DOCSLIB.ORG

Automated Discovery of Privacy Violations on the Web

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automated Discovery of Privacy Violations on the Web Automated discovery of privacy violations on the web Steven Tyler Englehardt A Dissertation Presented to the Faculty of Princeton University in Candidacy for the Degree of Doctor of Philosophy Recommended for Acceptance by the Department of Computer Science Adviser: Arvind Narayanan September 2018 c Copyright by Steven Tyler Englehardt, 2018. All rights reserved. Abstract Online tracking is increasingly invasive and ubiquitous. Tracking protection provided by browsers is often ineffective, while solutions based on voluntary cooperation, such as Do Not Track, haven't had meaningful adoption. Knowledgeable users may turn to anti-tracking tools, but even these more advanced solutions fail to fully protect against the techniques we study. In this dissertation, we introduce OpenWPM, a platform we developed for flexi- ble and modular web measurement. We've used OpenWPM to run large-scale studies leading to the discovery of numerous privacy violations across the web and in emails. These discoveries have curtailed the adoption of tracking techniques, and have in- formed policy debates and browser privacy decisions. In particular, we present novel detection methods and results for persistent track- ing techniques, including: device fingerprinting, cookie syncing, and cookie respawn- ing. Our findings include sophisticated fingerprinting techniques never before mea- sured in the wild. We've found that nearly every new API is misused by trackers for fingerprinting. The misuse is often invisible to users and publishers alike, and in many cases was not anticipated by API designers. We take a critical look at how the API design process can be changed to prevent such misuse in the future. We also explore the industry of trackers which use PII-derived identifiers to track users across devices, and even into the offline world. To measure these techniques, we develop a novel bait technique, which allows us to spoof the presence of PII on a large number of sites. We show how trackers exfiltrate the spoofed PII through the abuse of browser features. We find that PII collection is not limited to the web|the act of viewing an email also leaks PII to trackers. Overall, about 30% of emails leak the recipient's email address to one or more third parties. Finally, we study the ability of a passive eavesdropper to leverage tracking cookies for mass surveillance. If two web pages embed the same tracker, then the adversary iii can link visits to those pages from the same user even if the user's IP address varies. We find that the adversary can reconstruct 62|73% of a typical user's browsing history. iv Acknowledgements I am grateful to my advisor, Arvind Narayanan, for always being willing to provide assistance and advice. Arvind has encouraged me to do the uncomfortable, to be confident in my work, and to not be afraid to do things differently. I owe a lot of my professional growth over the past five years to his guidance. I've learned the value of real world impact in research, and perhaps more importantly, an understanding of how to choose the right projects. I am also grateful to my dissertation committee, Nick Feamster, Edward Felten, Jennifer Rexford, and Prateek Mittal for their assistance and advice, not only during the dissertation process, but throughout my time at Princeton. I am incredibly lucky to have worked with such talented collaborators. I've bene- fited from their advice, critiques, and insights. In particular, I'd like to thank G¨une¸s Acar, Claudia Diaz, Christian Eubank, Edward Felten, Jeffrey Han, Marc Juarez, Jonathan Mayer, Arvind Narayanan, Lukasz Olejnik, Dillion Reisman, and Peter Zimmerman. This research in this dissertation would not have been possible without their contributions. I could always count on the members of the security group to keep life interesting! At any time of day you could jump in to an engaging conversation, whether it was working through research ideas or playing along with one of our countless nonsensical jokes. In particular, I'm thankful to Steven Goldfeder for the late-night comradery, to Harry Kalodner who was never afraid to jump in to help me struggle through a research problem, to Joe Bonneau for his assistance and encouragement, to Pete and Janee Zimmerman for never failing to bring us all together, and to Ben Burgess for teaching me that no amount of physical security is enough physical security. My decision to pursue a career in research was the result of countless conversations and mentoring from