adF: A Novel System for Measuring Web Fingerprinting through Ads

TL;DR

This paper introduces adF, a novel system that measures web fingerprinting vulnerability by embedding fingerprinting logic in online ads, enabling large-scale, longitudinal analysis across desktop and mobile configurations. It demonstrates substantial fingerprinting risk, with about 66% of desktop devices and 40% of mobile devices fingerprintable in ads, and reveals that Chrome on desktops is especially vulnerable. The authors propose ShieldF, a Chromium-based extension that blocks high-discrimination attributes, achieving up to a 62% reduction in vulnerability and outperforming major browser defenses. The work provides a practical, configurable auditing framework and highlights key attributes (cardinality and entropy) that drive fingerprinting power, offering actionable guidance for browser developers and mobile app designers to mitigate exposure.

Abstract

This paper introduces adF, a novel system for analyzing the vulnerability of different devices, Operating Systems (OSes), and browsers to web fingerprinting. adF performs its measurements from code inserted in ads. We have used our system in several ad campaigns that delivered 5.40 million ad impressions. The collected data allow us to assess the vulnerability of current desktop and mobile devices to web fingerprinting. Based on our results, we estimate that 66% of desktop devices and 40% of mobile devices can be uniquely fingerprinted with our web fingerprinting system. However, the resilience to web fingerprinting varies significantly across browsers and device types, with Chrome on desktops being the most vulnerable configuration. To counter web fingerprinting, we propose ShieldF, a simple solution which blocks the reporting by browsers of those attributes that we found in the analysis of our dataset that present the most significant discrimination power. Our experiments reveal that ShieldF outperforms all anti-fingerprinting solutions proposed by major browsers (Chrome, Safari and Firefox) offering an increase in the resilience offered to web fingerprinting up to 62% for some device configurations. ShieldF is available as an add-on for any chromium-based browser. Moreover, it is readily adoptable by browser and mobile app developers. Its widespread use would lead to a significant improvement in the protection offered by browsers and mobile apps to web fingerprinting.

Figures (6)

• Figure 1: adF visual representation, our web fingerprinting system.
• Figure 2: x-axis: $\mathcal{MV}$, $\mathcal{TV}$ and $\mathcal{A}$ performance of adF system for all the considered browser-based device and mobile app configurations; y-axis: number of samples for the browser and mobile app configurations considered for the analyses conducted in the paper.
• Figure 3: The effectiveness of the proposed anti-fingerprinting solution is indicated by $\mathcal{MV}$, $\mathcal{TV}$ and $\mathcal{A}$ for each device configuration. Values above bars denote positive (blue) or negative (red) percentage variation compared to metrics without ShieldF.
• Figure 4: Comparing ShieldF to Safari, Firefox, and Google solutions. We assess $\mathcal{MV}$, $\mathcal{TV}$, and $\mathcal{A}$ on a benchmark setup, {Desktop, Windows, Chrome}.
• Figure 5: Comparing ShieldF with techniques to mitigate web fingerprinting effects. We assess $\mathcal{MV}$, $\mathcal{TV}$, and $\mathcal{A}$ on a benchmark setup, {Desktop, Windows, Chrome}. Dashed line denotes $\mathcal{MV}$ of benchmark configuration {Desktop, Chrome, Windows}.