New year, new browser ? The new Microsoft Edge is out of preview

January 16, 2020 • Browser, Microsoft

A little over a year ago, we announced our intention to rebuild Microsoft Edge on the Chromium open source project with the goals of delivering better compatibility for everyone, less fragmentation for web developers, and a partnership with the Chromium community to improve the Chromium engine itself. At Ignite, we unveiled our new vision for the web and search, our colorful new icon, and how Microsoft Edge Bing are the browser and search engine for business — and we are thrilled by the growing excitement we’ve heard from all of you who’ve tried it out and sent feedback!

From this incredible momentum, today I’m pleased to announce the new Microsoft Edge is now available to download on all supported versions of Windows and macOS in more than 90 languages. Microsoft Edge is also available on iOS and Android, providing a true cross-platform experience. The new Microsoft Edge provides world class performance with more privacy, more productivity and more value while you browse. Our new browser also comes with our Privacy Promise and we can’t wait for you to try new features like tracking prevention, which is on by default, and provides three levels of control while you browse.

Another innovative new feature in Microsoft Edge allows you to customize your online experience. Choose a new tab page layout or design, and select the types of news you want.

The last several months have been nothing short of inspiring for all of us working to deliver great new capabilities for Microsoft Edge including AAD support, Internet Explorer mode, 4K streaming, Dolby audio, inking in PDF, Microsoft Search in Bing integration, support for Chrome-based extensions, and more.

If you’re a business or education IT administrator looking to deploy widely in your organization or school, we have you covered as well – you can download offline packages and policies and learn more on the new commercial site.

People have downloaded the preview channels of the new Microsoft Edge millions of times to their devices, and we’ve seen many organizations begin to pilot these channels for their users. Enterprises and schools who have mission critical legacy applications and websites – but also want modern web and security – have turned to our new Internet Explorer mode as a “best of both worlds” solution. And for Microsoft 365 customers, using Microsoft Search to find files, people, office floor plans and more on your organization’s intranet is as easy as typing in the Microsoft Edge address bar. Our early customers are calling it “a win.”

Moving to the new Microsoft Edge – what to expect

Now that we’ve reached this milestone, you might be wondering what to expect on your PC. To get the new Microsoft Edge you have two choices: you can either manually download it today, or if you are a general consumer user, you can wait for it to be automatically released to your device via Windows Update. When you do make the switch, your favorites, passwords, form fill information and basic settings will carry over to the new Microsoft Edge without you having to do anything. You can read more about our rollout plans here.

If you’re an IT administrator, you will need to download an offline deployment package to pilot within your corporate environment—the new Microsoft Edge will not automatically deploy for commercial customers. Additionally, none of the Microsoft Edge preview channels will update to the new Microsoft Edge, as they can be used side-by-side for testing and validation.

We also know that deploying a new browser isn’t just “flipping a switch,” so we want to make the process as easy as possible. In addition to simplifying deployment with tools like Intune and Configuration Manager, we are committed to helping your organization transition to the new Microsoft Edge. At Ignite we announced FastTrack and App Assure support for Microsoft Edge. FastTrack will help you deploy Microsoft Edge to your organization at no extra charge if you are a customer with an eligible subscription to Microsoft 365, Azure, or Dynamics 365. And if your sites are compatible on Internet Explorer 8 and above, Google Chrome, or legacy Microsoft Edge, then they’ll work on the new Microsoft Edge. If not, contact App Assure and we’ll help you fix it.

What’s next

Of course, the innovation, testing, and new features don’t stop coming today, and this initial release is only just the beginning. If you want a sneak peek of what’s coming, we encourage you to keep using our preview channels – Beta, Dev and Canary – which will remain available for download on the Microsoft Edge Insider site. Not only will you get an insider’s look at our features pipeline for Microsoft Edge, but you’ll continue to have the opportunity to help improve Microsoft Edge with your valuable feedback. Your input helps make both the new Microsoft Edge, and the web, better for everyone.

Thank you!

A huge thank you to our community of Microsoft Edge Insiders as well as the engineers within the Chromium community who have worked with us to develop the new Microsoft Edge. We remain committed to actively participating in and contributing to the Chromium open source project. To date we’ve made more than 1900 contributions across areas like accessibility, modern input including touch, speech, digital inking, and many more.

Keep telling us what’s working well, what needs to change and what you’d like to see in the new Microsoft Edge.

Our heartfelt thanks – we couldn’t have made it here without you!

