Pierre Laperdrix

PhD in Computer Science

Contact Me

About Me

I just obtained my PhD working on browser fingerprinting in the DiverSE team at INRIA Rennes.

My main domains of interests are computer security and privacy with a touch of software engineering. Outside of computer science, I love to live thousands of adventures through video games, movies or comics.

Scientific publications

  • FP-STALKER: Tracking Browser Fingerprint Evolutions

    Antoine Vastel, Pierre Laperdrix, Walter Rudametkin, Romain Rouvoy
    Proceedings of the 39th IEEE Symposium on Security and Privacy (S&P 2018)

    Browser fingerprinting has emerged as a technique to track users without their consent. Unlike cookies, fingerprinting is a stateless technique that does not store any information on devices, but instead exploits unique combinations of attributes handed over freely by browsers. The uniqueness of fingerprints allows them to be used for identification. However, browser fingerprints change over time and the effectiveness of tracking users over longer durations has not been properly addressed. In this paper, we show that browser fingerprints tend to change frequently—from every few hours to days—due to, for example, software updates or configuration changes. Yet, despite these frequent changes, we show that browser fingerprints can still be linked, thus enabling long-term tracking. FP-STALKER is an approach to link browser fingerprint evolutions. It compares fingerprints to determine if they originate from the same browser. We created two variants of FP-STALKER, a rule-based variant that is faster, and a hybrid variant that exploits machine learning to boost accuracy. To evaluate FP-STALKER, we conduct an empirical study using 98,598 fingerprints we collected from 1,905 distinct browser instances. We compare our algorithm with the state of the art and show that, on average, we can track browsers for 54.48 days, and 26 % of browsers can be tracked for more than 100 days.

  • Hiding in the crowd: an analysis of the effectiveness of browser fingerprinting at large scale

    Alejandro Gómez-Boix, Pierre Laperdrix, Benoit Baudry
    Proceedings of the 2018 edition of The Web Conference (WWW 2018)
    PDF (Soon)

  • FPRandom: Randomizing core browser objects to break advanced device fingerprinting techniques

    Pierre Laperdrix, Benoit Baudry, Vikas Mishra
    Proceedings of the 9th International Symposium on Engineering Secure Software and Systems (ESSoS 2017)
    - Distinguished Artifact Award
    PDF Slides Artifact

    The rich programming interfaces (APIs) provided by web browsers can be diverted to collect a browser fingerprint. A small number of queries on these interfaces are sufficient to build a fingerprint that is statistically unique and very stable over time. Consequently, the fingerprint can be used to track users. Our work aims at mitigating the risk of browser fingerprinting for users privacy by 'breaking' the stability of a fingerprint over time. We add randomness in the computation of selected browser functions, in order to have them deliver slightly different answers for each browsing session. Randomization is possible thanks to the following properties of browsers implementations: (i) some functions have a nondeterministic specification, but a deterministic implementation; (ii) multimedia functions can be slightly altered without deteriorating user's perception. We present FPRandom, a modified version of Firefox that adds randomness to mitigate the most recent fingerprinting algorithms, namely canvas fingerprinting, AudioContext fingerprinting and the unmasking of browsers through the order of JavaScript properties. We evaluate the effectiveness of FPRandom by testing it against known fingerprinting tests. We also conduct a user study and evaluate the performance overhead of randomization to determine the impact on the user experience.

  • Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints

    Pierre Laperdrix, Walter Rudametkin, Benoit Baudry
    Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P 2016)
    PDF Slides Video

    Worldwide, the number of people and the time spent browsing the web keeps increasing. Accordingly, the technologies to enrich the user experience are evolving at an amazing pace. Many of these evolutions provide for a more interactive web (e.g., boom of JavaScript libraries, weekly innovations in HTML5), a more available web (e.g., explosion of mobile devices), a more secure web (e.g., Flash is disappearing, NPAPI plugins are being deprecated), and a more private web (e.g., increased legislation against cookies, huge success of extensions such as Ghostery and AdBlock). Nevertheless, modern browser technologies, which provide the beauty and power of the web, also provide a darker side, a rich ecosystem of exploitable data that can be used to build unique browser fingerprints. Our work explores the validity of browser fingerprinting in today’s environment. Over the past year, we have collected 118,934 fingerprints composed of 17 attributes gathered thanks to the most recent web technologies. We show that innovations in HTML5 provide access to highly discriminating attributes, notably with the use of the Canvas API which relies on multiple layers of the user’s system. In addition, we show that browser fingerprinting is as effective on mobile devices as it is on desktops and laptops, albeit for radically different reasons due to their more constrained hardware and software environments. We also evaluate how browser fingerprinting could stop being a threat to user privacy if some technological evolutions continue (e.g., disappearance of plugins) or are embraced by browser vendors (e.g., standard HTTP headers).

  • Mitigating browser fingerprint tracking: multi-level reconfiguration and diversification

    Pierre Laperdrix, Walter Rudametkin, Benoit Baudry
    Proceedings of the 10th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2015)
    PDF Slides

    The diversity of software components (e.g., browsers, plugins, fonts) is a wonderful opportunity for users to customize their platforms. Yet, massive customization creates a privacy issue: browsers are slightly different from one another, allowing third parties to collect unique and stable fingerprints to track users. Although software diversity appears to be the source of this privacy issue, we claim that this same diversity, combined with automatic reconfiguration, provides the essential ingredients to constantly change browsing platforms. Constant change acts as a moving target defense strategy against fingerprint tracking by breaking one essential property: stability over time. We leverage virtualization and modular architectures to automatically assemble and reconfigure software components at multiple levels. We operate on operating systems, browsers, fonts and plugins. This work is the first application of software reconfiguration to build a moving target defense against browser fingerprint tracking. The main objective is to automatically modify the fingerprint a platform exhibits. We have developed a prototype called Blink to experiment the effectiveness of our approach at randomizing fingerprints. We have assembled and reconfigured thousands of platforms, and we observe that all of them exhibit different fingerprints, and that commercial fingerprinting solutions are not able to detect that the different platforms actually correspond to a single user.

Magazine publication

  • Le fingerprinting : une nouvelle technique de traçage

    Pierre Laperdrix, Benoit Baudry
    MISC n°81, french security-focused magazine. September/October 2015, pp.52-57
    Full article (in French)

    Le « browser fingerprinting » désigne l’activité de collecte par un navigateur d’un certain nombre d’informations sur l’appareil d’un internaute pour bâtir une empreinte (fingerprint). De nombreuses études ont montré que cette empreinte est unique dans la très grande majorité des cas et évolue très lentement. Il est ainsi possible de l’utiliser pour tracer les internautes, sans laisser aucune trace sur l’appareil.

Current projects

Past Projects


Open Source


Multi-Screen Virtual Interactive Presentation (MSVIP) Project

In partnership with Excense, we created a virtual showcase to demonstrate the ability of connected devices to engage audiences in lively and interactive presentation. Built around the Microsoft PixelSense technology, the master of ceremony operates on a touch-enabled table and can control any number of tablets or computers remotely connected to it to provide added value to his or her presentation.

The example built for the device was an interactive presentation of my engineering school, the INSA de Rennes. The app is now used during Open days to give an overview of the school to visitors.

Overview of the MSVIP concept

MSVIP in action 1

MSVIP in action 2

MSVIP in action 3


Daedalus Project

We built a maze generator for a Virtual reality game where one player is put against another to get out of a maze. The biggest challenge for this project was to build an easy-to-use software that proposed different generation strategies. A real effort was put into having a nice and comprehensive graphical interface that would give any creator the freedom to create the maze of his or her dream.

Overview of the VR game

Overview of the interface of the generator

From the generator to the VR game

Overview of the generation process