New Techniques for Browser Fingerprinting

Presented at ToorCon San Diego 17 (2015), Oct. 25, 2015, 2:30 p.m. (20 minutes).

Browser fingerprinting is a useful technique for tracking users on the web, especially privacy-conscious ones who have disabled cookies. This talk will demonstrate how to (ab)use new web platform features like HTTP Public Key Pinning to fingerprint users without their consent, including users of anti-tracking tools like AdBlock and Disconnect. I plan to release an open-source tool for either performing these fingerprinting attacks or defending against them; I’m not yet sure which.

Presenters:

• yan
  Yan is a high school dropout and a security engineer at Yahoo, mostly working on end-to-end email encryption. She is also a Technology Fellow at EFF and a core developer of Let’s Encrypt, HTTPS Everywhere, and SecureDrop. While at EFF, she wrote a popular anti-tracking add-on for Firefox called Privacy Badger.

Links:

• https://infocon.org/cons/ToorCon/ToorCon 17 - 2015/yan - New Techniques for Browser Fingerprinting.mp4

Similar Presentations:

• Black Hat USA 2012 / Web Tracking for You
• DEF CON 18 (2010) / Web Application Fingerprinting with Static Files
• DEF CON 11 (2003) / Revolutionizing Operating System Fingerprinting