We also conduct a user study and evaluate the performance overhead of randomization to determine the impact on the user experience. If there is a match, MaxMind tells us whether the IP address is from a VPN, Tor exit node or data center. We evaluate the effectiveness of FPRandom by testing it against known fingerprinting tests.
We present FPRandom, a modified version of Firefox that adds randomness to mitigate the most recent fingerprinting algorithms, namely canvas fingerprinting, AudioContext fingerprinting and the unmasking of browsers through the order of JavaScript properties. Randomization is possible thanks to the following properties of browsers implementations: (i) some functions have a nondeterministic specification, but a deterministic implementation (ii) multimedia functions can be slightly altered without deteriorating user’s perception. In order to receive device output from minFraud Insights or minFraud Factors, you must be using the Device Tracking Add-on (/minfraud/device/). We add randomness in the computation of selected browser functions, in order to have them deliver slightly different answers for each browsing session. Our work aims at mitigating the risk of browser fingerprinting for users privacy by ‘breaking’ the stability of a fingerprint over time. In order to receive device output from minFraud Insights or minFraud Factors, you must be using the Device Tracking Add-on. Consequently, the fingerprint can be used to track users.
#MAXMIND DEVICE TRACKING CODE#
It works by adding a small javascript code to your website which identifies each unique device accessing it, so even if a fraudster changes their IP address or uses a proxy, the device will still be recognized and can receive a higher fraud score if appropriate. A small number of queries on these interfaces are sufficient to build a fingerprint that is statistically unique and very stable over time. Maxmind offers a Device Tracking Add-on as a complimentary part of their minFraud fraud checking service. The rich programming interfaces (APIs) provided by web browsers can be diverted to collect a browser fingerprint. Book series (LNCS, volume 10379) Abstract