friends and collaborators at Stevens Institute of Technology. My initial exposure to research was at the encouragement of Chris Merck, who introduced v me to the atmospheric research lab at Stevens. I owe a debt of gratitude to all of my mentors along the way, including Jeff Koskulics and Harris Kyriakou. I simply wouldn't have made it to where I am today without my wife, Kim. She is always encouraging and optimistic, helping me to be the best version of myself. She has provided unwavering support and patience through the ups and downs of grad school, and has been a constant source of happiness. Lastly, I am grateful to my family, who have always supported me in all my endeavours. My mother and father have taught me the value of hard and honest work. I couldn't ask for better role models in life. The work in this dissertation was supported in part by a National Science Foun- dation Grant No. CNS 1526353, a grant from the Data Transparency Lab, a research grant from Mozilla, a Microsoft Excellence Scholarship for Internships and Summer Research given through Princeton's Center for Information Technology Policy, and by Amazon Web Services Cloud Credits for Research. vi Contents Abstract . iii Acknowledgements . .v 1 Introduction 1 1.1 Overview . .1 1.2 Contributions . .7 1.2.1 OpenWPM: a web measurement platform . .8 1.2.2 The state of web tracking . .9 1.2.3 Measuring device fingerprinting . 11 1.2.4 PII collection and use by trackers . 12 1.2.5 The surveillance implications of web tracking . 14 1.3 Structure . 15 2 Background and related work 17 2.1 Third-party web tracking . 17 2.1.1 Stateful web tracking . 19 2.1.2 Stateless tracking . 24 2.1.3 Cookie syncing . 27 2.1.4 Personally Identifiable Information (PII) leakage . 28 2.1.5 Cross-device tracking . 29 2.1.6 Tracking in emails . 31 vii 2.2 The role of web tracking in government surveillance . 32 2.2.1 NSA and GCHQ use of third-party cookies . 33 2.2.2 United States Internet monitoring . 34 2.2.3 Surveillance: attacks, defenses, and measurement . 34 2.3 The state of privacy review in web standards . 35 2.3.1 The W3C standardization process . 36 2.3.2 W3C privacy assessment practices and requirements . 37 2.3.3 Past privacy assessment research . 38 3 OpenWPM: A web measurement platform 39 3.1 The design of OpenWPM . 40 3.1.1 Previous web tracking measurement platforms . 41 3.1.2 Design and Implementation . 43 3.1.3 Evaluation . 51 3.1.4 Applications of OpenWPM . 53 3.2 Core web privacy measurement methods . 54 3.2.1 Distinguishing third-party from first-party content . 54 3.2.2 Identifying trackers . 55 3.2.3 Browsing Models . 56 3.2.4 Detecting User IDs . 59 3.2.5 Detecting PII Leakage . 61 3.2.6 Measuring Javascript calls . 62 4 Web tracking is ubiquitous 64 4.1 A 1-million-site census of online tracking . 64 4.1.1 Measurement configuration . 65 4.1.2 Measuring stateful tracking at scale . 66 4.1.3 The long but thin tail of online tracking . 67 viii 4.1.4 Prominence: a third party ranking metric . 69 4.1.5 News sites have the most trackers . 71 4.1.6 Does tracking protection work? . 73 4.2 Measuring Cookie Respawning . 74 4.2.1 Flash cookies respawning HTTP cookies . 75 4.2.2 HTTP cookies respawning Flash cookies . 78 4.3 Measuring Cookie Syncing . 79 4.3.1 Detecting cookie synchronization . 79 4.3.2 Measurement configuration . 80 4.3.3 Cookie syncing is widespread on the top sites . 81 4.3.4 Back-end database synchronization . 83 4.3.5 Cookie syncing amplifies bad actors . 85 4.3.6 Opt-out doesn't help . 86 4.3.7 Nearly all of the top third parties cookie sync . 87 4.4 Summary . 88 5 Persistent tracking with device fingerprinting 90 5.1 Fingerprinting: a 1-Million site view . 91 5.1.1 Measurement configuration . 92 5.1.2 Canvas Fingerprinting . 93 5.1.3 Canvas Font Fingerprinting . 96 5.1.4 WebRTC-based fingerprinting . 97 5.1.5 AudioContext Fingerprinting . 99 5.1.6 Battery Status API Fingerprinting . 102 5.1.7 The wild west of fingerprinting scripts . 103 5.2 Case study: the Battery Status API . 104 5.2.1 The timeline of specification and adoption . 105 5.2.2 Use and misuse of the API in the wild . 111 ix 5.2.3 Lessons Learned & Recommendations . 114 5.3 Summary . 119 6 Third-party trackers collect PII 120 6.1 Trackers collect PII in emails . 122 6.1.1 Collecting a dataset of emails . 123 6.1.2 Measurement methods . 128 6.1.3 Privacy leaks when viewing emails . 132 6.1.4 Privacy leaks when clicking links in emails . 138 6.1.5 Evaluation of email tracking defenses . 140 6.1.6 Survey of tracking prevention in email clients . 143 6.1.7 Our proposed defense against email tracking . 144 6.1.8 Limitations . 146 6.2 Trackers collect PII on the web .
