The Internet and Web Tracking
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
The Web Never Forgets: Persistent Tracking Mechanisms in the Wild
The Web Never Forgets: Persistent Tracking Mechanisms in the Wild Gunes Acar1, Christian Eubank2, Steven Englehardt2, Marc Juarez1 Arvind Narayanan2, Claudia Diaz1 1KU Leuven, ESAT/COSIC and iMinds, Leuven, Belgium {name.surname}@esat.kuleuven.be 2Princeton University {cge,ste,arvindn}@cs.princeton.edu ABSTRACT 1. INTRODUCTION We present the first large-scale studies of three advanced web tracking mechanisms — canvas fingerprinting, evercookies A 1999 New York Times article called cookies compre and use of “cookie syncing” in conjunction with evercookies. hensive privacy invaders and described them as “surveillance Canvas fingerprinting, a recently developed form of browser files that many marketers implant in the personal computers fingerprinting, has not previously been reported in the wild; of people.” Ten years later, the stealth and sophistication of our results show that over 5% of the top 100,000 websites tracking techniques had advanced to the point that Edward employ it. We then present the first automated study of Felten wrote “If You’re Going to Track Me, Please Use Cook evercookies and respawning and the discovery of a new ev ies” [18]. Indeed, online tracking has often been described ercookie vector, IndexedDB. Turning to cookie syncing, we as an “arms race” [47], and in this work we study the latest present novel techniques for detection and analysing ID flows advances in that race. and we quantify the amplification of privacy-intrusive track The tracking mechanisms we study are advanced in that ing practices due to cookie syncing. they are hard to control, hard to detect and resilient Our evaluation of the defensive techniques used by to blocking or removing. -
Improving Transparency Into Online Targeted Advertising
AdReveal: Improving Transparency Into Online Targeted Advertising Bin Liu∗, Anmol Sheth‡, Udi Weinsberg‡, Jaideep Chandrashekar‡, Ramesh Govindan∗ ‡Technicolor ∗University of Southern California ABSTRACT tous and cover a large fraction of a user’s browsing behav- To address the pressing need to provide transparency into ior, enabling them to build comprehensive profiles of their the online targeted advertising ecosystem, we present AdRe- online interests. This widespread tracking of users and the veal, a practical measurement and analysis framework, that subsequent personalization of ads have received a great deal provides a first look at the prevalence of different ad target- of negative press; users associate adjectives such as creepy ing mechanisms. We design and implement a browser based and scary with the practice [18], primarily because they lack tool that provides detailed measurements of online display insight into how their data is being collected and used. ads, and develop analysis techniques to characterize the con- Our paper seeks to provide transparency into the targeted textual, behavioral and re-marketing based targeting mecha- advertising ecosystem, a capability that has not been ex- nisms used by advertisers. Our analysis is based on a large plored so far. We seek to enable end-users to reason about dataset consisting of measurements from 103K webpages why ads of a certain category are being displayed to them. and 139K display ads. Our results show that advertisers fre- Consider a user that repeatedly receives ads about cures for a quently target users based on their online interests; almost particularly private ailment. The user currently lacks a way half of the ad categories employ behavioral targeting. -
Beacons and Their Uses for Digital Forensics Purposes
Beacons and Their Uses for Digital Forensics Purposes An Investigation Prof. Martin Oliver Luke Lubbe Department of Computer Science Department of Computer Science University of Pretoria University of Pretoria [email protected] [email protected] Abstract— This article relates to the field of digital forensics websites which hosted the web bug and more importantly the with a particular focus on web (World Wide Web) beacons and IP address of the requesting browsers computer. Examples of how they can be utilized for digital forensic purposes. A web detected web beacons on a website are shown in Figure 1.0 beacon or more commonly “web bug” is an example of a hidden resource reference in a webpage, which when the webpage is The reason for the widespread presence of web beacons is loaded, is requested from a third party source. The purpose of a that they have proven to be a very useful method for tracking web beacon is to track the browsing habits of a particular IP user activity on the internet without impairing the users address. This paper proposes a novel technique that utilizes the browsing experience. The ability to track a user’s internet use presence of web beacons to create a unique ID for a website, to and habits has become invaluable for web analysis and test this a practical investigation is performed. The practical subsequently internet marketing. Web analysis is the act of investigation involves an automated scanning of web beacons on studying internet user’s behavior with the objective of a number of websites, this scanning process involves identifying identifying opportunities for improvements to the user which beacons are present on a web page and recording the experience or site performance. -
