Monthly archive (2015-07)
Back to the full archives. Device fingerprinting by font-rendering differences
|
|
2015.07.21. 05:51:39
Gulyás Gábor
In 2012, we demonstrated that the OS can be fingerprinted by checking the presence of a greater variety of front (hey, we also have a paper on that). In addition, we showed this by using JavaScript only that was running from a website. This project seems to have more detailed results on this issue, as the authors went further than checking the presence of of a font: they checked how characters are rendered with a given font in different browser. This surely gives more details than 0/1, and according to their results they could use this information solely to make 34% of their submissions uniquely identifiable:
We describe a web browser fingerprinting technique based on measuring the onscreen dimensions of font glyphs. Font rendering in web browsers is affected by many factors—browser version, what fonts are installed, and hinting and antialiasing settings, to name a few— that are sources of fingerprintable variation in end-user systems. We show that even the relatively crude tool of measuring glyph bounding boxes can yield a strong fingerprint, and is a threat to users' privacy. Through a user experiment involving over 1,000 web browsers and an exhaustive survey of the allocated space of Unicode, we find that font metrics are more diverse than User-Agent strings, uniquely identifying 34% of participants, and putting others into smaller anonymity sets. Fingerprinting is easy and takes only milliseconds. We show that of the over 125,000 code points examined, it suffices to test only 43 in order to account for all the variation seen in our experiment. Font metrics, being orthogonal to many other fingerprinting techniques, can augment and sharpen those other techniques.
We seek ways for privacy-oriented web browsers to reduce the effectiveness of font metric–based fingerprinting, without unduly harming usability. As part of the same user experiment of 1,000 web browsers, we find that whitelisting a set of standard font files has the potential to more than quadruple the size of anonymity sets on average, and reduce the fraction of users with a unique font fingerprint below 10%. We discuss other potential countermeasures.
0 comment(s). The Tor Project is looking for an Executive Director!
|
|
2015.07.13. 09:25:46
Székely Iván
The Tor Project, Inc. is the non-profit organization behind the popular anonymity and privacy tool Tor. This organization is currently undergoing a worldwide search for an Executive Director.
Description:
http://data01.wentco.com/openreq/Requisition.aspx?ReqID=67528129
If you are, or you know of someone who is, interested in the position,
please contact:
Judy Tabak
The Wentworth Company
479 West Sixth Street, San Pedro, CA 90731
(310) 732-2321
JudyTabak@wentco.com
Two doctoral studentships available at Oxford
|
|
2015.07.08. 10:28:16
Székely Iván
Doctoral Studentships: Trusted Environments for Privacy-Preserving
Analytics
Department of Computer Science, University of Oxford
Supervisors: Professors Andrew Martin & Andrew Simpson
Start Date: October 2015
We invite applications for two studentships funded by the Intel
Corporation for a project called "Applying the Trusted Remote
Environment (AppTRE)". One student will study how Trusted Computing
Architectures based on Intel's new SGX technology can be used to
implement "Trustworthy Remote Entities" with strong guarantees of
privacy protection. The other student will study algorithms and
approaches to data analysis which can run in such contexts, processing
privacy-sensitive data without unwanted disclosures.
The studentships are tenable from October 2015, for three years in each
case, subject to satisfactory progress. In special circumstances, it
may be possible to delay the start date. The annual stipend payable is
£17057. The studentship also covers the payment of College and
University fees at the home/EU rate.
More details here: http://www.cs.ox.ac.uk/news/944-full.html
New password 
Register