Utilisateur:Ergozat/Brouillon2
La documentation de ce modèle est générée par le modèle {{Documentation}}.
Les éditeurs peuvent travailler dans le bac à sable (créer) et la page de test (créer).
Voir les statistiques d'utilisation du modèle sur l'outil wstat.
Definition
[modifier | modifier le code]In 2012, Abgrall identifies two types of browser fingerprinting : One may uniquely identify a browser. The other one may uniquely identify a browser type, its implementation and its version number.[1]
In 2017, Al-Fannah defines browser fingerprint as a technique that can be used by a web server to uniquely identify a platform, examining information provided by the browser. [8] Kaur completes this description by saying that fingerprint is derived by the unique pattern of information visible whenever a computer (or another platform) visits a website.[2] Only18-20 bits of information is enough to identify a browser by fingerprinting.[3]
The use of web cookie can serve the same purpose, as the ip address. But fingerprint can be shaped independently[8]. Tracking methods are based on device-specific information and configuration including browser version, installed fonts, browser plugins and screen resolution.[1] Also, only 18-20 bits of information is enough to identify a browser by fingerprinting.[4]
In 2010 Eckersley conducts a study by the implementation of a fingerprinting algorithm. It can be tested by visiting the web site panopticlick.eff.org.[5] Eckersley admits through his study that 83,6% of browsers obbbbbserved by panopticlick had unique fingerprints.[6]
Usages
[modifier | modifier le code]The fringerprinting effect is not clearly visible by the user since he is not informed.[7] Device fingerprint is used by compagnies in order to target users on specific web services. [10] In some cases, fingerfrinting scripts are directly embedded in ad banners.[8] But the use cases of fingerprints also include fraud detection, protection against account hijacking, anti-bot and anti-scraping services, enterprise security management, protection against DDOS attacks, real-time targeted marketing, campaign measurement, reaching customers across devices, and limiting number of access to services.[9]
Large scale studies
[modifier | modifier le code]Tracking
[modifier | modifier le code]According to marketing compagnies, it is possible to identify user behavior across different websites and devices. It suggests these compagnies feed customer databases with fingeprinting information and then, it is easier to link a customer to differents devices.[10] Also Eckersley showed that fingerprinting can be used in order to track user without the need of client-side stateful identifiers (such as cookies).[11] Indeed, the entropy, if it is enough in the distribution of a fingerprinting algorithm, can make a recognisable of subset of users unique. Then, this given fingerprint can become the main identifier for a specific user since it can not be deleted except by a modification of browser configuration that is large enough to change the fingerprint.[12]
Generating cookies
[modifier | modifier le code]According to the possible deletion of cookies, many website use Adobe Flash cookies as a way to regenerate them. As fingerprint is a way to identify user, in association to IP address (if it is the same as the last visit on the website), there is high probability to link the user to previous cookies or regenerate new ones. Moreover, only 18-20 bits of fingerprint data is enough to identify user.[13][14]
IP address
[modifier | modifier le code]Identifying device vulnerabilities
[modifier | modifier le code]Websites using exploits kits are the result of malware propagation.[15] These websites refer to fingerprint to find out if the visitor’s browser is vulnerable of not, and then they can decide which exploits are the most effective.[16]
Improving security
[modifier | modifier le code]Bot and fraud prevention
[modifier | modifier le code]Browser fingerprinting can be used to detect specific fraud like XSS proxification since the attacker's browser is different from the infected one. [16] Also fingerprint can be used to make the difference between a single user and a bot designed to perform a deny-of-service attack.[16]An interessant defense way about bots fraud is the use of Client Side Honeypots.[16]
Augmented authentification
[modifier | modifier le code]Protection techniques
[modifier | modifier le code]Web privacy is also exposed by web standards and APIs due to their deep implementation with devices.[17]
- Abgrall 2012, p. 1
- Kaur 2017, p. 1
- Kaur 2017, p. 4
- Kaur 2017, p. 4
- Eckersley 2010, p. 1
- Eckersley 2010, p. 10
- Acar 2013, p. 10
- Acar 2013, p. 9
- Acar 2013, p. 9
- Acar 2013, p. 9
- Nikiforakis 2013, p. 2
- Eckersley 2010, p. 3
- Eckersley 2010, p. 3
- Kaur 2017, p. 4
- Abgrall 2012, p. 8
- Abgrall 2012, p. 9
- Olejnik 2016, p. 262