There is no new content.

» Go to the full list

Recent comments

» 2018.02.03. 18:24:02, Note for Firefox @ Preventing misuses and misapprehensions of FireGloves

» 2017.03.12. 20:02:46, Namrata Nayak @ Predicting anonymity with machine learning in social networks

» 2017.01.13. 20:51:19, anonymous @ Preventing misuses and misapprehensions of FireGloves

» 2016.06.12. 13:52:44, Dany_HackerVille @ Preventing misuses and misapprehensions of FireGloves

» 2014.08.29. 17:16:15, [anonymous] @ Preventing misuses and misapprehensions of FireGloves

Monthly archive (2015-07)

Back to the full archives.

Device fingerprinting by font-rendering differences

| | 2015.07.21. 05:51:39  Gulyás Gábor  

In 2012, we demonstrated that the OS can be fingerprinted by checking the presence of a greater variety of front (hey, we also have a paper on that). In addition, we showed this by using JavaScript only that was running from a website. This project seems to have more detailed results on this issue, as the authors went further than checking the presence of of a font: they checked how characters are rendered with a given font in different browser. This surely gives more details than 0/1, and according to their results they could use this information solely to make 34% of their submissions uniquely identifiable:

We describe a web browser fingerprinting technique based on measuring the onscreen dimensions of font glyphs. Font rendering in web browsers is affected by many factors—browser version, what fonts are installed, and hinting and antialiasing settings, to name a few— that are sources of fingerprintable variation in end-user systems. We show that even the relatively crude tool of measuring glyph bounding boxes can yield a strong fingerprint, and is a threat to users' privacy. Through a user experiment involving over 1,000 web browsers and an exhaustive survey of the allocated space of Unicode, we find that font metrics are more diverse than User-Agent strings, uniquely identifying 34% of participants, and putting others into smaller anonymity sets. Fingerprinting is easy and takes only milliseconds. We show that of the over 125,000 code points examined, it suffices to test only 43 in order to account for all the variation seen in our experiment. Font metrics, being orthogonal to many other fingerprinting techniques, can augment and sharpen those other techniques.

We seek ways for privacy-oriented web browsers to reduce the effectiveness of font metric–based fingerprinting, without unduly harming usability. As part of the same user experiment of 1,000 web browsers, we find that whitelisting a set of standard font files has the potential to more than quadruple the size of anonymity sets on average, and reduce the fraction of users with a unique font fingerprint below 10%. We discuss other potential countermeasures.

You can find the paper here.

Tags: web bug, fingerprint, tracking, font, device identifier


0 comment(s).

The Tor Project is looking for an Executive Director!

| | 2015.07.13. 09:25:46  Székely Iván  

The Tor Project, Inc. is the non-profit organization behind the popular anonymity and privacy tool Tor.  This organization is currently undergoing a worldwide search for an Executive Director.


If you are, or you know of someone who is, interested in the position,
please contact:

Judy Tabak
The Wentworth Company
479 West Sixth Street, San Pedro, CA 90731
(310) 732-2321

Tags: tor, Tor Project Inc.


0 comment(s).

Two doctoral studentships available at Oxford

| | 2015.07.08. 10:28:16  Székely Iván  

Doctoral Studentships: Trusted Environments for Privacy-Preserving

Department of Computer Science, University of Oxford

Supervisors: Professors Andrew Martin & Andrew Simpson

Start Date: October 2015

We invite applications for two studentships funded by the Intel
Corporation for a project called "Applying the Trusted Remote
Environment (AppTRE)". One student will study how Trusted Computing
Architectures based on Intel's new SGX technology can be used to
implement "Trustworthy Remote Entities" with strong guarantees of
privacy protection. The other student will study algorithms and
approaches to data analysis which can run in such contexts, processing
privacy-sensitive data without unwanted disclosures.

The studentships are tenable from October 2015, for three years in each
case, subject to satisfactory progress. In special circumstances, it
may be possible to delay the start date. The annual stipend payable is
£17057. The studentship also covers the payment of College and
University fees at the home/EU rate.

More details here:

Tags: privacy-preserving analytics, studentship


0 comment(s).

© International PET Portal, 2010 | Imprint | Terms of Use | Privacy Policy