Online citations, reference lists, and bibliographies.
← Back to Search

Towards Accurate Detection Of Obfuscated Web Tracking

H. Le, Federico Fallace, P. Barlet-Ros
Published 2017 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Web tracking is currently recognized as one of the most important privacy threats on the Internet. Over the last years, many methodologies have been developed to uncover web trackers. Most of them are based on static code analysis and the use of predefined blacklists. However, our main hypothesis is that web tracking has started to use obfuscated programming, a transformation of code that renders previous detection methodologies ineffective and easy to evade. In this paper, we propose a new methodology based on dynamic code analysis that monitors the actual JavaScript calls made by the browser and compares them to the original source code of the website in order to detect obfuscated tracking. The main advantage of this approach is that detection cannot be evaded by code obfuscation. We applied this methodology to detect the use of canvas-font tracking and canvas fingerprinting on the top-10K most visited websites according to Alexa's ranking. Canvas-based tracking is a fingerprinting method based on JavaScript that uses the HTML5 canvas element to uniquely identify a user. Our results show that 10.44% of the top-10K websites use canvas-based tracking (canvas-font and canvas fingerprinting), while obfuscation was used in 2.25% of them. These results confirm our initial hypothesis that obfuscated programming in web tracking is already in use. Finally, we argue that canvas-based tracking can be more present in secondary pages than in the home page of websites.
This paper references
A Survey on Web Tracking: Mechanisms, Implications, and Defenses
Tomasz Bujlow (2017)
Gma gets answers: Some credit card companies financially profiling customers
Chris Cuomo (2009)
Outrage as credit agency plans to mine facebook data
David Mayer (2012)
Detecting price and search discrimination on the internet
Jakub Mikians (2012)
Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting
N. Nikiforakis (2013)
TrackAdvisor: Taking Back Browsing Privacy from Third-Party Trackers
Tai-Ching Li (2015)
Credit card issuers watch online how you shop, customize offers
Tony Mecia (2011)
Online Tracking: A 1-million-site Measurement and Analysis
S. Englehardt (2016)
Protecting javascript source code using obfuscation
Pedro Fortuna (2013)
Web fingerprinting: Who, how and why
Nick Nikiforakis (2013)
FPDetective: dusting the web for fingerprinters
G. Acar (2013)
Unsupervised Detection of Web Trackers
Hassan Metwalley (2014)
Finally! new capabilities for more accurate targeting of facebook
Lisa Arthur (2015)
Facebook friends could change your credit score
Katie Lobosco (2013)
The Web Never Forgets: Persistent Tracking Mechanisms in the Wild
G. Acar (2014)
Insurers test data profiles to identify risky clients
Leslie Scism (2010)
Pixel Perfect : Fingerprinting Canvas in HTML 5
K. Mowery (2012)
How Unique Is Your Web Browser?
P. Eckersley (2010)

This paper is referenced by
Semantic Scholar Logo Some data provided by SemanticScholar