JoeB

Brave Browser Tops 10m Monthly Active Users

December 9, 2019 • Brave, Browser

Brave said it has seen a surge in user adoption since releasing version 1.0 of the privacy-centric browser on November 13, 2019. Monthly active users (MAU) have doubled in a year to 10.4 million as of the end of last month.

DAUs. Daily active users of the browser created by Mozilla founder Brendan Eich have tripled in the last year to 3.3 million, the company said Friday.

Ad platform that rewards users. Brave Ads are structured to serve only to users that opt-in to the Brave Rewards program and agree to see ads. Users can then accumulate Brave’s Basic Attention Token (BAT), which is a blockchain-based system. Users get 70 percent of the ad revenue share “as a reward for their attention,” and publishers are allocated tokens in proportion to the amount of time users spent on their sites.

Ads are targeted based on search and browsing data and machine learning models to build up profiles of users’ interests — that data lives solely on users’ devices.

Brave Verified content creators. There are now nearly 340,000 creators across YouTube, Twitter, Twitch, Vimeo and other platforms that have signed on to Brave’s token payments program from Brave users. There were just 28,000 verified creators at the start of 2019.

Why we should care. To be certain, Brave’s market share doesn’t even register among the competition of Chrome, Safari, Edge, etc., but its growth trajectory indicates there is a market for services that cater to privacy concerns as consumer awareness and regulatory measures and scrutiny increase. The privacy-focused search engine DuckDuckGo has also reported a surge in query activity this year. Text ads on the platform are syndicated by Microsoft Advertising.

This story first appeared on Marketing Land. For more on digital marketing, click here.

About The Author

Ginny Marvin is Third Door Media’s Editor-in-Chief, running the day to day editorial operations across all publications and overseeing paid media coverage. Ginny Marvin writes about paid digital advertising and analytics news and trends for Search Engine Land, Marketing Land and MarTech Today. With more than 15 years of marketing experience, Ginny has held both in-house and agency management positions. She can be found on Twitter as @ginnymarvin.

Firefox browser will block the IAB’s DigiTrust universal ID

November 27, 2019 • Browser, Firefox

Mozilla intends to block the DigiTrust consortium from tracking users in its Firefox browser, a blow for the IAB-led effort to create a standardized online user ID that’s designed to reduce the online ad industry’s reliance on third-party cookies.

DigiTrust, a non-profit acquired by the IAB Tech Lab last year, is working to create a universal, persistent and anonymized user ID. Member companies include prominent ad tech players MediaMath, OpenX, LiveRamp and others. Buy-side DigiTrust members pay a monthly fee to participate, while publisher participants access the service for free.

Similar to other shared identity solutions, DigiTrust offers a pseudonymous and encrypted identifier that can be stored in a first-party cookie provided by the publisher. Other participants can utilize the same identifier on subsequent bid requests and user visits to that publisher’s site via the browser, instead of needing to submit third-party network requests each time a person loads a publisher’s webpage.

Theoretically, shared IDs using first-party cookies offer multiple benefits, such as quicker page-load times due to less third-party cookie-syncing behind the scenes. They can also mitigate the risk of data leaks in the bid-stream (a big concern as it relates to Europe’s General Data Protection Regulation.) Meanwhile, third-party cookies are increasingly being throttled by browsers.

The immediate impact of Firefox’s move to block DigiTrust isn’t clear. Firefox only has a 4% share of the global browser market, according to Statcounter. That’s behind leading browsers, Google’s Chrome (65%) and Apple’s Safari (16%), latter of which has sophisticated tracker prevention features. Still, it’s a setback on the quest toward a common ID solution.

IAB Tech LAB svp of Membership and Operations Jordan Mitchell said in an emailed statement that Firefox’s decision did not come as a surprise.

“We know certain companies take the position that there is no sufficient consumer value to justify ‘tracking’ — anonymous audience recognition — of any kind, not even for use in communicating privacy choices,” Mitchell said. “They believe no third party can be trusted. We take a different position: that trust should be established directly between consumers and the brands, and publishers they trust, and with the third parties that those brands and publishers trust.”

He added, “IAB Tech Lab will continue to work on improving mechanics for privacy and trust, through consumer privacy choices and system-level, industrywide accountability — and we think there’s value for DigiTrust as a shared resource and utility in this context.”

Mozilla leans on an open-source list of trackers compiled by privacy software company Disconnect to inform its Enhanced Tracking Prevention feature, which was introduced in September.

