TY - CPAPER U1 - Konferenzveröffentlichung A1 - Wiefling, Stephan A1 - Hönscheid, Marian A1 - Lo Iacono, Luigi T1 - A Privacy Measure Turned Upside Down? Investigating the Use of HTTP Client Hints on the Web T2 - The 19th International Conference on Availability, Reliability and Security (ARES 2024), July 30-August 2, 2024, Vienna, Austria N2 - HTTP client hints are a set of standardized HTTP request headers designed to modernize and potentially replace the traditional user agent string. While the user agent string exposes a wide range of information about the client's browser and device, client hints provide a controlled and structured approach for clients to selectively disclose their capabilities and preferences to servers. Essentially, client hints aim at more effective and privacy-friendly disclosure of browser or client properties than the user agent string. We present a first long-term study of the use of HTTP client hints in the wild. We found that despite being implemented in almost all web browsers, server-side usage of client hints remains generally low. However, in the context of third-party websites, which are often linked to trackers, the adoption rate is significantly higher. This is concerning because client hints allow the retrieval of more data from the client than the user agent string provides, and there are currently no mechanisms for users to detect or control this potential data leakage. Our work provides valuable insights for web users, browser vendors, and researchers by exposing potential privacy violations via client hints and providing help in developing remediation strategies as well as further research. KW - HTTP client hints KW - privacy KW - risk-based authentication KW - security KW - tracking KW - web measurement Y1 - 2024 UN - https://nbn-resolving.org/urn:nbn:de:hbz:1044-opus-83218 U6 - https://doi.org/10.1145/3664476.3664478 DO - https://doi.org/10.1145/3664476.3664478 SP - 1 EP - 12 PB - Association for Computing Machinery CY - New York, NY, United States ER -