Load more

Recommended publications
  • The Web Never Forgets: Persistent Tracking Mechanisms in the Wild
    The Web Never Forgets: Persistent Tracking Mechanisms in the Wild Gunes Acar1, Christian Eubank2, Steven Englehardt2, Marc Juarez1 Arvind Narayanan2, Claudia Diaz1 1KU Leuven, ESAT/COSIC and iMinds, Leuven, Belgium {name.surname}@esat.kuleuven.be 2Princeton University {cge,ste,arvindn}@cs.princeton.edu ABSTRACT 1. INTRODUCTION We present the first large-scale studies of three advanced web tracking mechanisms — canvas fingerprinting, evercookies A 1999 New York Times article called cookies compre­ and use of “cookie syncing” in conjunction with evercookies. hensive privacy invaders and described them as “surveillance Canvas fingerprinting, a recently developed form of browser files that many marketers implant in the personal computers fingerprinting, has not previously been reported in the wild; of people.” Ten years later, the stealth and sophistication of our results show that over 5% of the top 100,000 websites tracking techniques had advanced to the point that Edward employ it. We then present the first automated study of Felten wrote “If You’re Going to Track Me, Please Use Cook­ evercookies and respawning and the discovery of a new ev­ ies” [18]. Indeed, online tracking has often been described ercookie vector, IndexedDB. Turning to cookie syncing, we as an “arms race” [47], and in this work we study the latest present novel techniques for detection and analysing ID flows advances in that race. and we quantify the amplification of privacy-intrusive track­ The tracking mechanisms we study are advanced in that ing practices due to cookie syncing. they are hard to control, hard to detect and resilient Our evaluation of the defensive techniques used by to blocking or removing.
    [Show full text]
  • Do Not Track a Nokia Browser Look
    Do Not Track Nokia Browser Position - Vikram Malaiya Copyright: Nokia Corporation, 2011 Our understanding of Do Not Track (DNT) • DNT is a technology to enables users to opt out of third-party web tracking • No agreed upon definition of DNT. There are currently 3 major technology proposals for responding to third-party privacy concern. 1. Stanford University and Mozilla’s DNT HTTP Header technique. 2. Blacklist based technique such as Microsoft’s ‘Tracking Protection’ which is part of IE9 3. Network Advertising Initiative’s model of a per company opt-out cookie. Opt-out cookie approach is being promoted by Google. DNT as HTTP Header The Browser adds ‘DNT’/ ‘X-Do-Not-Track’ to its http header. The header is sent out to the server with every web request. This header acts as a signal to the server suggesting that the user wishes to opt out of tracking. Adoption: Firefox 4, IE9 DNT as HTTP Header • Pros: – Scope: Server could apply restrictions to all third party entities and tracking mechanisms – Persistent: No reconfiguration needed once set – Simple: Easy to implement on the browser side • Cons: – Only work as long as the server honors users preferences – No way to enforce national regulations/legislations to servers located beyond country boundaries Block(Black) List / Tracking Protection This is a consumer opt-in mechanism which blocks web connections from known tracking domains that are compiled on a list. First party Third party Adoption: ‘Tracking Protection’ in Internet Explorer 9 cy.analytix.com The downloadable Tracking allow Protection Lists enable IE9 xy.ads.com consumers to control what deny third-party site content can deny track them when they’re ads.tracker.com Tracking Protection online.