On Nov. 11, John Wilander, an Apple WebKit engineer who works on Safari’s ITP, filed an issue on Mozilla’s “Bugzilla” forum asking why Firefox did not treat the Digitru.st domain as a tracker. (Apple, which relies on machine learning rather than block lists, already prevents DigiTrust cross-site tracking on Safari.) The same day, Mozilla privacy engineer Steven Englehardt raised an issue on Disconnect’s developer forum asking whether DigiTrust should be added to the list.

“We reviewed this issue in the normal course of business beginning that week and determined that although DigiTrust’s service may not track users directly, which is why they were not previously blocked, they clearly enable other services to track, and therefore we updated our definition of tracking to encompass this type of behavior, which we see as a growing threat to consumer privacy,” said Casey Oppenheim, Disconnect co-founder.

A Mozilla spokeswoman confirmed that “cookie-based tracking for DigiTrust will be blocked in a future version of Firefox.”

DigiTrust isn’t the only player pushing for the adoption of a universal ID. LiveRamp and The Trade Desk are among the other organizations offering ID solutions. The Trade Desk and LiveRamp domains are also on Disconnect’s blocklist — although LiveRamp’s ID solution doesn’t rely on cookies.

Regulation could prove the bigger roadblock to universal ID solutions. The California Consumer Privacy Act takes effect in January and there is still a level of uncertainty in the ad tech industry as to exactly how the privacy law will apply to third-party cookies used for advertising. The U.K. data regulator has warned that the current real-time-bidding ad tech landscape is not compliant with the European Union’s General Data Protection Regulation.

“The industry seems to think there is a basic industry right for tracking and targeting of users for advertising purposes, but I don’t see the regulators following this logic at all,” said Ruben Schreurs, CEO of consulting firm Digital Decisions.

Meanwhile, Google is set to make an announcement in February about how it will treat third-party cookies in Chrome.

David Kohl, CEO of ad tech company TrustX, a member of DigiTrust, said the entire cookie-based advertising infrastructure needs a rethink that involves prioritizing consumer interests, rather than ad tech’s commercial interests.

“We need to start again with a clean sheet and say, how do we create a capability for consumers to understand what identity means on the internet, how it’s used, and how to control it,” Kohl said.

Firefox web browser turns 15 years old today

November 12, 2019 • Browser, Firefox

Even if you don’t use Firefox as your web browser of choice, there’s no denying that it has profoundly impacted the Web over its lifetime. Just how long has its lifetime been, you ask? Well, as of today, Firefox is 15 years old.

Firefox 1.0 was released on this day (November 9th) in 2004, two years after the first public builds became available under the name “Phoenix.” The browser’s lineage actually dates back much farther than that, as Firefox was an open-source continuation of Netscape Navigator, which had its first initial release in 1994.

A lot has changed in the last 15 years.

What hasn’t is our commitment to creating an open, diverse and secure internet. https://t.co/OMfzKZ509W

— Firefox ? (@firefox) November 8, 2019

? Happy 15h birthday @firefox ?

Firefox 1.0 was released on November 9th, 2004. The scrappy alternative to Internet Explorer 6 (☠️) had revolutionary features such as tabbed browsing (!), popup blocking, themes, and extensions. ?

It changed the world. Really, it did ?? pic.twitter.com/LekBwUtF9T

— Changelog (@changelog) November 9, 2019

Firefox has seen accelerated development over the past few years, especially with ‘Project Quantum,’ the ongoing effort to rewrite parts of the engine in the super-fast Rust programming language. The Android version is undergoing a complete transformation at the moment, currently available as ‘Firefox Preview‘ on the Play Store.

Happy birthday Firefox, and here’s to the next 15 years! ?

Firefox Browser: fast , private & secure browsing

Browser Fingerprinting: An Introduction and the Challenges Ahead

September 6, 2019 • Browser, Fingerprinting

Guest post by Pierre Laperdrix

In the past few years, a technique called browser fingerprinting has received a lot of attention because of the risks it can pose to privacy. What is it? How is it used? What is Tor Browser doing against it? In this blog post, I’m here to answer these questions. Let’s get started!

What is browser fingerprinting?

Since the very beginning of the web, browsers did not behave the exact same way when presented with the same webpage: some elements could be rendered improperly, they could be positioned at the wrong location or the overall page could simply be broken with an incorrect HTML tag. To remedy this problem, browsers started including the “user agent” header. This informed the server on the browser being used so that it could send the device a page that was optimized for it. In the nineties, this started the infamous era of the “Best on IE” or “Optimized for Netscape.”

