Rendered Private: Making GLSL Execution Uniform to Prevent WebGL-based Browser Fingerprinting Shujiang Wu, Song Li, Yinzhi Cao, and Ningfei Wang†∗ Johns Hopkins University, †Lehigh University {swu68, lsong18, yinzhi.cao}@jhu.edu,
[email protected] Abstract 1 Introduction Browser fingerprinting, a substitute of cookies-based track- Browser fingerprinting [12, 13, 20, 23, 34, 45, 63], a substitute ing, extracts a list of client-side features and combines them of traditional cookie-based approaches, is recently widely as a unique identifier for the target browser. Among all these adopted by many real-world websites to track users’ browsing features, one that has the highest entropy and the ability for behaviors potentially without their knowledge, leading to a an even sneakier purpose, i.e., cross-browser fingerprinting, violation of user privacy. In particular, a website performing is the rendering of WebGL tasks, which produce different browser fingerprinting collects a vector of browser-specific results across different installations of the same browser on information called browser fingerprint, such as user agent, a different computers, thus being considered as fingerprintable. list of browser plugins, and installed browser fonts, to uniquely Such WebGL-based fingerprinting is hard to defend against, identify the target browser. because the client browser executes a program written in OpenGL Shading Language (GLSL). To date, it remains un- Among all the possible fingerprintable vectors, the render- clear, in either the industry or the research community, about ing behavior of WebGL, i.e., a Web-level standard that follows how and why the rendering of GLSL programs could lead OpenGL ES 2.0 to introduce complex graphics functionali- to result discrepancies.