Double-Edged Crime: How Browser Extension Fingerprinting Might Endanger Users and Extensions Alike (god2024)

Chaos Computer Club - recent events feed (low quality)

Contenuto fornito da CCC media team. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da CCC media team o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.

24h ago 23:43

MP4•Pagina principale dell'episodio

Browser extensions are powerful tools that enhance the web browsing experience, offering their users a wide range of functionalities. However, these features can also introduce security and privacy issues for their users, mainly through a technique known as extension fingerprinting — where malicious websites track users based on the extensions they have installed. This is particularly interesting since many websites rely on advertising-based revenue for their existence, and the cookie-less form of tracking is also increasingly getting traction on the Web. Popular libraries such as FingerprintJS and Castle have already incorporated extensions as identifiable sources in their armor. In this talk, we will present the growing threat of browser extension fingerprinting, shedding light on how extensions can inadvertently expose both users and the extension to certain risks. Our recent research uncovers that over 3,000 Chrome and Firefox extensions are vulnerable to fingerprinting through techniques such as JavaScript namespace pollution and other observable side effects despite existing defense mechanisms [1]. The audience will takeaway the following: What are some of the ways by which browser extensions can be fingerprinted. The risks for both user privacy and extensions' behavior. Insights from recent research on vulnerable extensions. Potential strategies to mitigate fingerprinting risks. And, of course, how to keep your extensions from being the "most wanted" on the Web! [1] Agarwal, Shubham, Aurore Fass, and Ben Stock. "Peeking through the window: Fingerprinting Browser Extensions through Page-Visible Execution Traces and Interactions." (To appear at) Proceedings of the 31st ACM SIGSAC Conference on Computer and Communications Security. 2024. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de

1546 episodi

#Technologie #CCC media team #Ccc Congress Hacking Security Netzpolitik #Video