As Internet usage has exploded and become an integral part of everyone’s personal and business lives, the opportunities to exploit user data have become ever more attractive. Sophisticated tracking and explosion of third-party ad and other services ensure that very few users can defend themselves against data harvesting and attacks.
In this session at M3AAWG’s 53rd general meeting October 2021, Gabor Takacs, chief data scientist at CUJO AI, described the methods used by tracking systems and addresses ways to defend against browser fingerprinting attacks using AI.
Tracking and sharing users’ online activity is a shady practice, violating privacy and abusing trust. The conventional method of tracking is saving third-party cookies to the browser. Nowadays, major browsers have already started to take action against third-party cookies. Thus, the tracking business is moving toward different techniques such as browser fingerprinting.
CUJO AI prepared a labeled data set that contains cases of both browser fingerprinting (37%) and legitimate activity (63%). It trained machine learning models, based on the dynamic (the presented solution uses dynamic features only) features of the input, with the best model that can predict the presence of browser fingerprinting with around 98% accuracy.
In summary, attendees learned that disabling third-party cookies will not solve the tracking problem. However, a new defense is being developed against new tracking techniques.
The Data and Identity Protection Committee of M3AAWG will continue tracking and working on this topic. Learn more about M3AAWG’s work at www.M3AAWG.org.