Publication Details
JShelter: Give Me My Browser Back
Saloň Marek, Ing.
Maone Giorgio
Hranický Radek, Ing., Ph.D. (DIFS)
McMahon Michael
Browser Fingerprinting, Web Privacy, Web Security, Webextension APIs,
JavaScript.
The web is used daily by billions. Even so, users are not protected from many
threats by default. This paper builds on previous web privacy and security
research and introduces JShelter, a webextension that fights to return the
browser to users. Moreover, we introduce a library helping with common
webextension development tasks and fixing loopholes. JShelter focuses on
fingerprinting prevention, limitations of rich web APIs, prevention of attacks
connected to timing, and learning information about the device, the browser, the
user, and the surrounding physical environment and location. During the research
of sensor APIs, we discovered a loophole in the sensor timestamps that lets any
page observe the device boot time if sensor APIs are enabled in Chromium-based
browsers. JShelter provides a fingerprinting report and other feedback that can
be used by future web privacy research. Thousands of users around the world use
the webextension every day.
@inproceedings{BUT185115,
author="Libor {Polčák} and Marek {Saloň} and Giorgio {Maone} and Radek {Hranický} and Michael {McMahon}",
title="JShelter: Give Me My Browser Back",
booktitle="Proceedings of the 20th International Conference on Security and Cryptography",
year="2023",
pages="287--294",
publisher="SciTePress - Science and Technology Publications",
address="Řím",
doi="10.5220/0011965600003555",
isbn="978-989-758-666-8",
url="https://arxiv.org/abs/2204.01392"
}