Collect resources

[abrahamjuliot]

Papers

• Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting (Karami et al., 2020)
• Shedding light on web privacy impact assessment: A case study of the Ambient Light Sensor API (Olejnik, 2020)
• Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors (Iqbal et al., 2020)
• Taming The Shape Shifter: Detecting Anti-fingerprinting Browsers (Laperdrix et al., 2020)
• Long-Term Observation on Browser Fingerprinting: Users’ Trackability and Perspective (Pugliese et al., 2020)
• Robust Website Fingerprinting Through the Cache Occupancy Channel (Shusterman et al., 2019)
• Browser Fingerprinting: A survey (Laperdrix et al., 2019)
• Evaluating Anti-Fingerprinting Privacy Enhancing Technologies (Tschantz et al., 2019)
• Clock Around the Clock: Time-Based Device Fingerprinting (Sanchez-Rola et al., 2018)
• On Estimating Platforms of Web User with JavaScript Math Object [google] (Saito et al., 2018)
• FP-STALKER: Tracking Browser Fingerprint Evolutions (Laperdrix et al., 2017)
• Inhibiting Browser Fingerprinting and Tracking (Luangmaneerote et al., 2017)
• FPGuard: Detection and Prevention of Browser Fingerprinting (Weldemariam et al., 2015)
• Fingerprinting web users through font metrics (Fifield et al., 2015)
• PriVaricator: Deceiving Fingerprinters with Little White Lies (Nikiforakis et al., 2014)
• The Web Never Forgets: Persistent Tracking Mechanisms in the Wild (Englehardt, et al., 2014)
• Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting (Nikiforakis et al., 2013)
• Reducing the value of a browser fingerprint (Jenkins et al., 2013)
• Pixel Perfect: Fingerprinting Canvas in HTML5 (Mowery et al., 2012)

Articles

• Shedding light on designing web features with privacy: risks, impact assessments, case study (Olejnik, 2020)
• Detecting Privacy Badger’s Canvas FP detection (Adtech Madness, 2020)
• JavaScript tampering – detection and stealth (Adtech Madness, 2019)
• Bot detection 101 #3 – Cheating browser fingerprinting (Adtech Madness, 2019)
• Bot detection 101 #2 – Entering browser fingerprinting (Adtech Madness, 2019)
• Bot detection 101 #1 – Preface (Adtech Madness, 2019)

Talks

• Exploring the Privacy Threats of Browser Extension Fingerprinting (Soroush Karami,, 2020)
• Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors (Umar Iqbal, 2020)
• Automated Methods for Fingerprinting Detection (Sarah Bird, 2019)
• Next Steps For Browser Privacy: Pursuing Privacy Protections Beyond Extensions (Peter Snyder, 2019)
• Privacy, Standards, and Anti-Standards (Peter Snyder, 2019)
• Fingerprinting and Privacy on the Web (Peter Snyder, 2019)
• Browser fingerprinting: past, present and possible future (Pierre Laperdrix, 2019)
• Tales From the Trenches: Fingerprints on the Web - Igor Trindade Oliveira (Igor Trindade Oliveira , 2018)
• Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies (Antoine Vastel, 2018)
• Tracking Browser Fingerprint Evolutions (Antoine Vastel, 2018)
• Navigating the Vast Ocean of Browser Fingerprints (Russell Thomas, 2018)
• (Cross-)Browser Fingerprinting via OS and Hardware Level Features (Yinzhi Cao, 2017)
• Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints (Pierre Laperdrix, 2016)
• Panopticlick: Fingerprinting Your Web Presence (Bill Budington, 2016)
• Everything you always wanted to know about web-based device fingerprinting (but were afraid to ask) (Nick Nikiforakis, 2016)
• Advanced Browser Fingerprinting (Yan Zhu, 2015)
• Website Fingerprinting Attacks and Defenses (Rob Johnson, 2014)
• Web Fingerprinting: How, Who, and Why? (Nick Nikiforakis, 2013)

Researchers

• https://antoinevastel.com (Antoine Vastel)
• https://plaperdr.github.io (Pierre Laperdrix)
• https://www.peteresnyder.com (Peter Snyder)
• https://lukaszolejnik.com (Lukasz Olejnik)
• https://www.securitee.org (Nick Nikiforakis)
• https://senglehardt.com (Steven Englehardt)

Test Sites

• https://arkenfox.github.io/TZP/tzp.html
• https://privacycheck.sec.lrz.de/
• https://canvasblocker.kkapsner.de/test/

Test Suites

• https://www.lambdatest.com
• https://www.browserstack.com
• https://kobiton.com
• https://www.browserling.com
• https://crossbrowsertesting.com/
• https://saucelabs.com

Stats

• https://developers.whatismybrowser.com/
• https://www.primegrid.com/gpu_list.php
• https://gs.statcounter.com/screen-resolution-stats
• https://arh.antoinevastel.com/reports/stats/menu.html

API Documentation

• https://docs.w3cub.com/dom
• https://developer.mozilla.org

[abrahamjuliot]

use js to detect and omit broken links

[Thorin-Oakenpants]

https://arxiv.org/pdf/1811.07153.pdf wasn't in my collection

[abrahamjuliot]

Sweet! Added it

[Thorin-Oakenpants]

here's what a top moz sec dev said about it to me in Dec 2018

This one kind of sucks. There are no reasonable countermeasures. Page coloring looked interesting, but AFAICT that was an idea from the early 2000s that hasn't been revisited?

The 100ms resolution helps; but it isn't the complete answer (and I want to reduce it anyway if we can achieve the same security boundary using fuzzyfox.)

Maybe the answer is something more complicated? Degrading it dynamically (throttling) if we detect repeated calls and throw a permission prompt (with or without the doorhanger)?

[Thorin-Oakenpants]

2020: https://lukaszolejnik.com/SheddingLightWebPrivacyImpactAssessmentIWPE20.pdf blog: https://blog.lukaszolejnik.com/shedding-light-on-designing-web-features-with-privacy-risks-impact-assessments-case-study/

[Thorin-Oakenpants]

2018 - Clock Around the Clock - 10.1145-3243734.3243796.pdf

[abrahamjuliot]

I moved this to a repo. Feel free to join and update (and/or open issues) I plan to add small code samples too.