seere, roblem comes rom recise micro-ersion nmbers in User Agent strings. Te obios soltion to tis roblem wold be to make te ersion nmbers less recise. Wy reort Jaa rater tan jst Jaa 1.6, or DiX Web Player rater tan jst DiX Web Player 1.4? Te motiation or tese recise ersion nmbers aears to be debggability. Plgin and browser deeloers want te otion o occasionally excaating te micro-ersion nmbers o clients wen trying to retrosectiely diagnose some error tat may be resent in a articlar micro-ersion o teir code. Tis is an nderstandable desire, bt it sold now be clear tat tis decision trades o te ser s riacy against te deeloer s conenience. Tere is a sectrm between extreme debggability and extreme deense against ingerrinting, and crrent browsers coose a oint in tat sectrm close to te debggability extreme. Peras tis sold cange, esecially wen sers enter riate browsing modes. 6.4 Font Orders As An Unnecessary Sorce o Entroy Wen imlementing or ingerrinting code, we obsered tat Adobe Flas and Sn s Jaa VM not only reort comlete lists o onts installed on a system, bt retrn tem in non-sorted order, eras de to a ilesystem inode walk. We tested te yotesis tat ont orders are inormatie, by cecking to see i any retrning, cookie-acceting sers ad ont lists wose order ad canged. We ond tat only 30 retrning browsers ad ont lists tat were dierent solely wit resect to order. Interestingly, tese ont lists only aried in te ordering o certain onts rom te Lcida amily, and tere was a related olation o abot 200 browsers were te same onts aried in ordering and srronding witesace. All o tese browsers ad Mac OS X User Agent strings, so we conclded tat some alication on OS X oerwrites tese ont iles, eiter dring grades or at oter times. Aside rom tis gro, or yotesis tat ont list orderings were stable trned ot to be correct. Next, we inestigated weter a sbstantial redction in ont list entroy cold be acieed i lgins like Flas and Jaa began sorting tese lists beore retrning tem ia teir APIs. Among browsers were te onts were detectable, te entroy o te onts ariable was 17.1 bits. We recalclated tis qantity ater sorting to be 16.0, a decrease o only 1.1 bits. Cononding tis calclation sligtly is te act tat te maximm ossible entroy we cold detect or eiter o tese nmbers, gien or dataset, was only It is ossible tat sorting te ont lists wold ae made a mc larger dierence i te samle size ad been large enog or te ont entroy and its conceiable ceiling to dierge rter. Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

16 16 In contrast to te ont case, or re-lanc testing seemed to indicate tat te ordering o naigator.lgins was not stable in all browsers, so, as noted in Table 3.1, we sorted te lgin list beore recording it. We sbseqently read Jonatan Mayer s claims tat Mozilla actally exoses two dierent lgin orderings based on dierent inode timestams [8]. Unortnately, aing sorted or lgin dataset, we cannot test is claims. 7 Conclsions We imlemented and tested one articlar browser ingerrinting metod. It aeared, in general, to be ery eectie, tog as noted in Section 3.1 tere are many measrements tat cold be added to strengtn it. Browser ingerrinting is a owerl tecniqe, and ingerrints mst be considered alongside cookies, IP addresses and sercookies wen we discss web riacy and ser trackability. Altog ingerrints trn ot not to be articlarly stable, browsers reeal so mc ersion and conigration inormation tat tey remain oerwelmingly trackable. Tere are imlications bot or riacy olicy and tecnical design. Policymakers sold start treating ingerrintable records as otentially ersonally identiiable, and set limits on te drations or wic tey can be associated wit identities and sensitie logs like clickstreams and searc terms. Te Tor roject is noteworty or already considering and designing against ingerrintability. Oter sotware tat rorts to rotect web srers riacy sold do likewise, and we oe tat te test site at anoticlick.e.org may roe sel or tis rose. Browser deeloers sold also consider wat tey can do to redce ingerrintability, articlarly at te JaaScrit API leel. We identiied only tree gros o browser wit comaratiely good resistance to ingerrinting: tose tat block JaaScrit, tose tat se TorBtton, and certain tyes o smartone. It is ossible tat oter sc categories exist in or data. Cloned macines beind irewalls are airly resistant to or algoritm, bt wold not be resistant to ingerrints tat measre clock skew or oter ardware caracteristics. Reerences 1. Lkáš, J., Fridric, J., Goljan, M.: Digital camera identiication rom sensor attern noise. IEEE Transactions on Inormation Forensics and Secrity 1(2) (2006) Kai San Coi, E.Y.L., Wong, K.K.: Sorce Camera Identiication Using Footrints rom Lens Aberration. In: Proc. o SPIE-IS&T Electronic Imaging. Volme 6069., SPIE (2006) 3. Hilton, O.: Te Comlexities o Identiying te Modern Tyewriter. Jornal o Forensic Sciences 17(2) (1972) 4. Kono, T., Broido, A., Clay, K.: Remote Pysical Deice Fingerrinting. IEEE Transactions on Deendable and Secre Comting 2(2) (2005) 108 Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