Cookie Swap Party: Abusing First-Party Cookies for Web Tracking
Cookie Swap Party: Abusing First-Party Cookies for Web Tracking Quan Chen Panagiotis Ilia [email protected] [email protected] North Carolina State University University of Illinois at Chicago Raleigh, USA Chicago, USA Michalis Polychronakis Alexandros Kapravelos [email protected] [email protected] Stony Brook University North Carolina State University Stony Brook, USA Raleigh, USA ABSTRACT 1 INTRODUCTION As a step towards protecting user privacy, most web browsers perform Most of the JavaScript (JS) [8] code on modern websites is provided some form of third-party HTTP cookie blocking or periodic deletion by external, third-party sources [18, 26, 31, 38]. Third-party JS li- by default, while users typically have the option to select even stricter braries execute in the context of the page that includes them and have blocking policies. As a result, web trackers have shifted their efforts access to the DOM interface of that page. In many scenarios it is to work around these restrictions and retain or even improve the extent preferable to allow third-party JS code to run in the context of the of their tracking capability. parent page. For example, in the case of analytics libraries, certain In this paper, we shed light into the increasingly used practice of re- user interaction metrics (e.g., mouse movements and clicks) cannot lying on first-party cookies that are set by third-party JavaScript code be obtained if JS code executes in a separate iframe. to implement user tracking and other potentially unwanted capabil- This cross-domain inclusion of third-party JS code poses security ities. -
Analysis and Detection of Spying Browser Extensions
I Spy with My Little Eye: Analysis and Detection of Spying Browser Extensions Anupama Aggarwal⇤, Bimal Viswanath†, Liang Zhang‡, Saravana Kumar§, Ayush Shah⇤ and Ponnurangam Kumaraguru⇤ ⇤IIIT - Delhi, India, email: [email protected], [email protected], [email protected] †UC Santa Barbara, email: [email protected] ‡Northeastern University, email: [email protected] §CEG, Guindy, India, email: [email protected] Abstract—In this work, we take a step towards understanding history) and sends the information to third-party domains, and defending against spying browser extensions. These are when its core functionality does not require such information extensions repurposed to capture online activities of a user communication (Section 3). Such information theft is a and communicate the collected sensitive information to a serious violation of user privacy. For example, a user’s third-party domain. We conduct an empirical study of such browsing history can contain URLs referencing private doc- extensions on the Chrome Web Store. First, we present an in- uments (e.g., Google docs) or the URL parameters can depth analysis of the spying behavior of these extensions. We reveal privacy sensitive activities performed by the user on observe that these extensions steal a variety of sensitive user a site (e.g., online e-commerce transactions, password based information, such as the complete browsing history (e.g., the authentication). Moreover, if private data is further sold or sequence of web traversals), online social network (OSN) access exchanged with cyber-criminals [4], it can be misused in tokens, IP address, and geolocation. Second, we investigate numerous ways. -
Track the Planet: a Web-Scale Analysis of How Online Behavioral Advertising Violates Social Norms
University of Pennsylvania ScholarlyCommons Publicly Accessible Penn Dissertations 2017 Track The Planet: A Web-Scale Analysis Of How Online Behavioral Advertising Violates Social Norms Timothy Patrick Libert University of Pennsylvania, [email protected] Follow this and additional works at: https://repository.upenn.edu/edissertations Part of the Communication Commons, Computer Sciences Commons, and the Public Policy Commons Recommended Citation Libert, Timothy Patrick, "Track The Planet: A Web-Scale Analysis Of How Online Behavioral Advertising Violates Social Norms" (2017). Publicly Accessible Penn Dissertations. 2714. https://repository.upenn.edu/edissertations/2714 This paper is posted at ScholarlyCommons. https://repository.upenn.edu/edissertations/2714 For more information, please contact [email protected]. Track The Planet: A Web-Scale Analysis Of How Online Behavioral Advertising Violates Social Norms Abstract Various forms of media have long been supported by advertising as part of a broader social agreement in which the public gains access to monetarily free or subsidized content in exchange for paying attention to advertising. In print- and broadcast-oriented media distribution systems, advertisers relied on broad audience demographics of various publications and programs in order to target their offers to the appropriate groups of people. The shift to distributing media on the World Wide Web has vastly altered the underlying dynamic by which advertisements are targeted. Rather than rely on imprecise demographics, the online behavioral advertising (OBA) industry has developed a system by which individuals’ web browsing histories are covertly surveilled in order that their product preferences may be deduced from their online behavior. Due to a failure of regulation, Internet users have virtually no means to control such surveillance, and it contravenes a host of well-established social norms. -
