Home M3AAWG Blog Browser Fingerprinting using AI: M3AAWG 53rd General Meeting

As Internet usage has exploded and become an integral part of everyone’s personal and business lives, the opportunities to exploit user data have become ever more attractive. Sophisticated tracking and explosion of third-party ad and other services ensure that very few users can defend themselves against data harvesting and attacks. 

In this session at M3AAWG’s 53rd general meeting October 2021, Gabor Takacs, chief data scientist at CUJO AI, described the methods used by tracking systems and addresses ways to defend against browser fingerprinting attacks using AI.

Tracking and sharing users’ online activity is a shady practice, violating privacy and abusing trust. The conventional method of tracking is saving third-party cookies to the browser. Nowadays, major browsers have already started to take action against third-party cookies. Thus, the tracking business is moving toward different techniques such as browser fingerprinting.

The idea of browser fingerprinting is to collect information about the user's computer such as screen resolution, active plugins, installed fonts, and concatenate these attributes into a unique identifier. To counter this attack, two approaches were applied: the static approach analyzes the source code of JavaScript files, loaded by the web site. The dynamic approach uses a headless browser, with a customized JavaScript engine and inspects all function calls.

CUJO AI prepared a labeled data set that contains cases of both browser fingerprinting (37%) and legitimate activity (63%). It trained machine learning models, based on the dynamic (the presented solution uses dynamic features only) features of the input, with the best model that can predict the presence of browser fingerprinting with around 98% accuracy.

In summary, attendees learned that disabling third-party cookies will not solve the tracking problem. However, a new defense is being developed against new tracking techniques.

The Data and Identity Protection Committee of M3AAWG will continue tracking and working on this topic. Learn more about M3AAWG’s work at www.M3AAWG.org



The views expressed in DM3Z are those of the individual authors and do not necessarily reflect M3AAWG policy.