Persistent Tracking in Modern Browsers: Tales of Favicons and Caches

tales of favicons and caches n.w
1 / 19
Embed
Share

Explore the intriguing world of user tracking through favicons and caches in modern browsers, uncovering the potential for persistent tracking even after clearing cookies and incognito mode. Learn about the significance of favicons, their storage mechanisms, cache policies, and the threat models associated with them.

  • Browsers
  • Tracking
  • Favicons
  • Caches
  • Privacy
rayaanacharya
mitt_lam Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Tales of Favicons and Caches: Persistent Tracking in Modern Browsers NDSS 2021

  2. What is user tracking? When not logged in: After clearing the cookies/ incognito mode :

  3. What is a Favicon? Introduced in Internet Explorer 5, 1999 Favorite website icon Favicon Small icon associated with a webpage Different icon formats Supported by all browsers and devices Part of website s branding identity

  4. Favicon Storage & Cache Automatically requested and fetched 1. Page URL 2. Favicon ID 3. Expiration Time (TTL) 4. Dimensions Dedicated Favicon Cache

  5. Favicon Cache Policies 2 Subdomains and inner paths create different entries Access Control To clear the browser s cache/ cookies/ history do not affect the favicon cache Incognito mode can read and not write

  6. Threat Model Victim visits website and the identifier is automatically stored Attacker.com/pathA Attacker.com/pathB ID=10101 Attacker.com/pathC Attacker.com/pathD Attacker.com/pathE

  7. Write Identifier Victim Browser attacker.com GET / First visit GET favicon.ico 302 Redirect ID Generation

  8. Write Identifier ID=10101 Victim Browser attacker.com/subpathX ID bit:1 2 3 K N GET /pathA GET favicon1.ico 302 Redirect GET /pathC GET favicon3.ico 302 Redirect GET /pathK

  9. Read Identifier Victim Browser attacker.com No favicon request GET / 302 Redirect User Exisits

  10. Read Identifier ID= 1 0 Victim Browser attacker.com/subpathX ID bit:1 2 3 K N GET /pathA 302 Redirect GET /pathB GET favicon2.ico 404 Not Found 302 Redirect

  11. Affected Browsers and Modes Firefox *

  12. Baseline Attack Performance Write Identifier 2.5s Read Identifier 5.5s How to do better?

  13. Optimization: Fingerprints and Favicons Browser attributes that are immutable over time [Vastel et al., S&P18 ] Cookies Enabled, Local Storage, DNT, Ad Block, Platform, Encoding, Language, WebGL, Canvas Browser Fingerprints dataset amiunique.org [Lapperdrix et al., S&P16 ] Calculated Fingerprint Entropy of the available attributes

  14. Optimization: Fingerprints and Favicons Lower: 16 bits Higher: 26 bits 50% desktop devices: 19-24 bits Combine Browser Fingerprints with Favicon Identifier

  15. Optimization: Fingerprints and Favicons Fingerprint generation overhead 200ms Cookies, Local Storage, DNT 2ms Canvas, WebGL 100ms Reconstruct 32-bit ID with less redirections 20 bits Browser FP + 12 bits Favicon ID 2 sec Anti-Fingerprint tools Brave defense: Full ID reconstruct 3 sec

  16. Network Effects Web server and client located in the same city 27% faster Id Generation 35% decreased read-ID time Optimal attack time with redirection overhead Write 1.5 sec Read 3 sec Large-Scale attack: dedicated CDNs and servers across locations

  17. Proposed Countermeasures Incognito mode should use an isolated cache instance Default Clear browsing data should also clear Favicon Cache Notified Vulnerable browsers Confirmed and acknowledged Brave deployed countermeasure

  18. Summary Demonstrated novel persistent favicon tracking technique Breaks incognito mode Robust against anti-tracking defenses Long-term identifier Browser FPs a powerful optimization mechanism for augmenting other tracking vectors Extensive experimental evaluation under different network/device/browser conditions Mitigation needs redesign of policies and browser architecture. Remediation under way.

  19. Thanks for You Listening !

Related


No related presentations.

More Related Content