Web Tracking – a Literature Review on the State of Research
Proceedings of the 51st Hawaii International Conference on System Sciences j 2018 Web Tracking – A Literature Review on the State of Research Tatiana Ermakova Benedict Bender University of Potsdam University of Potsdam [email protected] [email protected] Benjamin Fabian Kerstin Klimek HfT Leipzig University of Potsdam [email protected] [email protected] Abstract (Fabian et al., 2015; Bender et al., 2016). Hence, driven by a variety of enabling techniques (Besson et Web tracking seems to become ubiquitous in online al., 2014; Sanchez-Rola et al., 2016), web tracking has business and leads to increased privacy concerns of become ubiquitous on the Web (Roesner et al., 2012), users. This paper provides an overview over the across websites and even across devices (Brookman et current state of the art of web-tracking research, al., 2017). Besides targeted advertising (Sanchez-Rola aiming to reveal the relevance and methodologies of et al., 2016; Parra-Arnau, 2017), web tracking can be this research area and creates a foundation for future employed for personalization (Sanchez-Rola et al., work. In particular, this study addresses the following 2016; Mayer & Mitchell, 2012; Roesner et al., 2012), research questions: What methods are followed? What advanced web site analytics, social network integration results have been achieved so far? What are potential (Mayer & Mitchell, 2012; Roesner et al., 2012), and future research areas? For these goals, a structured website development (Fourie & Bothma, 2007). literature review based upon an established For online users, especially mature, well-off and methodological framework is conducted. The identified educated individuals, who constitute the most preferred articles are investigated with respect to the applied target group of web tracking (Peacock, 2015), the web research methodologies and the aspects of web tracking practices also imply higher privacy losses tracking they emphasize. -
Integrated Thesis-Sep 12
DEMOGRAPHICS OF ADWARE AND SPYWARE Except where reference is made to the work of others, the work described in this thesis is my own or was done in collaboration with my advisory committee. This thesis does not include proprietary or classified information. _______________________________________________ Kavita Sanyasi Arumugam Certificate of Approval: _____________________________ _____________________________ Dean Hendrix David A Umphress, Chair Associate Professor Associate Professor Computer Science and Computer Science and Software Engineering Software Engineering _____________________________ _____________________________ Cheryl Seals George T. Flowers Assistant Professor Interim Dean Computer Science and Graduate School Software Engineering DEMOGRAPHICS OF ADWARE AND SPYWARE Kavita Arumugam A Thesis Submitted To the Graduate Faculty of Auburn University in Partial Fulfillment of the Requirements for the Degree of Master of Science Auburn, Alabama December 17, 2007 DEMOGRAPHICS OF ADWARE AND SPYWARE Kavita Arumugam Permission is granted to Auburn University to make copies of this thesis at its discretion, upon the request of individuals or institutions and at their expense. The author reserves all publication rights. ____________________________ Signature of Author ____________________________ Date of Graduation iii THESIS ABSTRACT DEMOGRAPHICS OF ADWARE AND SPYWARE Kavita Arumugam Master of Science, December 17, 2007 (B.E., Sir M Visveswaraya Institute of Technology, 2004) 60 Typed Pages Directed by David Umphress The World Wide Web is the most popular use of the Internet. Information can be accessed from this network of web pages. Unknown to users, web pages can access their personal information and, sometimes, also provide information that the user has not asked for. Various kinds of software are used in the web pages. Web pages use Java, Perl scripts, XML, etc. -
Online Tracking, Targeted Advertising and User Privacy - the Technical Part Privacy and Web 2.0 Seminar Summer Term 2011
Online Tracking, Targeted Advertising and User Privacy - The Technical Part Privacy and Web 2.0 Seminar Summer Term 2011 Simon Sprankel sprankel[at]rbg.informatik.tu-darmstadt.de September 30th, 2011 This paper gives a short overview over the field of Online Tracking, Online Targeted Advertising (OTA) and the related privacy issues. Balachander Krishnamurthy rightly states that \there are at least three different angles through which one could approach the problem of reducing privacy leakage: technical, legislative and economic" [1]. This paper focuses on the technical part, whereas Nadine Tr¨uschler's paper mainly focuses on the legislative and economic part. Since she also gives a more detailed introduction in the topic of OTA, it is advantageous to read her paper first. 1 Introduction A short analysis of network traffic suffices in order to see that tracking of users over mul- tiple websites is an up-to-date topic and raises various privacy concerns. For instance studiVZ, one of the largest German Online Social Networks (OSNs), communicates ones profile ID to a big advertising company, Tradedoubler. Another example is a Facebook app called Kickmania, which communicates ones profile ID to another advertising com- pany [2]. Hence, these companies are able to identify the user via its public profile at the OSN. Data, which makes a person identifiable is called Personally Identifiable Infor- mation (PII). There are numerous other cases in which web applications delegate PII to advertising companies. With the growing use of online social networks, the problem has even become worse. It has been shown, that \it is possible for third-parties to link PII, which is leaked via OSNs, with user actions both within OSN sites and elsewhere on non-OSN sites" [2]. -
