Skip to Main content Skip to Navigation
New interface
Conference papers

To Extend or not to Extend: On the Uniqueness of Browser Extensions and Web Logins

Gábor György Gulyás 1 Dolière Francis Somé 2 Nataliia Bielova 2 Claude Castelluccia 1 
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services, Inria Lyon
2 INDES - Secure Diffuse Programming
CRISAM - Inria Sophia Antipolis - Méditerranée
Abstract : Recent works showed that websites can detect browser extensions that users install and websites they are logged into. This poses significant privacy risks, since extensions and Web logins that reflect user's behavior, can be used to uniquely identify users on the Web. This paper reports on the first large-scale behavioral uniqueness study based on 16,393 users who visited our website. We test and detect the presence of 16,743 Chrome extensions, covering 28% of all free Chrome extensions. We also detect whether the user is connected to 60 different websites. We analyze how unique users are based on their behavior, and find out that 54.86% of users that have installed at least one detectable extension are unique; 19.53% of users are unique among those who have logged into one or more detectable websites; and 89.23% are unique among users with at least one extension and one login. We use an advanced fingerprinting algorithm and show that it is possible to identify a user in less than 625 milliseconds by selecting the most unique combinations of extensions. Because privacy extensions contribute to the uniqueness of users, we study the trade-off between the amount of trackers blocked by such extensions and how unique the users of these extensions are. We have found that privacy extensions should be considered more useful than harmful. The paper concludes with possible countermeasures.
Document type :
Conference papers
Complete list of metadata
Contributor : Claude Castelluccia Connect in order to contact the contributor
Submitted on : Wednesday, November 14, 2018 - 10:31:58 AM
Last modification on : Friday, August 5, 2022 - 3:50:50 AM



Gábor György Gulyás, Dolière Francis Somé, Nataliia Bielova, Claude Castelluccia. To Extend or not to Extend: On the Uniqueness of Browser Extensions and Web Logins. WPES'18 - Workshop on Privacy in the Electronic Society, Oct 2018, Toronto, Canada. pp.14-27, ⟨10.1145/3267323.3268959⟩. ⟨hal-01921863⟩



Record views