8 Related Work
Users’ increasing demand for online privacy, which resulted
in significant efforts by the community and browser vendors
for preventing cookie-based tracking, has also led to the emer-
gence of stateless tracking and browser fingerprinting tech-
niques. A large body of prior work has explored various as-
pects of browser fingerprinting and demonstrated the feasibil-
ity of such techniques [14, 15, 18, 20, 23, 25, 30, 31, 37
–
39, 52].
More recently, extension fingerprinting has caught the
attention of the research community as a new fingerprinting
vector. Over the last few years, several works have explored
extension fingerprinting, proposed various extension enumer-
ation techniques and countermeasures, and demonstrated how
the users’ list of installed extensions can enable the inference
of sensitive user information [26, 29, 32, 43, 44, 47, 48, 50, 51].
In one of the first works in the area of extension finger-
printing, Sjösten et al. [44] demonstrated how websites can
detect the presence of extensions in the user’s browser based
on the Web Accessible Resources (WARs) that these expose.
Gulyas et al. [26] used the WAR-based technique from [44]
and conducted a large-scale study on the uniqueness of users
that visited their website. They found that they can uniquely
identify 54.86% of the users that have at least one extension
installed. In a different line of work, Sanchez-Rola et
al. [43], as well as Van Goethem and Joosen [51], proposed a
timing-based side-channel attack for detecting the presence of
extensions. Specifically, they issue a request for accessing an
extension’s non-existent resource and measure the time that
it takes for the browser to respond. The response takes longer
in the case where the extension is present, as the browser first
parses the manifest to determine if the resource is accessible.
The works that are most closely related to ours are those
that explore behavior-based extension fingerprinting. In
the first study in this area, Starov and Nikiforakis [48]
showed that extensions can be detected based on the
DOM modifications that they perform to the visited page.
Furthermore, by surveying 854 users, they also found that
many users tend to install unique sets of extensions, thus
becoming uniquely identifiable. Karami et al. [29] developed
Carnus
, a framework that employs both static and dynamic
analysis for the generation of extensions’ behavioral-based
fingerprinting signatures in an automated fashion. Moreover,
they explored how the detection of extensions can lead to the
inference of sensitive information (e.g., ethnicity, religion).
Trickel et al. [50] proposed
CloakX
, a defense that
diversifies the extensions’ behavioral fingerprints to prevent
detectability. More specifically, it substitutes the injected
DOM elements’ identifiers and class names, while also insert-
ing random tags in the page as noise. However, this approach
cannot prevent detectability for the majority of extensions
that are fingerprinted by
Carnus
[29]. In another work, Starov
et al. [47] investigated whether the extensions’ behavior
and page modifications, that in turn make these extensions
fingerprintable, are needed for their intended functionality.
Similarly to Karami et al.’s [29], this work also accounts for
extensions that are fingerprintable due to the messages they
exchange. Finally, Laperdrix et al. [32] has recently proposed
an extension fingerprinting technique that detects extensions
based on the style sheets that these inject in the visited page.
Using this technique, the authors of [32] were able to uniquely
identify 4,446 extensions, from which 1,074 (24%) have not
been fingerprinted by any previously proposed techniques.
All prior work only considered behaviors that extensions
exhibit automatically and by default did not take into account
the dynamic of user interactions. To the best of our knowl-
edge, our work is the first that incorporates user interactions
and attempts to actively trigger extensions’ functionalities,
aiming to make them exhibit fingerprintable behaviors.
9 Conclusion
More than a decade has passed since the seminal works of
Mayer [36] and Eckersley [20], and yet browser fingerprinting
remains an open problem. The fingerprinting of browser exten-
sions is particularly concerning since, in addition to offering
bits of entropy, they also reveal sensitive personal and socioe-
conomic characteristics of the users who chose to install them.
In this paper, we drew attention to a limitation that has been
common to all prior research on the fingerprinting of browser
extensions. Namely, we showed that prior work has ignored
the aspect of users interacting with browser extensions and
how these interactions can be abused to fingerprint extensions.
Through the use of static and dynamic analyses, we were
able to take advantage of user interactions to fingerprint 4,971
extensions, including more than a thousand extensions that
remained invisible to prior fingerprinting methods. Moreover,
we demonstrated that due to developer error, the majority
(67%) of extensions that are triggered by mouse or keyboard
events can be fingerprinted via artificial user actions that the
page itself can generate, as opposed to requiring a user’s
unwitting help. Finally, to at least partially ameliorate this
common developer mistake, we proposed a tool that can add
appropriate event-provenance checks wherever they are miss-
ing. We hope that future research into browser fingerprinting
will take user-interactions into account, both in terms of an at-
tacker’s capabilities, as well as in proposed countermeasures.
Acknowledgements:
We would like to thank the anonymous
reviewers and our shepherd Anupam Das for their valuable
feedback. This work was supported by the National Science
Foundation under grants CNS-1934597, CNS-1941617,
and CNS-2126654 as well as the office of Naval Research
under grant N00014-20-1-2720. Any opinions, findings,
conclusions, or recommendations expressed herein are those
of the authors, and do not necessarily reflect those of the NSF
or the ONR.
USENIX Association 31st USENIX Security Symposium 729