RUGGEDCOM ROX V1.16 Device Management 3
Preface Introduction 1 Using ROX 2 RUGGEDCOM ROX v1.16 Device Management 3 System Administration 4 Setup and Configuration 5 User Guide Upgrades 6 For RX1000, RX1000P, RX1100, RX1100P 3/2014 RC1098-EN-03 RUGGEDCOM ROX User Guide Copyright © 2014 Siemens AG All rights reserved. Dissemination or reproduction of this document, or evaluation and communication of its contents, is not authorized except where expressly permitted. Violations are liable for damages. All rights reserved, particularly for the purposes of patent application or trademark registration. This document contains proprietary information, which is protected by copyright. All rights are reserved. No part of this document may be photocopied, reproduced or translated to another language without the prior written consent of Siemens AG. Disclaimer Of Liability Siemens has verified the contents of this manual against the hardware and/or software described. However, deviations between the product and the documentation may exist. Siemens shall not be liable for any errors or omissions contained herein or for consequential damages in connection with the furnishing, performance, or use of this material. The information given in this document is reviewed regularly and any necessary corrections will be included in subsequent editions. We appreciate any suggested improvements. We reserve the right to make technical improvements without notice. Registered Trademarks ROX™, Rugged Operating System On Linux™, CrossBow™ and eLAN™ are trademarks of Siemens AG. ROS® is a registered trademark of Siemens AG. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis. -
1. What Is a Cookie?
This Cookie Policy explains how cookies and similar technologies (collectively, “Cookie(s)”) are used when you visit our Site. A “Site” includes our websites, emails, and other applications owned and operated by The New York Times Company (the “Company”, “our”, or “us”) as well as any other services that display this Cookie Policy. This policy explains what these technologies are and why they are used, as well as your right to control their use. We may change this Cookie Policy at any time. Please take a look at the “LAST REVISED” date at the top of this page to see when this Cookie Policy was last revised. Any change in this Cookie Policy will become effective when we make the revised Cookie Policy available on or through the Site. If you have any question, please contact us by email at [email protected], or write to us at the following address: CyberReady, LLC, PO BOX 1180, Justin, TX 76247, attn.: Privacy Counsel. 1. What Is A Cookie? A cookie is a small text file (often including a unique identifier), that is sent to a user’s browser from a website's computers and stored on a user’s computer's hard drive or on a tablet or mobile device (collectively, “Computer”). A Cookie stores a small amount of data on your Computer about your visit to the Site. We may also use “web beacons” (also known as “clear GIFs” or “pixel tags”) or similar technologies on our Site to enable us to know whether you have visited a web page or received a message. -
Poster: Web Beacon Based Detection of Data Leakage for Android
Poster: Web Beacon Based Detection of Data Leakage for Android GyeongRyun Bae Hae Young Lee Dept. of Information Security DuDu IT Seoul Women’s University Seoul, Republic of Korea Seoul, Republic of Korea [email protected] [email protected] Abstract—This poster presents a web beacon based data supplied by Android. Fig. 2 shows an example of a web beacon leakage detection method, called B2-D2, in which data leakage that was injected into a short text message. Note that each carried out by spy apps can be detected by injecting web beacons beacon would have a unique name in the final release. into Android and tracing triggered beacons. Compared to the existing solutions, B2-D2 is very lightweight and does not require a system modification. Also, by injecting JavaScript tags instead of web beacons, B2-D2 would be able to exploit cross-site scripting vulnerabilities against attackers. Through preliminary experiments, we have confirmed that it works against many spy apps. Keywords—data leakage detection, mobile privacy, Android, web beacons I. INTRODUCTION Due to a dramatic increase of Android malware, especially spy apps, sensitive data theft from Android devices has become a major form of attack in recent years [1]. Although researchers have proposed a large number of solutions for detecting or preventing data leakage from Android devices, most of them are heavy, e.g., static and/or dynamic analysis based solutions [2,3], Fig. 1. Overview of B2-D2 and/or need system modifications [4,5]. In this poster, we propose a web beacon based data leakage detection method (B2-D2) for Android.