Client fingerprinting techniques enhance classical cookie-based user tracking to increase the robustness of tracking techniques. A unique identifier is created based on characteristic attributes of the client device and then used for deployment of personalized advertisements or similar use cases. While fingerprinting performs well for highly customized devices (especially desktop computers), these methods often lack in precision for highly standardized devices like mobile phones. In this paper, we show that widely used techniques do not perform well for mobile devices yet, but that it is possible to build a fingerprinting system for precise recognition and identification. We evaluate our proposed system in an online study and verify its robustness against misclassification. Fingerprinting of web clients is often seen as an offence to web users' privacy as it usually takes place without the users' knowledge, awareness, and consent. Thus, we also analyze whether it is possible to outrun fingerprinting of mobile devices. We investigate different scenarios how users are able to circumvent a fingerprinting system and evade our newly created methods.

On the Robustness of Mobile Device Fingerprinting

Maiorca D;Giacinto G
2015-01-01

Abstract

Client fingerprinting techniques enhance classical cookie-based user tracking to increase the robustness of tracking techniques. A unique identifier is created based on characteristic attributes of the client device and then used for deployment of personalized advertisements or similar use cases. While fingerprinting performs well for highly customized devices (especially desktop computers), these methods often lack in precision for highly standardized devices like mobile phones. In this paper, we show that widely used techniques do not perform well for mobile devices yet, but that it is possible to build a fingerprinting system for precise recognition and identification. We evaluate our proposed system in an online study and verify its robustness against misclassification. Fingerprinting of web clients is often seen as an offence to web users' privacy as it usually takes place without the users' knowledge, awareness, and consent. Thus, we also analyze whether it is possible to outrun fingerprinting of mobile devices. We investigate different scenarios how users are able to circumvent a fingerprinting system and evade our newly created methods.
2015
978-1-4503-3682-6
File in questo prodotto:
File Dimensione Formato  
ACSAC2015_Giacinto_printed.pdf

Solo gestori archivio

Descrizione: Articolo pubblicato negli atti del convegno
Tipologia: versione editoriale
Dimensione 301.87 kB
Formato Adobe PDF
301.87 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11584/133150
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 42
  • ???jsp.display-item.citation.isi??? ND
social impact