An experimental platform for gathering user behavioural data via browser APIs

TL;DR

This paper presents a publicly available experimental platform that uses browser APIs to collect user behavioral data, enabling research into privacy threats posed by websites accessing such information.

Contribution

It introduces a novel platform combining a Chrome extension and server infrastructure to facilitate the study of user behavioral data collection via browser APIs.

Findings

Platform successfully collects keystroke and mouse data

Enables systematic analysis of privacy risks from browser API access

Supports future research on user data protection strategies

Abstract

Websites are capable of learning a wide range of information about the platform on which a browser is executing. One major source of such information is the set of standardised Application Programming Interfaces (APIs) provided within the browser, which can be accessed by JavaScript downloaded by a website; this information can then either be used by the JavaScript or sent back to the originating site. As has been widely discussed, much of this information can threaten user privacy. The main purpose of this paper is to document a publicly available platform designed to enable further investigation of one class of such threats, namely those based on analysing user behavioural data. The platform has two main components: a Chrome extension that gathers user keystroke and mouse data via browser APIs, and server software that collects and stores this data for subsequent experimentation.