In 2019, the user-agent header is still here but a lot has changed since then. The web as a platform is a lot richer in terms of features. We can listen to music, watch videos, have real-time communications or immerse ourselves in virtual reality. We can also use a very wide variety of devices from tablets, smartphones or laptops to connect to it. To offer an experience that is optimized for every device and usage, there is still a need today to share configuration information with the server. “Here is my timezone so that I can know the exact start time of the NBA finals. Here is my platform so that the website can give me the right version of the software I’m interested in. Here is the model of my graphic card so that the game I’m playing in my browser can chose graphic settings for me.”

All of this makes the web a truly beautiful platform as it enables us to have a comfortable experience browsing it. However, all that information that is freely available to optimize the user experience can be collected to build a browser fingerprint.

Firefox fingerprint

Figure 1: Example of a browser fingerprint from a Linux laptop running Firefox 67

In Figure 1, you can see a browser fingerprint taken from my Linux laptop. The information in the fingerprint was collected via HTTP with the received HTTP headers and via JavaScript by running a small script. The “user-agent” indicates that the user was using Firefox version 67 on the Fedora Linux distribution. The “content-language” header indicates that the user wants to receive her page in English with the “US” variant. The “-120” for the timezone refers to the GMT 2 time. Finally, the WebGL renderer gives information on the CPU of the device. Here, the laptop is using an Intel CPU with a Kaby Lake Refresh microarchitecture.

This example is a glimpse of what can be collected in a fingerprint and the exact list is evolving over time as new APIs are introduced and others are modified. If you want to see your own browser fingerprint, I invite you to visit AmIUnique.org. It is a website that I launched in 2014 to study browser fingerprinting. With the data that we collected from more than a million visitors, we got invaluable insight into its inner-workings and we pushed the research in the domain forward.

What makes fingerprinting a threat to online privacy?

It is pretty simple. First, there is no need to ask for permissions to collect all this information. Any script running in your browser can silently build a fingerprint of your device without you even knowing about it. Second, if one attribute of your browser fingerprint is unique or if the combination of several attributes is unique, your device can be identified and tracked online. In that case, no need for a cookie with an ID in it, the fingerprint is enough. Hopefully, as we will see in the next sections, a lot of progress have been made to prevent users from having unique values in their fingerprint and thus, avoid tracking.

Tor Fingerprinting

Tor Browser was the very first browser to address the problems posed by fingerprinting as soon as 2007, even before the term “browser fingerprinting” was coined. In March 2007, the changelog for the Tor button indicated the inclusion of Javascript hooking to mask timezone for Date Object.

In the end, the approach chosen by Tor developers is simple: all Tor users should have the exact same fingerprint. No matter what device or operating system you are using, your browser fingerprint should be the same as any device running Tor Browser (more details can be found in the Tor design document).

Tor Browser fingerprint

Figure 2: Example of a browser fingerprint from a Linux laptop running Tor Browser 8.5.3

In Figure 2, you can find the fingerprint of my Linux machine running version 8.5.3 of the Tor Browser.

Comparing with the one from Firefox, we can see notable differences. First, no mater on which OS Tor Browser is running, you will always have the following user-agent:

Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0

As Windows is the most widespread OS on the planet, TBB masks the underlying OS by claiming it is running on a Windows machine. Firefox 60 refers to the ESR version on which TBB is based on.

Other visible changes include the platform, the timezone and the screen resolution.

Also, you may have wondered why the following message appears when you maximize the browser window (see Figure 3): “Maximizing Tor Browser can allow websites to determine your monitor size, which can be used to track you. We recommend that you leave Tor Browser windows in their original default size.”

This is because of fingerprinting. Since users have different screen sizes, one way of making sure that no differences are observable is to have everyone use the same window size. If you maximize the browser window, you may end up as being the only one using Tor Browser at this specific resolution and so comes a higher identification risk online.

Figure 3: Warning from the Tor Browser when maximizing the browser window

Under the hood, a lot more modifications have been performed to reduce differences between users. Default fallback fonts have been introduced to mitigate font and canvas fingerprinting. WebGL and the Canvas API are blocked by default to prevent stealthy collection of renderings. Functions like performance.now have also been modified to prevent timing operations in the browser that can be used for micro-architectural attacks. If you want to see all the efforts made by the Tor team behind the scenes, you can take a look at the fingerprinting tag in the bug tracker. A lot of work is being done to make this a reality. As part of the effort to reduce fingerprinting, I also developed a fingerprinting website called FP Central to help Tor developers find fingerprint regressions between different Tor builds.