17 17 5. Mrdoc, S.: Hot or not: Reealing idden serices by teir clock skew. In: Proc. 13t ACM conerence on Comter and Commnications Secrity, ACM (2006) Te 41st Parameter: PCPrint (2008) tt://www.te41st.com/land/deiceid. as. 7. Mills, E.: Deice identiication in online banking is riacy treat, exert says. CNET News (Aril 2009) 8. Mayer, J.: Any erson... a amleteer : Internet Anonymity in te Age o Web 2.0. Undergradate Senior Tesis, Princeton Uniersity (2009) 9. Krisnamrty, B., Wills, C.: Generating a riacy ootrint on te Internet. In: Proc. ACM SIGCOMM Internet Measrement Conerence, ACM (2006) 10. McKinkley, K.: Cleaning U Ater Cookies. isec Partners Wite Paer (2008) 11. Pool, M.B.: Meantime: non-consensal HTTP ser tracking sing caces. (2000) tt://sorceroge.net/rojects/meantime/. 12. Soltani, A., Canty, S., Mayo, Q., Tomas, L., Hoonagle, C.: Flas Cookies and Priacy. SSRN rerint (Agst 2009) tt://aers.ssrn.com/sol3/aers. cm?abstract_id= Robinson, S.: Fliing Tyical (demonstration o CSS ont detection). (2009) tt://liingtyical.com/. 14. : TCP/IP stack ingerrinting tt://en.wikiedia.org/wiki/tcp/ip_stack_ ingerrinting. 15. Fleiscer, G.: Attacking Tor at te Alication Layer. Presentation at DEFCON 17 (2009) tt://sedo-law.net/content/decon/. 16. : CSS istory ack demonstration tt://www.watteinternetknowsabotyo. com/. 17. W3C: Geolocation API tt://en.wikiedia.org/wiki/w3c_geolocation_api. 18. Narayanan, A., Smatiko, V.: Robst De-anonymization o Large Sarse Datasets. 2(2) (2008) Perry, M.: Torbtton Design Doccmentation (2009) tts://www.torroject. org/torbtton/design. A Aendix : Some Dataset Qeries o Interest Variable Entroy (bits) ser agent 10.0 lgins 15.4 onts 13.9 ideo 4.83 sercookies 2.12 tt accet 6.09 timezone 3.04 cookies enabled Table 2. Mean srrisal or eac ariable in isolation Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