    [Show full text]
  • Characterizing Pixel Tracking Through the Lens of Disposable Email Services
    Characterizing Pixel Tracking through the Lens of Disposable Email Services Hang Hu, Peng Peng, Gang Wang Department of Computer Science, Virginia Tech fhanghu, pengp17, [email protected] Abstract—Disposable email services provide temporary email services are highly popular. For example, Guerrilla Mail, one addresses, which allows people to register online accounts without of the earliest services, has processed 8 billion emails in the exposing their real email addresses. In this paper, we perform past decade [3]. the first measurement study on disposable email services with two main goals. First, we aim to understand what disposable While disposable email services allow users to hide their email services are used for, and what risks (if any) are involved real identities, the email communication itself is not necessar- in the common use cases. Second, we use the disposable email ily private. More specifically, most disposable email services services as a public gateway to collect a large-scale email dataset maintain a public inbox, allowing any user to access any for measuring email tracking. Over three months, we collected a dataset from 7 popular disposable email services which contain disposable email addresses at any time [6], [5]. Essentially 2.3 million emails sent by 210K domains. We show that online disposable email services are acting as a public email gateway accounts registered through disposable email addresses can be to receive emails. The “public” nature not only raises interest- easily hijacked, leading to potential information leakage and ing questions about the security of the disposable email service financial loss. By empirically analyzing email tracking, we find itself, but also presents a rare opportunity to empirically collect that third-party tracking is highly prevalent, especially in the emails sent by popular services.
    [Show full text]
  • Garder Le Contrôle Sur Sa Navigation Web
    Garder le contrôle sur sa navigation web Christophe Villeneuve @hellosct1 @[email protected] 21 Septembre 2018 Qui ??? Christophe Villeneuve .21 Septembre 2018 La navigation… libre .21 Septembre 2018 Depuis l'origine... Question : Que vous faut-il pour aller sur internet ? Réponse : Un navigateur Mosaic Netscape Internet explorer ... .21 Septembre 2018 Aujourd'hui : ● Navigations : desktop VS mobile ● Pistage ● Cloisonnement .21 Septembre 2018 Ordinateur de bureau .21 Septembre 2018 Les (principaux) navigateurs de bureau .21 Septembre 2018 La famille… des plus connus .21 Septembre 2018 GAFAM ? ● Acronyme des géants du Web G → Google A → Apple F → Facebook A → Amazon M → Microsoft ● Développement par des sociétés .21 Septembre 2018 Exemple (R)Tristan Nitot .21 Septembre 2018 Firefox : ● Navigateur moderne ● Logiciel libre, gratuit et populaire ● Développement par la Mozilla Fondation ● Disponible pour tous les OS ● Respecte les standards W3C ● Des milliers d'extensions ● Accès au code source ● Forte communauté de développeurs / contributeur(s) .21 Septembre 2018 Caractéristiques Mozilla fondation ● Prise de décisions stratégiques pour leur navigateur Mozilla ● Mozilla Fondation n'a pas d'actionnaires ● Pas d'intérêts non Web (en-tête) ● Manifesto ● Etc. 2004 2005 2009 2013 2017 .21 Septembre 2018 Manifeste Mozilla (1/) ● Internet fait partie intégrante de la vie moderne → Composant clé dans l’enseignement, la communication, la collaboration,les affaires, le divertissement et la société en général. ● Internet est une ressource publique mondiale → Doit demeurer ouverte et accessible. ● Internet doit enrichir la vie de tout le monde ● La vie privée et la sécurité des personnes sur Internet → Fondamentales et ne doivent pas être facultatives https://www.mozilla.org/fr/about/manifesto/ .21 Septembre 2018 Manifeste Mozilla (2/) ● Chacun doit pouvoir modeler Internet et l’usage qu’il en fait.
    [Show full text]
  • Internet Explorer 9 Previewed 17 March 2010, by Lin Edwards
    Internet Explorer 9 previewed 17 March 2010, by Lin Edwards translation necessary. This will improve performance because there is a massive difference in speed between compiled and interpreted code. This, and the speed gain by using the GPU, was demonstrated at the conference with a display of increasing numbers of spinning three-dimensional icons, which the IE9 preview could handle far better than any other browser. Since less of the first core of CPU is being used, the display is much faster, and will also allow developers to create a new class of Web applications. Another change in the new browser is an emphasis on browser interoperability, so that programs (PhysOrg.com) -- Microsoft has released the written for IE9 should run properly on other preview version of Internet Explorer 9, which has browsers as well. Hachamovitch said that as HTML5 integration, background compiled Internet Explorer supports more of the markups Javascript, and scalable vector graphics (SVG) used by websites, their Acid score will improve. capability. (This is a test run by W3C, the official Internet standards body.) The preview browser engine The preview code for the Internet browser’s scored 55 out of 100, which is a significant rendering engine was revealed at Microsoft’s improvement on the previous version’s score of 20. MIX10 developer conference in Las Vegas yesterday. The major goals for the new engine are It is not yet known when the new browser will be support for the emerging Web standards such as released as a beta or final version. Meanwhile, the SVG and HTML5, and greater speed.
