Everyone is Different Client-side Diversification Defending Extension Fingerprinting
June 26, 2019
Summary
Defense paper defending against browser extension fingerprinting. Defense papers are difficult to get passed through reviewers as someone may always point to some obscure attack which may sound like a roadblock.
Every extension has a unique id, tracked by WARs. WAR cloaking is required . Anchor printing and structure printing Anchorprints rely on an anchor between the webpage’s JavaScript and the extension.
Structureprints effectively create a DOM fingerprint that uses the extension’s unique and intended behavior to identify the extension. Multiple extensions could have same structureprints, easier to identify harder to break.
Behavior fingerprinting a subset of structureprinting, ex. lastpass puts password icon on password fields, so one can just search for password icon.
Identifying fingerprints - Droxy looks for changes in DOM in a page with and without extension installed.
TAJS Taint analysis - randomises new js inserted into the page (called droplets).
Strong Points
Paper introduced terms (anchorprinting structureprinting behavior printing), other papers will use this, more citations.
Weak Points
Gaping holes especially with behaviorprinting (acknowledged in discussions section)