For Online Privacy, Honesty Is a Lousy Policy

The case for lying to the online spies

LONDON - APRIL 14: A new Banksy graffiti work on a private property catches the eye of passers by on April 14, 2008 in London, England. The work, which depicts a child painting the words 'One Nation Under CCTV' with a security guard watching him is situated under a security camera and has appeared sometime between the hours of Saturday and Monday morning. (Photo by Cate Gillon/Getty Images)

A Banksy mural in London, from 2008. (Photo: Cate Gillon/Getty Images)

The web has become a giant surveillance system. It knows where you are. It knows what you look like. It knows what you watch on TV. So, internet denizens gathered in an old church in San Francisco this week at the Decentralized Web Summit to talk about ways to make it harder for corporate America to spy on everyone, but security researchers have been experimenting with a novel approach counter the tracking of the web’s users: deceit.

We consume online media for free in exchange for data about our behavior sent to advertisers. When sites share that data with networks that track consumers, marketers can watch web users travel across the web.

A CCTV security camera looks down towards King's Cross Square, London.

A CCTV security camera looks down towards King’s Cross Square, London. (Photo: LEON NEAL/AFP/Getty Images)

In a paper from the University of Pennsylvania, a group of computer science researchers wrote, “From our own observations, browser plugins and system fonts are the two characteristics that appear to convey the most fingerprinting information.” In other words, your fingerprint is made complete by logging whichever extensions you’ve added and the fonts your computer has downloaded to render particular pages.

These security researchers have explored a compelling new idea: instead of blocking trackers (like popular extensions like Ghostery do), why not lie?

“The key insight of our approach is not merely to enhance user privacy, but to shift the cost of developing new tracking methods to the ‘attacker’, without the user incurring the cost of a degraded experience,” lead author Sandy Clark and computer science professors Matt Blaze and Jonathan Smith wrote in their paper. With the right software, browsers could answer questions from tracking software falsely. The more people who do it, the less the data is worth.

The UPenn team did not respond to the Observer’s request for comment about whether or not it has built prototype software for that purpose, but its analysis built on the work of another research team that has.

Stony Brook University Professor Nick Nikiforakis, KU Leuven Professor Wouter Joosen and Microsoft researcher Benjamin Livshits, made a prototype fingerprint smearing system called PriVaricator.  In a 2015 paper describing the software, they wrote:

Much has been made of the fact that it is possible to derive a unique fingerprint of a user… However, the insight behind our techniques is the realization that the culprit behind fingerprinting is not the fact that a user’s fingerprint is unique, but that it is linkable, i.e. it can be reliably associated with the same user over multiple visits.

This is not news to privacy enthusiasts, many of whom have built other identity spoofing extensions, such as User Agent Switcher, which serves trackers values harvested from a different computer. In other words, it sends a different identity, just not yours. While that technique sounds clever, Nikiforakis and his collaborators investigated the spoofing apps and wrote in a 2013 paper that identity switching makes easier to identify. “The users who install these extensions in an effort to hide themselves in a crowd of popular browsers, install software that actually makes them more visible and more distinguishable from the rest of the users, who are using their browsers without modifications,” the researchers write.

Here’s the short explanation: the browser spoofers cause such improbable configurations to show up that it makes the users stand out. For example, a spoofer might report that a user is on a mobile browser from a desktop, but then also report a screen resolution that could only be a desktop’s. In other words, fingerprint-spoofing becomes a new datapoint to increase the confidence of a fingerprint.

USS Orizaba with dazzle camouflage.

Deception in naval camouflage during World War I, on the USS Orizaba (1918) (Image: Public Domain Review)

By contrast, PriVaricator would start with a user’s actual stats and randomizes each value within a reasonable range. For example, if a browser has eight plugins installed, it’s not going to report 777 plugins, but it might report thirteen.

Nikiforakis confirmed in an email that no system quite like PriVaricator is available to users yet.

Blocking trackers are the best option for now, until we have a tool that lets us lie. We wouldn’t need to be dishonest if websites would quit asking so many impertinent questions.

For Online Privacy, Honesty Is a Lousy Policy