    [Show full text]
  • Bibliography of Erik Wilde
    dretbiblio dretbiblio Erik Wilde's Bibliography References [1] AFIPS Fall Joint Computer Conference, San Francisco, California, December 1968. [2] Seventeenth IEEE Conference on Computer Communication Networks, Washington, D.C., 1978. [3] ACM SIGACT-SIGMOD Symposium on Principles of Database Systems, Los Angeles, Cal- ifornia, March 1982. ACM Press. [4] First Conference on Computer-Supported Cooperative Work, 1986. [5] 1987 ACM Conference on Hypertext, Chapel Hill, North Carolina, November 1987. ACM Press. [6] 18th IEEE International Symposium on Fault-Tolerant Computing, Tokyo, Japan, 1988. IEEE Computer Society Press. [7] Conference on Computer-Supported Cooperative Work, Portland, Oregon, 1988. ACM Press. [8] Conference on Office Information Systems, Palo Alto, California, March 1988. [9] 1989 ACM Conference on Hypertext, Pittsburgh, Pennsylvania, November 1989. ACM Press. [10] UNIX | The Legend Evolves. Summer 1990 UKUUG Conference, Buntingford, UK, 1990. UKUUG. [11] Fourth ACM Symposium on User Interface Software and Technology, Hilton Head, South Carolina, November 1991. [12] GLOBECOM'91 Conference, Phoenix, Arizona, 1991. IEEE Computer Society Press. [13] IEEE INFOCOM '91 Conference on Computer Communications, Bal Harbour, Florida, 1991. IEEE Computer Society Press. [14] IEEE International Conference on Communications, Denver, Colorado, June 1991. [15] International Workshop on CSCW, Berlin, Germany, April 1991. [16] Third ACM Conference on Hypertext, San Antonio, Texas, December 1991. ACM Press. [17] 11th Symposium on Reliable Distributed Systems, Houston, Texas, 1992. IEEE Computer Society Press. [18] 3rd Joint European Networking Conference, Innsbruck, Austria, May 1992. [19] Fourth ACM Conference on Hypertext, Milano, Italy, November 1992. ACM Press. [20] GLOBECOM'92 Conference, Orlando, Florida, December 1992. IEEE Computer Society Press. http://github.com/dret/biblio (August 29, 2018) 1 dretbiblio [21] IEEE INFOCOM '92 Conference on Computer Communications, Florence, Italy, 1992.
    [Show full text]
  • WSJ 2010. Microsoft Quashed Effort to Boost Online Privacy.Pdf
    http://online.wsj.com/article/SB10001424052748703467304575383530439838568.html?mod=WSJ_hpp_LEADSecondNewsCollection#pr... WHAT THEY KNOW AUGUST 2, 2010 Microsoft Quashed Effort to Boost Online Privacy By NICK WINGFIELD The online habits of most people who use the world's dominant Web browser are an open book to advertisers. That wasn't the plan at first. In early 2008, Microsoft Corp.'s product planners for the Internet Explorer 8.0 browser intended to give users a simple, effective way to avoid being tracked online. They wanted to design the software to automatically thwart common tracking tools, unless a user deliberately switched to settings affording less privacy. That triggered heated debate inside Microsoft. As the leading maker of Web browsers, the gateway software to the Internet, Microsoft must balance conflicting interests: helping people surf the Web with its browser to keep their mouse clicks private, and helping advertisers who want to see those clicks. In the end, the product planners lost a key part of the debate. The winners: executives who argued that giving automatic privacy to consumers would make it tougher for Microsoft to profit from selling online ads. Microsoft built its browser so that users must deliberately turn on privacy settings every time they start up the software. Microsoft's original privacy plans for the new Explorer were "industry-leading" and technically superior to privacy features in earlier browsers, says Simon Davies, a privacy-rights advocate in the U.K. whom Microsoft consulted while forming its browser privacy plans. Most users of the final product aren't even aware its privacy settings are available, he says.