18 18 Variable Vale User Agent Mozilla/5.0 (X11; U; Linx i686; en-us; r: ) Gecko/ Ubnt/9.10 (karmic) Fireox/3.5.7 HTTP ACCEPT eaders,en;q=0.5 text/tml, */* ISO ,t-8;q=0.7,*;q=0.7 gzi,delate en- Cookies enabled? Yes Screen resoltion 1280x800x24 Timezone 300 Browser lgins Plgin 0: DiX Web Player; DiX Web Player ersion ; libtotem-mlly-lgin.so; (AVI ideo; ideo/dix; dix). Plgin 1: QickTime Plg-in 7.2.0; Te <a re= tt://www.gnome.org/rojects/totem/ >Totem</a> lgin andles ideo and adio streams.; libtotem-narrowsace-lgin.so; (QickTime ideo; ideo/qicktime; mo) (MPEG-4 ideo; ideo/m4; m4) (MacPaint Bitma image; image/x-macaint; ntg) (Macintos Qickdraw/PICT drawing; image/x-qicktime; ict, ict1, ict2) (MPEG-4 ideo; ideo/x-m4; m4). Plgin 2: Sockwae Flas; Sockwae Flas 10.0 r42; liblaslayer.so; (Sockwae Flas; alication/x-sockwae-las; sw) (FtreSlas Player; alication/treslas; sl). Plgin 3: VLC Mltimedia Plgin (comatible Totem ); Te <a re= tt://www.gnome.org/rojects/totem/ >Totem</a> lgin andles ideo and adio streams.; libtotem-conelgin.so; (VLC Mltimedia Plgin; alication/x-lc-lgin; ) (VLC Mltimedia Plgin; alication/lc; ) (VLC Mltimedia Plgin; ideo/x-google-lc-lgin; ) (Ogg mltimedia ile; alication/x-ogg; ogg) (Ogg mltimedia ile; alication/ogg; ogg) (Ogg Adio; adio/ogg; oga) (Ogg Adio; adio/x-ogg; ogg) (Ogg Video; ideo/ogg; og) (Ogg Video; ideo/xogg; ogg) (Annodex excange ormat; alication/annodex; anx) (Annodex Adio; adio/annodex; axa) (Annodex Video; ideo/annodex; ax) (MPEG ideo; ideo/meg; mg, meg, me) (WAV adio; adio/wa; wa) (WAV adio; adio/x-wa; wa) (MP3 adio; adio/meg; m3) (NllSot ideo; alication/x-ns-3-m3; ns) (Flas ideo; ideo/l; l) (Totem Mltimedia lgin; alication/x-totem-lgin; ). Plgin 4: Windows Media Player Plg-in 10 (comatible; Totem); Te <a re= tt://www.gnome.org/rojects/totem/ >Totem</a> lgin andles ideo and adio streams.; libtotem-gmlgin.so; (AVI ideo; alication/x-mlayer2; ai, wma, wm) (ASF ideo; ideo/x-ms-as-lgin; as, wm) (AVI ideo; ideo/x-msideo; as, wm) (ASF ideo; ideo/x-ms-as; as) (Windows Media ideo; ideo/x-ms-wm; wm) (Windows Media ideo; ideo/x-wm; wm) (Windows Media ideo; ideo/x-ms-wx; wm) (Windows Media ideo; ideo/x-ms-wm; System onts wm) (Windows Media ideo; ideo/x-ms-wm; wm) (Windows Media ideo; alication/x-ms-wms; wms) (Windows Media ideo; alication/x-ms-wm; wm) (Microsot ASX laylist; alication/asx; asx) (Windows Media adio; adio/x-mswma; wma). wasy10, UnDotm, Centry Scoolbook L, OenSymbol, msam10, Mkti Narrow, Vemana2000, KacstQrn, Ums, DejaV Sans Mono, Prisa, msbm10, KacstBook, KacstLetter, cmr10, Norasi, Loma, KacstDigital, KacstTitleL, mry KacstQrn, (Partial) tests URW Palladio L, Petsarat OT, Sawasdee, Tlwg Tyist, URW Gotic L, Dingbats, URW Cancery L, FreeSeri, ori1uni, KacstOice, DejaV Sans, VL Gotic, Kinnari, KacstArt, TlwgMono, Loit Pnjabi, Symbol, Bitstream Carter, KacstOne, Corier 10 Pitc, cmmi10, WenQanYi Zen Hei Mono, Nimbs Sans L, TlwgTyewriter, VL PGotic, Racana, Standard Symbols L, Loit Gjarati, kacstpen, KacstDecoratie, Nimbs Mono L, Mallige, Nimbs Roman No9 L, KacstPoster, Mkti Narrow, WenQanYi Zen Hei, FreeSans, cmex10, KacstNask, Loit Tamil, Tlwg Tyo, UnBatang, KacstFarsi, Waree, KacstTitle, Loit Hindi, DejaV Seri, Garda, KacstScreen, FreeMono, URW Bookman L, cmsy10 (ia Flas) sercookie DOM localstorage: Yes, DOM sessionstorage: Yes, IE serdata: No Table 3. A tyical Panoticlick ingerrint Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

