Online citations, reference lists, and bibliographies.
← Back to Search

Towards Accurate Detection Of Obfuscated Web Tracking

H. Le, Federico Fallace, P. Barlet-Ros
Published 2017 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Share
Web tracking is currently recognized as one of the most important privacy threats on the Internet. Over the last years, many methodologies have been developed to uncover web trackers. Most of them are based on static code analysis and the use of predefined blacklists. However, our main hypothesis is that web tracking has started to use obfuscated programming, a transformation of code that renders previous detection methodologies ineffective and easy to evade. In this paper, we propose a new methodology based on dynamic code analysis that monitors the actual JavaScript calls made by the browser and compares them to the original source code of the website in order to detect obfuscated tracking. The main advantage of this approach is that detection cannot be evaded by code obfuscation. We applied this methodology to detect the use of canvas-font tracking and canvas fingerprinting on the top-10K most visited websites according to Alexa's ranking. Canvas-based tracking is a fingerprinting method based on JavaScript that uses the HTML5 canvas element to uniquely identify a user. Our results show that 10.44% of the top-10K websites use canvas-based tracking (canvas-font and canvas fingerprinting), while obfuscation was used in 2.25% of them. These results confirm our initial hypothesis that obfuscated programming in web tracking is already in use. Finally, we argue that canvas-based tracking can be more present in secondary pages than in the home page of websites.
This paper references
10.1109/JPROC.2016.2637878
A Survey on Web Tracking: Mechanisms, Implications, and Defenses
Tomasz Bujlow (2017)
Gma gets answers: Some credit card companies financially profiling customers
Chris Cuomo (2009)
Outrage as credit agency plans to mine facebook data
David Mayer (2012)
10.1145/2390231.2390245
Detecting price and search discrimination on the internet
Jakub Mikians (2012)
10.1109/SP.2013.43
Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting
N. Nikiforakis (2013)
10.1007/978-3-319-15509-8_21
TrackAdvisor: Taking Back Browsing Privacy from Third-Party Trackers
Tai-Ching Li (2015)
Credit card issuers watch online how you shop, customize offers
Tony Mecia (2011)
10.1145/2976749.2978313
Online Tracking: A 1-million-site Measurement and Analysis
S. Englehardt (2016)
Protecting javascript source code using obfuscation
Pedro Fortuna (2013)
Web fingerprinting: Who, how and why
Nick Nikiforakis (2013)
10.1145/2508859.2516674
FPDetective: dusting the web for fingerprinters
G. Acar (2013)
10.1109/GLOCOM.2014.7417499
Unsupervised Detection of Web Trackers
Hassan Metwalley (2014)
Finally! new capabilities for more accurate targeting of facebook
Lisa Arthur (2015)
Facebook friends could change your credit score
Katie Lobosco (2013)
10.1145/2660267.2660347
The Web Never Forgets: Persistent Tracking Mechanisms in the Wild
G. Acar (2014)
Insurers test data profiles to identify risky clients
Leslie Scism (2010)
Pixel Perfect : Fingerprinting Canvas in HTML 5
K. Mowery (2012)
10.1007/978-3-642-14527-8_1
How Unique Is Your Web Browser?
P. Eckersley (2010)



This paper is referenced by
Semantic Scholar Logo Some data provided by SemanticScholar