    [Show full text]
  • Zeszyty T 13 2018 Tytulowa I Redakcyjna
    POLITECHNIKA KOSZALIŃSKA Zeszyty Naukowe Wydziału Elektroniki i Informatyki Nr 13 KOSZALIN 2018 Zeszyty Naukowe Wydziału Elektroniki i Informatyki Nr 13 ISSN 1897-7421 ISBN 978-83-7365-501-0 Przewodniczący Uczelnianej Rady Wydawniczej Zbigniew Danielewicz Przewodniczący Komitetu Redakcyjnego Aleksy Patryn Komitet Redakcyjny Krzysztof Bzdyra Walery Susłow Wiesław Madej Józef Drabarek Adam Słowik Strona internetowa https://weii.tu.koszalin.pl/nauka/zeszyty-naukowe Projekt okładki Tadeusz Walczak Skład, łamanie Maciej Bączek © Copyright by Wydawnictwo Uczelniane Politechniki Koszalińskiej Koszalin 2018 Wydawnictwo Uczelniane Politechniki Koszalińskiej 75-620 Koszalin, ul. Racławicka 15-17 Koszalin 2018, wyd. I, ark. wyd. 5,72, format B-5, nakład 100 egz. Druk: INTRO-DRUK, Koszalin Spis treści Damian Giebas, Rafał Wojszczyk ..................................................................................................................................................... 5 Zastosowanie wybranych reprezentacji graficznych do analizy aplikacji wielowątkowych Grzegorz Górski, Paweł Koziołko ...................................................................................................................................................... 27 Semantyczne ataki na aplikacje internetowe wykorzystujące język HTML i arkusze CSS Grzegorz Górski, Paweł Koziołko ..................................................................................................................................................... 37 Analiza skuteczności wybranych metod
    [Show full text]
  • The Web. Webgl, Webvr and Gltf GDC, February 2017
    Reaching the Largest Gaming Platform of All: The Web. WebGL, WebVR and glTF GDC, February 2017 Neil Trevett Vice President Developer Ecosystem, NVIDIA | President, Khronos | glTF Chair [email protected] | @neilt3d © Copyright Khronos Group 2017 - Page 1 Khronos News Here at GDC 2017 • WebGL™ 2.0 Specification Finalized and Shipping - https://www.khronos.org/blog/webgl-2.0-arrives • Developer preview on glTF™ 2.0 - https://www.khronos.org/blog/call-for-feedback-on-gltf-2.0 • Announcing OpenXR™ for Portable Virtual Reality - https://www.khronos.org/blog/the-openxr-working-group-is-here • Call for Participation in the 3D Portability Exploratory Group - A native API for rendering code that can run efficiently over Vulkan, DX12 and Metal khronos.org/3dportability • Adoption Grows for Vulkan®; New Features Released - Details here © Copyright Khronos Group 2017 - Page 2 OpenXR – Portable Virtual Reality © Copyright Khronos Group 2017 - Page 3 OpenXR Details OpenXR Working Group Members Design work has started in December Estimate 12-18 months to release WebVR would use WebGL and OpenXR © Copyright Khronos Group 2017 - Page 4 3D Portability API – Call For Participation ‘WebGL Next’ - Lifts ‘Portability API’ to A Portability Solution JavaScript and WebAssembly needs to address APIs and - Provides foundational graphics shading languages and GPU compute for the Web ‘Portability Solution’ Portability API Spec + Shading Language open source tools API MIR MSL Overlap ‘Portability API’ DX IL Specification Analysis HLSL GLSL Open source compilers/translators for shading and intermediate languages © Copyright Khronos Group 2017 - Page 5 Speakers and Topics for This Session Google WebGL 2.0 Zhenyao Mo, Kai Ninomiya, Ken Russell Three.js Three.js Ricardo Cabello (Mr.doob) Google WebVR Brandon Jones NVIDIA - Neil Trevett glTF Microsoft - Saurabh Bhatia All Q&A © Copyright Khronos Group 2017 - Page 6 WebGL 2.0 Zhenyao Mo, Kai Ninomiya, Ken Russell Google, Inc.