Finally, more and more modifications present in TBB are making their way into Firefox as part of the Tor Uplift program.

Where we are

Over the past few years, research on browser fingerprinting has substantially increased and covers many aspects of the domain. Here, we will have a quick overview of the research done in academia and how fingerprinting is used in the industry.

Academic research

1. Tracking with fingerprinting is a reality but it cannot replace different tracking schemes based on identifiers. Different studies have been published over the years trying to assess the diversity of modern devices connected on the web [1,2]. One study that I was part of in 2018 [3] surprised us as it showed that tracking at a very large scale may not be feasible with low percentage of uniqueness. Anyhow, the one clear takeaway from these studies is the following: even though some browser vendors are working very hard to reduce as much as possible the differences between devices, it is not a perfect process. If you have that one value in your browser fingerprint (or a combination) that nobody has, you can still be tracked and that is why you should be careful about fingerprinting. There is no strong guarantee today that your device is identical to another one present on the Internet.

2. As the web is getting richer, new APIs make their way into browsers and new fingerprinting techniques are discovered. The most recent techniques include WebGL [4,5], Web Audio [6] and extension fingerprinting [7,8]. To provide protection for users, it is important to keep a close watch on any new advances in the field to fix any issues that may arise.

One lesson learned from the past concerns the BatteryStatus API. It was added to provide information about the state of the battery to developers so that they could develop energy-efficient applications. Drafted as early as 2011, it was not until 2015 that researchers discovered that this API could be misused to create a short-term identifier [9,10]. In the end, this was a reminder that we have to be very thoughtful when introducing a new API in a browser. A deep analysis must be conducted to remove or mitigate as much as possible hidden fingerprinting vectors before they are deployed to end-users. To provide guidance for Web specification authors, the W3C has written a document on how best to design an API while considering fingerprinting risks

WebGL

Figure 4: Example of a WebGL rendering as tested on http://uniquemachine.org/

Audio test

Figure 5: Example of an audio fingerprint as tested on https://audiofingerprint.openwpm.com/

3. Today, there is no ultimate solution to fix browser fingerprinting. As its origin is rooted in the beginning of the internet, there is no single patch that can fix it for good. And as such, designing defenses is hard. A lot of approaches have been tried and evaluated over the years with each their strengths and weakness. Examples include blocking attributes, introducing noise, modifying values, or increasing fingerprint diversity. However, one important observation that has been made is that sometimes having no specific defense is better than having one. Some solutions, because of the way they were designed or coded, remove some fingerprinting vectors but introduce some artifacts or inconsistencies in the collected fingerprints.

For example, imagine a browser extension that changes the value of fingerprints before they are sent.

Everything works perfectly except the fact that the developer forgot to override the navigator.platform value. Because of this, the user-agent may say that the browser is running on Windows whereas the platform still indicates it is on a Linux system. This creates a fingerprint that is not supposed to exist in reality and, as such, make the user more visible online. It is what Eckersley [1] called the “Paradox of Fingerprintable Privacy Enhancing Technologies.” By wanting to increase online privacy, you install extensions that in the end make you even more visible than before.

Industry

1. To identify websites who use browser fingerprinting, one can simple turn to privacy policies. Most of the time, you will never see the term “fingerprinting” in it but sentences along the lines of “we collect device-specific information to improve our services.” The exact list of collected attributes is often imprecise and the exact use of that information can be very opaque ranging from analytics to security to marketing or advertising.

Another way of identifying websites using fingerprinting is to look directly at the scripts that run in the browser. The problem here is that it can be challenging to differentiate a benign script that is here to improve the user experience from a fingerprinting one. For example, if a site accesses your screen resolution, is it to adjust the size of HTML elements to your screen or is it the first step in building a fingerprint of your device? The line between the two can be very thin and identifying fingerprinting scripts with precision is still a subject that has not been properly studied yet.

2. One use of fingerprinting that is lesser known is for bot detection. To secure their websites, some companies rely on online services to assess the risk associated with external connections. In the past, most decisions to block or accept a connection was purely based on IP reputation. Now, browser fingerprinting is used to go further to detect tampering or identify signs of automation. Examples of companies that use fingerprinting for this purpose include ThreatMetrix, Distil Networks, MaxMind, PerimeterX, and DataDome.

3. On the defensive side, more and more browser vendors are adding fingerprinting protection directly in their browser. As mentioned previously in this blog post, Tor and Firefox are at the forefront of these efforts by limiting passive fingerprinting and blocking active fingerprinting vectors.

