# Semantic Identification of Web Browsing Sessions

**Authors:** Neel Guha

arXiv: 1704.03138 · 2017-04-12

## TL;DR

This paper presents a semantic identification attack that uses browsing session signals to uniquely identify users across sessions, even on shared public computers, and discusses potential countermeasures.

## Contribution

It introduces a novel semantic identification attack method that can fingerprint users across sessions on shared devices, addressing limitations of existing device-based fingerprinting.

## Key findings

- Successfully fingerprinted users on public computers
- Demonstrated effectiveness of semantic signals in user identification
- Evaluated countermeasures to prevent session linking

## Abstract

We introduce a semantic identification attack, in which an adversary uses semantic signals about the pages visited in one browsing session to identify other browsing sessions launched by the same user. Current user fingerprinting methods fail when a single machine is used by multiple users (e.g., in cybercafes or spaces with public computers) as these methods fingerprint devices, not individuals. We demonstrate how an adversary can employ a SIA to successfully fingerprint users on public or shared machines and identify them across browsing sessions. We additionally describe and evaluate possible countermeasures to prevent identification.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1704.03138/full.md

## References

24 references — full list in the complete paper: https://tomesphere.com/paper/1704.03138/full.md

---
Source: https://tomesphere.com/paper/1704.03138