19 19 User Agent Cookies? Video, Timezone, Plgins, Freqency Fonts, Sercook- ies Mozilla/5.0 (Windows; U; Windows NT 5.1; en-us; r: ) Gecko/ Fireox/3.5.7 Yes no jaascrit 1186 Mozilla/5.0 (ipone; U; CPU ipone OS like Mac OS X; en-s) AleWebKit/ (KHTML, like Gecko) No no jaascrit 1100 Mobile/7D11 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-us; r:1.9.2) Gecko/ Fireox/3.6 Yes no jaascrit 1017 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-us; r:1.9.2) Gecko/ Fireox/3.6 Yes no jaascrit 940 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-us; r:1.9.2) Gecko/ Fireox/3.6 (.NET CLR ) Yes no jaascrit 886 Mozilla/5.0 (Windows; U; Windows NT 5.1; de; r:1.9.2) Gecko/ Fireox/3.6 (.NET CLR ) Yes no jaascrit 788 Mozilla/5.0 (Windows; U; Windows NT 6.1; de; r:1.9.2) Gecko/ Fireox/3.6 Yes no jaascrit 775 Mozilla/5.0 (Windows; U; Windows NT 5.1; de; r:1.9.2) Gecko/ Fireox/3.6 Yes no jaascrit 746 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-us; r: ) Gecko/ Fireox/3.5.7 Yes no jaascrit 702 Mozilla/5.0 (Windows; U; Windows NT 5.1; de; r: ) Gecko/ Fireox/3.5.7 (.NET CLR ) Yes no jaascrit 618 Table Largest Anonymity Sets User Agent Cookies? Video Timezone Freqency Mozilla/5.0 (ipone; U; CPU ipone OS like Mac OS X; en-s) AleWebKit/ Yes 320x396x (KHTML, like Gecko) Version/4.0 Mobile/7D11 Saari/ Mozilla/5.0 (ipone; U; CPU ipone OS like Mac OS X; de-de) AleWebKit/ Yes 320x396x (KHTML, like Gecko) Version/4.0 Mobile/7D11 Saari/ Mozilla/5.0 (ipone; U; CPU ipone OS like Mac OS X; en-s) AleWebKit/ Yes 320x396x (KHTML, like Gecko) Version/4.0 Mobile/7D11 Saari/ Mozilla/5.0 (ipone; U; CPU ipone OS like Mac OS X; en-s) AleWebKit/ Yes 320x396x (KHTML, like Gecko) Version/4.0 Mobile/7D11 Saari/ Mozilla/5.0 (ipone; U; CPU ipone OS like Mac OS X; de-de) AleWebKit/ Yes 320x396x (KHTML, like Gecko) Mobile/7D11 Mozilla/5.0 (ipone; U; CPU ipone OS like Mac OS X; en-s) AleWebKit/ Yes 320x396x (KHTML, like Gecko) Mobile/7D11 Mozilla/5.0 (ipod; U; CPU ipone OS like Mac OS X; en-s) AleWebKit/ Yes 320x396x (KHTML, like Gecko) Version/4.0 Mobile/7D11 Saari/ Mozilla/5.0 (ipone; U; CPU ipone OS like Mac OS X; en-s) AleWebKit/ Yes 320x396x (KHTML, like Gecko) Mobile/7D11 Mozilla/5.0 (Linx; U; Android 2.0.1; en-s; Droid Bild/ESD56) AleWebKit/ Yes 480x854x (KHTML, like Gecko) Version/4.0 Mobile Saari/ Mozilla/5.0 (ipod; U; CPU ipone OS like Mac OS X; de-de) AleWebKit/ Yes 320x396x (KHTML, like Gecko) Version/4.0 Mobile/7D11 Saari/ Table Largest Anonymity Sets wit Jaascrit Sringer olds te exclsie rigt to rerodce and distribte tis article ntil arond An atorized digital coy is aailable at tts://anoticlick.e.org.

What Makes an Effective Coalition?

What Makes an Effective Coalition? MARCH 2011 What Makes an Effective Coalition? Evidence-Based Indicators of Success Funded by and reared for: TCC Grou Team and Acknowledgements This aer was reared by Jared Raynor with extensive research

More information

Introduction to the Responsible Conduct of Research

Introduction to the Responsible Conduct of Research ORI Introduction to the Resonsible Conduct of Research Nicholas H. Steneck illustrations by David Zinn ORI Introduction to the Resonsible Conduct of Research Nicholas H. Steneck illustrations by David

More information

Every manufacturer is confronted with the problem

Every manufacturer is confronted with the problem HOW MANY PARTS TO MAKE AT ONCE FORD W. HARRIS Prodction Engineer Reprinted from Factory, The Magazine of Management, Volme 10, Nmber 2, Febrary 1913, pp. 135-136, 152 Interest on capital tied p in wages,

More information

Corporate performance: What do investors want to know? Innovate your way to clearer financial reporting

Corporate performance: What do investors want to know? Innovate your way to clearer financial reporting www.pwc.com Corporate performance: What do investors want to know? Innovate yor way to clearer financial reporting October 2014 PwC I Innovate yor way to clearer financial reporting t 1 Contents Introdction

