Can we reconcile diversity and privacy Benoit Baudry

Can we reconcile diversity and privacy? Benoit Baudry, Alejandro Boix, Pierre Laperdrix INRIA, France 1

diversity is good 2

but harms privacy 3

Canvas fingerprinting: our test 4

Canvas fingerprinting: our test 1 2 3 5

Canvas fingerprinting: our results • Really stable test “Smiling face • Diversity of renderings between devices with open • Diversity of emojis between smartphones mouth” emoji U+1 F 603 6

Diversity in the browser ecosystem 7

amiunique. org Attribute Value User agent Mozilla/5. 0 (X 11; Linux i 686; rv: 25. 0) Gecko/20100101 Firefox/25. 0 HTTP he²aders text/html, application/xhtml+xml, application/xml; q=0. 9, */*; q=0. 8 gzip, deflate en-US, en; q=0. 5 Plugins Plugin 0: Quick. Time Plug-in 7. 6. 6; libtotem-narrowspace-plugin. so; Plugin 1: Shockwave Flash; Shockwave Flash 11. 2 r 202; libflashplayer. so; • 300 K + fingerprints Fonts Century Schoolbook, Source Sans Pro Light, Deja. Vu Sans Mono, Bitstream Vera Serif, URW Palladio L, Bitstream Vera Sans Mono, Bitstream Vera Sans, . . . Platform Linux i 686 • 91% unique Screen resolution 1920 x 1080 x 24 Timezone -480 (UTC+8) OS Linux 3. 14. 3 -200. fc 20. x 86 32 -bit Web. GL vendor NVIDIA Corporation Web. GL renderer Ge. Force GTX 650 Ti/PCIe/SSE 2 Canvas 8

amiunique. org • Consider only 5 attributes • OS, browser, screen resolution, timezone 9

Can we reconcile diversity and privacy? 10

Remove diversity • Tor browser but… • Still variations due to resolution, audio, maths, etc. 11

• Example of battery API • Stop support for plugins but C hr o C me hr 3 C om 9 ( hr e N o 4 o C me 0 ( v'1 hr Ja 4 C om 41 ( n'1 ) hr e M 5 om 4 a ) C e 2 (A r'15 h 4 ) C rom 3 ( pr'1 hr e M 5 a ) o C me 44 y'1 hr 4 (J 5) C om 5 ( ul'1 hr e S 5 o 4 ep ) Fi me 6 (O '15 re 47 c ) Fi fox (D t'15 re 40 e ) c Fi fox (A '15 re 41 u ) g Fi fox (S '15 re 42 e ) p fo x (N '15 43 ov ) (D '15 ec ) '1 5) Reduce diversity surface Entropy 1 0. 9 0. 8 0. 7 0. 6 0. 5 0. 4 0. 3 0. 2 0. 1 0 • Web technologies evolve very fast • Audio 12

Increase diversity (obfuscation) • Randomize some APIs • Container + reconfiguration but • It can break hinder usability 13

Can we reconcile diversity and privacy? 14

• Understand how CS results can influence law and policy • Technological knowledge transfer • Inclusive perspectives • Discuss ethical implications of our results • Open source and open data • Collaboration with large corporations 15