    [Show full text]
  • Statement of Justin Brookman Director, Consumer Privacy Center for Democracy & Technology Before the U.S. Senate Committee O
    Statement of Justin Brookman Director, Consumer Privacy Center for Democracy & Technology Before the U.S. Senate Committee on Commerce, Science, and Transportation Hearing on “A Status Update on the Development of Voluntary Do-Not-Track Standards” April 24, 2013 Chairman Rockefeller, Ranking Member Thune, and Members of the Committee: On behalf of the Center for Democracy & Technology (CDT), I thank you for the opportunity to testify today. We applaud the leadership the Chairman has demonstrated in examining the challenges in developing a consensus Do Not Track standard and appreciate the opportunity to address the continued insufficiency of self-regulatory consumer privacy protections. CDT is a non-profit, public interest organization dedicated to preserving and promoting openness, innovation, and freedom on the decentralized Internet. I currently serve as the Director of CDT’s Consumer Privacy Project. I am also an active participant in the Worldwide Web Consortium’s Tracking Protection Working Group, where I serve as editor of the “Tracking Compliance and Scope” specification — the document that purports to define what Do Not Track should mean. My testimony today will briefly describe the history of online behavioral advertising and the genesis of the Do Not Track initiative. I will then describe the current state of the World Wide Web Consortium’s efforts to create Do Not Track standards and the challenges going forward to implement Do Not Track tools successfully. I will conclude with my thoughts on the future of Do Not Track. and why I believe that this protracted struggle demonstrates the need for the fundamental reform of our nation’s privacy protection framework for commercial and government collection and use of personal information.
    [Show full text]
  • Vmlogin Virtual Multi-Login Browser Instruction Ver
    VMLogin virtual multi-login browser Instruction Ver 1.0 Skype: [email protected] Telegram1: Vmlogin Telegram2: vmlogin_us System Requirements Hardware requirements RAM: 4GB recommended; 1GB available disk space Effective GPU Supported operating systems Although VMLogin supports x86 (32-bit) systems, we recommend using VMLogin on x64 (64-bit) systems. OS supported by VMLogin Windows 10 Windows Server 2016 Windows 7 Windows 8 Software install Users can download the latest software installation package from the official website: vmlogin.us. The version used in this manual is 1.0.3.8. We can start the software installation package program, and the interface for selecting the installation language will be displayed: User can select the software language he likes, and can also change the language in the settings after installation. Currently supports Simplified Chinese and English. After the user select the language, enter the interface for selecting the installation directory: Here is generally installed by default, press the "Next" button, if the user customizes the installation directory, please pay attention to the directory permissions, the current user can edit. Generally, you need to create a desktop shortcut for convenient, we click the "Next" button to continue by default here. At this point we can click the "Install" button to install. We need to wait for the installation progress to complete. At this step, the software installation is complete. Software function 1. Start Software When we start the software, we will see the login interface. New users need to create a new account to log in. 2. Create Account To register as a new user, you need to use email as your account, set a password, and register.
    [Show full text]
  • Amazon Silk Developer Guide Amazon Silk Developer Guide
    Amazon Silk Developer Guide Amazon Silk Developer Guide Amazon Silk: Developer Guide Copyright © 2015 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. The following are trademarks of Amazon Web Services, Inc.: Amazon, Amazon Web Services Design, AWS, Amazon CloudFront, AWS CloudTrail, AWS CodeDeploy, Amazon Cognito, Amazon DevPay, DynamoDB, ElastiCache, Amazon EC2, Amazon Elastic Compute Cloud, Amazon Glacier, Amazon Kinesis, Kindle, Kindle Fire, AWS Marketplace Design, Mechanical Turk, Amazon Redshift, Amazon Route 53, Amazon S3, Amazon VPC, and Amazon WorkDocs. In addition, Amazon.com graphics, logos, page headers, button icons, scripts, and service names are trademarks, or trade dress of Amazon in the U.S. and/or other countries. Amazon©s trademarks and trade dress may not be used in connection with any product or service that is not Amazon©s, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. AWS documentation posted on the Alpha server is for internal testing and review purposes only. It is not intended for external customers. Amazon Silk Developer Guide Table of Contents What Is Amazon Silk? .................................................................................................................... 1 Split Browser Architecture ......................................................................................................
    [Show full text]