More information

I Know Where You are and What You are Sharing:

I Know Where You are and What You are Sharing: I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users Privacy Stevens Le Blond Chao Zhang Arnaud Legout Keith Ross Walid Dabbous MPI-SWS, Germany NYU-Poly, USA INRIA,

More information

Computing the Most Probable String with a Probabilistic Finite State Machine

Computing the Most Probable String with a Probabilistic Finite State Machine Comuting the Most Probable String with a Probabilistic Finite State Machine Colin de la Higuera Université de Nantes, CNRS, LINA, UMR6241, F-44000, France cdlh@univ-nantesfr Jose Oncina De de Lenguajes

More information

IBM SPSS Statistics Base 22

IBM SPSS Statistics Base 22 IBM SPSS Statistics Base 22 Note Before using this information and the product it supports, read the information in Notices on page 179. Product Information This edition applies to ersion 22, release 0,

More information

Data protection. Protecting personal data in online services: learning from the mistakes of others

Data protection. Protecting personal data in online services: learning from the mistakes of others Data protection Protecting personal data in online services: learning from the mistakes of others May 2014 Contents Introduction... 2 What the DPA says... 4 Software security updates... 5 Software security

More information

Linking Data across Agencies: States That Are Making It Work

Linking Data across Agencies: States That Are Making It Work Rasterized 300 dpi Linking Data across Agencies: States That Are Making It Work Updated March 2010 By: Rebecca Carson and Elizabeth Laird, Data Qality Campaign; Elizabeth Gaines and Thaddes Ferber, The

More information

Privacy and Electronic Communications Regulations. Guidance on the rules on use of cookies and similar technologies

Privacy and Electronic Communications Regulations. Guidance on the rules on use of cookies and similar technologies Privacy and Electronic Communications Regulations Guidance on the rules on use of cookies and similar technologies Contents 1. Introduction 2. Background 3. Consumer awareness of cookies 4. Terminology

More information

A Usability Study and Critique of Two Password Managers

A Usability Study and Critique of Two Password Managers A Usability Study and Critique of Two Password Managers Sonia Chiasson and P.C. van Oorschot School of Computer Science, Carleton University, Ottawa, Canada chiasson@scs.carleton.ca Robert Biddle Human

More information

Bittersweet cookies. Some security and privacy considerations

Bittersweet cookies. Some security and privacy considerations Bittersweet cookies. Some security and privacy considerations Abstract Cookies have emerged as one of the most convenient solutions to keep track of browser server interaction. Nevertheless, they continue

More information

Copyright 2015 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified,

Copyright 2015 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified, Copyright 2015 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole

More information

Predictive coding: an account of the mirror neuron system

Predictive coding: an account of the mirror neuron system Cogn Process (2007) 8:159 166 DOI 10.1007/s10339-007-0170-2 REVIEW Predictive coding: an accont of the mirror neron system James M. Kilner Æ Karl J. Friston Æ Chris D. Frith Received: 21 Febrary 2007 /

More information

Receiver Buffer Requirement for Video Streaming over TCP

Receiver Buffer Requirement for Video Streaming over TCP Receiver Buffer Requirement for Video Streaming over TCP Taehyun Kim a and Mostafa H. Ammar b a Wireless and Mobile Systems Grou, Freescale Semiconductor, Austin, TX 7735, USA E-mail: taehyun.kim@freescale.com

More information

Us and Them: A Study of Privacy Requirements Across North America, Asia, and Europe

Us and Them: A Study of Privacy Requirements Across North America, Asia, and Europe Us and Them: A Study of Privacy Requirements Across North America, Asia, and Europe ABSTRACT Swapneel Sheth, Gail Kaiser Department of Computer Science Columbia University New York, NY, USA {swapneel,

More information

Intellectual Need and Problem-Free Activity in the Mathematics Classroom

Intellectual Need and Problem-Free Activity in the Mathematics Classroom Intellectual Need 1 Intellectual Need and Problem-Free Activity in the Mathematics Classroom Evan Fuller, Jeffrey M. Rabin, Guershon Harel University of California, San Diego Correspondence concerning

More information

AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable

AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable Sanorita Dey,4, Nirupam Roy,4, Wenyuan Xu 2, Romit Roy Choudhury and Srihari Nelakuditi 3 University of Illinois at Urbana-Champaign