Since its initial release, the Brave browser also includes built-in protection against it.

Apple made changes to Safari in 2018 to limit it and Google announced in May 2019 its intention to do the same for Chrome.

Conclusion: What lies ahead

Browser fingerprinting has grown a lot over the past few years. As this technique is closely tied to browser technology, its evolution is hard to predict but its usage is currently shifting. What we once thought could replace cookies as the ultimate tracking technique is simply not true. Recent studies show that, while it can be used to identify some devices, it cannot track the mass of users browsing the web daily. Instead, fingerprinting is now being used to improve security. More and more companies find value in it to go beyond traditional IP analysis. They analyze the content of fingerprints to identify bots or attackers and block unwanted access to online systems and accounts.

One big challenge surrounding fingerprinting that is yet to be solved is around the regulation of its usage. For cookies, it is simple to check if a cookie was set by a specific website. Anyone can go in the browser preferences and check the cookie storage. For fingerprinting, it is a different story. There is no straightforward way to detect fingerprinting attempts and there are no mechanisms in a browser to completely block its usage. From a legal perspective, this is very problematic as regulators will need to find new ways to cooperate with companies to make sure that the privacy of users is respected.

Finally, to finish this post, is fingerprinting here to stay? In the near future at least, yes. This technique is so rooted in mechanisms that exist since the beginning of the web that it is very complex to get rid of it. It is one thing to remove differences between users as much as possible. It is a completely different one to remove device-specific information altogether. Only time will tell how fingerprinting will change in the coming years but its evolution is something to watch closely as the frantic pace of web development will surely bring a lot of surprises along the way.

Thanks a lot for reading this post all the way through! If you want to dive even deeper in the subject, I invite you to read the survey [11] on the topic that we recently made available online. If by any chance you find any new fingerprinting vectors in Tor Browser, I strongly suggest that you open a ticket on the Tor bug tracker to help the fantastic efforts made by the Tor dev team to better protect users’ online anonymity!

**Pierre Laperdrix**

https://plaperdr.github.io/

Twitter: https://twitter.com/RockPartridge

References

[1] P. Eckersley. “How unique is your web browser?”. In International Symposium on Privacy Enhancing Technologies Symposium (PETS’10). [[PDF]](https://panopticlick.eff.org/static/browser-uniqueness.pdf)

[2] P. Laperdrix, W. Rudametkin and B. Baudry. “Beauty and the Beast: Diverting Modern Web Browsers to Build Unique Browser Fingerprints”. In IEEE Symposium on Security and Privacy (S&P’16).

[[PDF]](https://hal.inria.fr/hal-01285470v2/document)

[3] A. Gómez-Boix, P. Laperdrix, and B. Baudry. “Hiding in the Crowd: an Analysis of the Effectiveness of Browser Fingerprinting at Large Scale”. In The Web Conference 2018 (WWW’18). [PDF]

[4] K. Mowery, and H. Shacham. “Pixel perfect: Fingerprinting canvas in HTML5”. In Web 2.0 Security & Privacy (W2SP’12). [PDF]

[5] Y. Cao, S. Li, and E. Wijmans. “(Cross-) Browser Fingerprinting via OS and Hardware Level Features”. In Network and Distributed System Security Symposium (NDSS’17). [PDF]

[6] S. Englehardt, and A. Narayanan. “Online tracking: A 1-million-site measurement and analysis”. In ACM SIGSAC Conference on Computer and Communications Security (CCS’16). [PDF]

[7] A. Sjösten, S. Van Acker, and A. Sabelfeld. “Discovering Browser Extensions via Web Accessible

Resources”. In ACM on Conference on Data and Application Security and Privacy (CODASPY’17). [PDF]

[8] O. Starov, and N. Nikiforakis. “XHOUND: Quantifying the Fingerprintability of Browser Extensions”. In IEEE Symposium on Security and Privacy (S&P’17). [PDF]

[9] Ł. Olejnik, G. Acar, C. Castelluccia, and C. Diaz. “The Leaking Battery”. In International Workshop on Data Privacy Management (DPM’15). [PDF]

[10] Ł. Olejnik, S. Englehardt, and A. Narayanan. “Battery Status Not Included: Assessing Privacy in

Web Standards”. In International Workshop on Privacy Engineering (IWPE’17). [PDF]

[11] P. Laperdrix, N. Bielova, B. Baudry, and G. Avoine. “Browser Fingerprinting: A survey”. [PDF – Preprint]