From 0e5ba0427fb20b451139323f4a0f84ec9444e546 Mon Sep 17 00:00:00 2001 From: Libor Polčák Date: Jun 01 2022 09:11:24 +0000 Subject: Fix sentences on active/passive fingerprinting --- diff --git a/main.tex b/main.tex index 12058ed..9f75db1 100644 --- a/main.tex +++ b/main.tex @@ -210,21 +210,24 @@ Note that the leaking information may uncover vulnerabilities of the fingerprinted systems, and a fingerprinting database can be a valuable source of information for an adversary wanting to misuse the data. -A fingerprint is considered passive when it -contains natively accessible information from HTTP headers or network traffic. -On the other hand, active fingerprint runs JavaScript code to retrieve data from +Fingerprinting is considered passive when it +contains information from HTTP headers or network traffic that is exchanged +regardless if the fingerprinting is in place or not. +On the other hand, active fingerprinting runs JavaScript code to retrieve data from browser APIs. %was supposed to make online %advertisement compliant with ePrivacy and GDPR. However, the Belgian data %protection authority recently confirmed many flaws~\cite{belgianDPATCF}. %Version 2 of the framework -allows companies to self-report active and -passive fingerprinting. Figure~\ref{fig:tcffingerprinting} depicts publicly +%allows companies to self-report active and +%passive fingerprinting. +Figure~\ref{fig:tcffingerprinting} depicts publicly available data by IAB Europe Transparency and Consent Framework (TCF)\footnote{See \url{https://vendor-list.consensu.org/v2/archives/vendor-list-vNUM.json} where NUM is the number of the week since the start of the framework. See \url{https://www.fit.vutbr.cz/~polcak/tcf/tcf2.html} for more data from the -framework.} and shows that more than +framework.}. TCF allows companies to self-report active and passive +fingerprinting. More than 400 companies passively fingerprint users and more than 100 companies actively use JavaScript APIs to create a unique fingerprint. One of the goals of \jshelter{} is to prevent active fingerprinting.