XHOUND: Quantifying the Fingerprintability of Browser Extensions

In recent years, researchers have shown that unwanted web tracking is on the rise, as advertisers are trying to capitalize on users' online activity, using increasingly intrusive and sophisticated techniques. Among these, browser fingerprinting has received the most attention since it allows trackers to uniquely identify users despite the clearing of cookies and the use of a browser's private mode. In this paper, we investigate and quantify the fingerprintability of browser extensions, such as, AdBlock and Ghostery. We show that an extension's organic activity in a page's DOM can be used to infer its presence, and develop XHOUND, the first fully automated system for fingerprinting browser extensions. By applying XHOUND to the 10,000 most popular Google Chrome extensions, we find that a significant fraction of popular browser extensions are fingerprintable and could thus be used to supplement existing fingerprinting methods. Moreover, by surveying the installed extensions of 854 users, we discover that many users tend to install different sets of fingerprintable browser extensions and could thus be uniquely, or near-uniquely identifiable by extension-based fingerprinting. We use XHOUND's results to build a proof-of-concept extension-fingerprinting script and show that trackers can fingerprint tens of extensions in just a few seconds. Finally, we describe why the fingerprinting of extensions is more intrusive than the fingerprinting of other browser and system properties, and sketch two different approaches towards defending against extension-based fingerprinting. Our results highlight the danger of extension-based fingerprinting which, in conjunction with existing fingerprinting techniques, can greatly boost the accuracy of stateless, user identification. Moreover, our findings are likely to be applicable to mobile platforms where most browsers have poor or no support for plugins, yet popular browsers, such as, Firefox Mobile and Dolphin Browser for Android, and Chrome for iOS [32] , support extensions. To address the threat of extension-based fingerprinting, we first briefly discuss the difficulty of protecting against it, and then sketch two possible countermeasures, based on isolating DOM changes and constructively polluting the DOM namespace. II. BACKGROUND In this section, we first provide a brief comparison of browser extensions and browser plugins and then list the threat models that we will use throughout this paper.