EssentialFP: Exposing the Essence of Browser Fingerprinting
By Alexander Sjösten, Daniel Hedin, Andrei Sabelfeld.
In Proceedings of the IEEE European Symposium on Security and Privacy Workshops (SecWeb), September 2021.
Web pages aggressively track users for a variety of purposes from targeted
advertisements to enhanced authentication. As browsers move to restrict
traditional cookie-based tracking, web pages increasingly move to tracking
based on browser fingerprinting. Unfortunately, the state-of-the-art to
detect fingerprinting in browsers is often error-prone, resorting to imprecise
heuristics and crowd-sourced filter lists.
Download the VM with EssentialFP (md5: 329a677d0117b990966de609f2238cfb) as well as the benchmark page to try it out.
The VM image is created using Virtualbox, but it has also been tested to work with VMWare Fusion.
In case of an error message in VMWare saying the import of the .ova file failed due to it "did not pass OVF specification conformance or virtual hardware compliance checks", simply click retry and it should work.
We have also noticed that the file ending may sometimes be changed by the OS to .ovf. If that is the case, manually change it back to .ova, otherwise it may not work as intended.
To execute the EssentialFP, just run "./run_essentialfp.sh" from the terminal.
The source code for the JSFlow implementation used can be found in "~/jsflow", and the source code for the modified Chromium can be found in "~/chromium/src".
The benchmark page is simply FingerprintJS version 2.1 with all flags enabled.