Our work is based on work of Peter Snyders et al. carried in 2016. Since then many new APIs were specified and implemented in web browsers, see the figure below (based on data from Can I Use? website).
We will run our measurements on every page in two different modes. Firstly, we will visit the page using the a browser withou adblocker. Later, we will also employ an adblocker. Hence, the study will show the difference API usage of regular pages and trackers.
The original study
extremely popular and they are used on more than 90% of measured pages
(e.g. a well known
Document.createElement method from DOM API). On the
other hand, there are many APIs that are used by a minority of measured
browser at the time were not used by any of the measured pages.
The study also suggests that there is no direct connection between the
specification date by some of the specifications vendors) and its
popularity in using by websites. Concretely, there are some old
XMLHttpRequest that are still very popular.
However, there are also quite new
Web API Manager
The figure below shows a simplified illustration of the measurement platform. There is OpenWPM in the middle of the architecture. OpenWPM orchestrates Selenium and Mozilla Firefox with the proxy-based intercepting Web API Manager.
The impact on JSR
Once we have data from our crawling study, we will compare the data with another recent study. As already mentioned, we want to develop a fingerprinting detection based on counting the number of different APIs employed by a page, especially APIs that are not frequently used for benign purposes. When a fingerprinting attempt is identified, we want to (1) inform the user, (2) prevent uploading of the fingerprint to the server, (3) prevent storing the fingerprint for later usage.