Unnecessarily identifiable: Quantifying the fingerprintability of browser extensions due to bloat

Oleksii Starov; Pierre Laperdrix; Alexandros Kapravelos; Nick Nikiforakis

doi:10.1145/3308558.3313458

Unnecessarily identifiable: Quantifying the fingerprintability of browser extensions due to bloat

Oleksii Starov
, Pierre Laperdrix
, Alexandros Kapravelos
, Nick Nikiforakis

Computer Science

Stony Brook University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

35 Scopus citations

Abstract

In this paper, we investigate to what extent the page modifications that make browser extensions fingerprintable are necessary for their operation. We characterize page modifications that are completely unnecessary for the extension's functionality as extension bloat. By analyzing 58,034 extensions from the Google Chrome store, we discovered that 5.7% of them were unnecessarily identifiable because of extension bloat. To protect users against unnecessary extension fingerprinting due to bloat, we describe the design and implementation of an in-browser mechanism that provides coarse-grained access control for extensions on all websites. The proposed mechanism and its built-in policies, does not only protect users from fingerprinting, but also offers additional protection against malicious extensions exfiltrating user data from sensitive websites.

Original language	English
Title of host publication	The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019
Publisher	Association for Computing Machinery, Inc
Pages	3244-3250
Number of pages	7
ISBN (Electronic)	9781450366748
DOIs	https://doi.org/10.1145/3308558.3313458
State	Published - May 13 2019
Event	2019 World Wide Web Conference, WWW 2019 - San Francisco, United States Duration: May 13 2019 → May 17 2019

Publication series

Name	The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019

Conference

Conference	2019 World Wide Web Conference, WWW 2019
Country/Territory	United States
City	San Francisco
Period	05/13/19 → 05/17/19

Access to Document

10.1145/3308558.3313458

Cite this

Starov, O., Laperdrix, P., Kapravelos, A., & Nikiforakis, N. (2019). Unnecessarily identifiable: Quantifying the fingerprintability of browser extensions due to bloat. In The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019 (pp. 3244-3250). (The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019). Association for Computing Machinery, Inc. https://doi.org/10.1145/3308558.3313458

Starov, Oleksii ; Laperdrix, Pierre ; Kapravelos, Alexandros et al. / Unnecessarily identifiable : Quantifying the fingerprintability of browser extensions due to bloat. The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019. Association for Computing Machinery, Inc, 2019. pp. 3244-3250 (The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019).

@inproceedings{e38d6b015a5f481a815fdc3b6564ecab,

title = "Unnecessarily identifiable: Quantifying the fingerprintability of browser extensions due to bloat",

abstract = "In this paper, we investigate to what extent the page modifications that make browser extensions fingerprintable are necessary for their operation. We characterize page modifications that are completely unnecessary for the extension's functionality as extension bloat. By analyzing 58,034 extensions from the Google Chrome store, we discovered that 5.7\% of them were unnecessarily identifiable because of extension bloat. To protect users against unnecessary extension fingerprinting due to bloat, we describe the design and implementation of an in-browser mechanism that provides coarse-grained access control for extensions on all websites. The proposed mechanism and its built-in policies, does not only protect users from fingerprinting, but also offers additional protection against malicious extensions exfiltrating user data from sensitive websites.",

author = "Oleksii Starov and Pierre Laperdrix and Alexandros Kapravelos and Nick Nikiforakis",

note = "Publisher Copyright: {\textcopyright} 2019 IW3C2 (International World Wide Web Conference Committee), published under Creative Commons CC-BY 4.0 License.; 2019 World Wide Web Conference, WWW 2019 ; Conference date: 13-05-2019 Through 17-05-2019",

year = "2019",

month = may,

day = "13",

doi = "10.1145/3308558.3313458",

language = "English",

series = "The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019",

publisher = "Association for Computing Machinery, Inc",

pages = "3244--3250",

booktitle = "The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019",

}

Starov, O, Laperdrix, P, Kapravelos, A & Nikiforakis, N 2019, Unnecessarily identifiable: Quantifying the fingerprintability of browser extensions due to bloat. in The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019. The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019, Association for Computing Machinery, Inc, pp. 3244-3250, 2019 World Wide Web Conference, WWW 2019, San Francisco, United States, 05/13/19. https://doi.org/10.1145/3308558.3313458

Unnecessarily identifiable: Quantifying the fingerprintability of browser extensions due to bloat. / Starov, Oleksii; Laperdrix, Pierre; Kapravelos, Alexandros et al.
The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019. Association for Computing Machinery, Inc, 2019. p. 3244-3250 (The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Unnecessarily identifiable

T2 - 2019 World Wide Web Conference, WWW 2019

AU - Starov, Oleksii

AU - Laperdrix, Pierre

AU - Kapravelos, Alexandros

AU - Nikiforakis, Nick

PY - 2019/5/13

Y1 - 2019/5/13

N2 - In this paper, we investigate to what extent the page modifications that make browser extensions fingerprintable are necessary for their operation. We characterize page modifications that are completely unnecessary for the extension's functionality as extension bloat. By analyzing 58,034 extensions from the Google Chrome store, we discovered that 5.7% of them were unnecessarily identifiable because of extension bloat. To protect users against unnecessary extension fingerprinting due to bloat, we describe the design and implementation of an in-browser mechanism that provides coarse-grained access control for extensions on all websites. The proposed mechanism and its built-in policies, does not only protect users from fingerprinting, but also offers additional protection against malicious extensions exfiltrating user data from sensitive websites.

AB - In this paper, we investigate to what extent the page modifications that make browser extensions fingerprintable are necessary for their operation. We characterize page modifications that are completely unnecessary for the extension's functionality as extension bloat. By analyzing 58,034 extensions from the Google Chrome store, we discovered that 5.7% of them were unnecessarily identifiable because of extension bloat. To protect users against unnecessary extension fingerprinting due to bloat, we describe the design and implementation of an in-browser mechanism that provides coarse-grained access control for extensions on all websites. The proposed mechanism and its built-in policies, does not only protect users from fingerprinting, but also offers additional protection against malicious extensions exfiltrating user data from sensitive websites.

UR - https://www.scopus.com/pages/publications/85066887372

U2 - 10.1145/3308558.3313458

DO - 10.1145/3308558.3313458

M3 - Conference contribution

T3 - The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019

SP - 3244

EP - 3250

BT - The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019

PB - Association for Computing Machinery, Inc

Y2 - 13 May 2019 through 17 May 2019

ER -

Starov O, Laperdrix P, Kapravelos A, Nikiforakis N. Unnecessarily identifiable: Quantifying the fingerprintability of browser extensions due to bloat. In The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019. Association for Computing Machinery, Inc. 2019. p. 3244-3250. (The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019). doi: 10.1145/3308558.3313458

Unnecessarily identifiable: Quantifying the fingerprintability of browser extensions due to bloat

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this