Ryan Torok will present his MSE talk "Leveraging Sandboxes for a Minimally Invasive Browser Fingerprinting Defense" on Tuesday, April 25, 2023 at 2pm in CS 401.
Advisor: Amit Levy
Reader: Jonathan Mayer
Title: Leveraging Sandboxes for a Minimally Invasive Browser Fingerprinting Defense
Abstract:
We present Sandcastle, an entropy-based browser fingerprinting defense
that aims to minimize its interference with legitimate web
applications. Sandcastle allows developers to partition code that
operates on identifiable information into sandboxes to prove to the
browser the information cannot be sent in any network
request. Meanwhile, sandboxes may make full use of identifiable
information on the client side, including writing to dedicated regions
of the Document Object Model. For applications where this policy is too
strict, Sandcastle provides an expressive cashier that allows precise
control over the granularity of data that is leaked to the
network. These features allow Sandcastle to eliminate most or all of the
noise added to the outputs of identifiable APIs by Chrome’s Privacy
Budget framework, the current state of the art in entropy-based
fingerprinting defenses. Enabling unlimited client-side use of
identifiable information allows for a much more comprehensive set of web
applications to run under a fingerprinting defense, such as 3D games and
video streaming, and provides a mechanism to expand the space of APIs
that can be introduced to the web ecosystem without sacrificing privacy.