More information

Exposing Private Information by Timing Web Applications

Exposing Private Information by Timing Web Applications Exposing Private Information by Timing Web Applications Andrew Bortz Stanford University abortz@cs.stanford.edu Dan Boneh Stanford University dabo@cs.stanford.edu Palash Nandy palashn@gmail.com ABSTRACT

More information

76696c2c20446f20476f6f64 540 2 b 6 e 6 9 6 8 6 4 5 76696c2c20446f2 f 0476 f6 f 4 540 2 b 6 e 6 9 6 8 6 4 5 #OP CLEAVER

76696c2c20446f20476f6f64 540 2 b 6 e 6 9 6 8 6 4 5 76696c2c20446f2 f 0476 f6 f 4 540 2 b 6 e 6 9 6 8 6 4 5 #OP CLEAVER 5468696e6b204576696c2c204462 0476 6 4 5468696e6b204576696c2c2044620476664 #OPCLEAVER OPERATION CLEAVER 5468696e6b204576696c2c2044620476664 Iran should be considered a irst-tier cyber power. Gabi Siboni

More information

Getting Started with New Relic:

Getting Started with New Relic: Getting Started with New Relic: A Newbie s Table of Contents INTRODUCTION: Hello There, Newbie CHAPTER 1: Application Monitoring Overview CHAPTER 2: Real User Monitoring (RUM) CHAPTER 3: Transaction Traces

More information

ACMS: The Akamai Configuration Management System

ACMS: The Akamai Configuration Management System ACMS: The Akamai Configuration Management System Alex Sherman, Philip A. Lisiecki, Andy Berkheimer, and Joel Wein. Akamai Technologies, Inc. Columbia University Polytechnic University. {andyb,lisiecki,asherman,jwein}@akamai.com

More information

Computing at School Working Group http://www.computingatschool.org.uk endorsed by BCS, Microsoft, Google and Intellect. March 2012

Computing at School Working Group http://www.computingatschool.org.uk endorsed by BCS, Microsoft, Google and Intellect. March 2012 Computing at School Working Group http://www.computingatschool.org.uk endorsed by BCS, Microsoft, Google and Intellect March 2012 Copyright 2012 Computing At School This work is licensed under the Creative

More information

Packet Classification for Core Routers: Is there an alternative to CAMs?

Packet Classification for Core Routers: Is there an alternative to CAMs? Packet Classification for Core Routers: Is there an alternative to CAMs? Florin Baboescu, Sumeet Singh, George Varghese Abstract A classifier consists of a set of rules for classifying packets based on

More information

You Might Also Like: Privacy Risks of Collaborative Filtering

You Might Also Like: Privacy Risks of Collaborative Filtering You Might Also Like: Privacy Risks of Collaborative Filtering Joseph A. Calandrino 1, Ann Kilzer 2, Arvind Narayanan 3, Edward W. Felten 1, and Vitaly Shmatikov 2 1 Dept. of Computer Science, Princeton

More information

The Design Philosophy of the DARPA Internet Protocols

The Design Philosophy of the DARPA Internet Protocols The Design Philosophy of the DARPA Internet Protocols David D. Clark * Massachusetts Institute of Technology Laboratory for Computer Science Cambridge, MA. 02139 (Originally published in Proc. SIGCOMM

More information

A New TwIST: Two-Step Iterative Shrinkage/Thresholding Algorithms for Image Restoration

A New TwIST: Two-Step Iterative Shrinkage/Thresholding Algorithms for Image Restoration SUBMITTED FOR PUBLICATION; 2007. 1 A Ne TIST: To-Ste Iterative Shrinkage/Thresholding Algorithms for Image Restoration José M. Bioucas-Dias, Member, IEEE, and Mário A. T. Figueiredo, Senior Member, IEEE

More information

Robust De-anonymization of Large Sparse Datasets

Robust De-anonymization of Large Sparse Datasets Robust De-anonymization of Large Sparse Datasets Arvind Narayanan and Vitaly Shmatikov The University of Texas at Austin Abstract We present a new class of statistical deanonymization attacks against high-dimensional

More information

Privacy and Tracking in a Post-Cookie World

Privacy and Tracking in a Post-Cookie World Privacy and Tracking in a Post-Cookie World A whitepaper defining stakeholder guiding principles and evaluating approaches for alternative models of state management, data transparency and privacy controls

More information

All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks

All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks Leyla Bilge, Thorsten Strufe, Davide Balzarotti, Engin Kirda EURECOM Sophia Antipolis, France bilge@eurecom.fr, strufe@eurecom.fr,

More information