DOCSLIB.ORG

Towards a Privacy-Preserving Web

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Towards a Privacy-Preserving Web TOWARDS A PRIVACY-PRESERVING WEB by Umar Iqbal A thesis submitted in partial fulfillment of the requirements for the Doctor of Philosophy degree in Computer Science in the Graduate College of The University of Iowa August 2021 Thesis Committee: Zubair Shafiq, Thesis Supervisor Omar Haider Chowdhury Rishab Nithyanand Juan Pablo Hourcade Supreeth Shastri ACKNOWLEDGEMENTS I have been incredibly fortunate to have helpful and supportive mentors, col- laborators, friends, and family. This thesis would not have been possible without their guidance and support. First and foremost, I would like to thank my advisor, Zubair Shafiq, for his invaluable mentorship. I am especially thankful to him for his openness to ideas, encouragement to go out of my comfort zone, teaching me to critically question my research, and to pick important research problems. I also enjoyed our informal dis- cussions, especially while playing cricket and walking around cities during conference travels. Reflecting back, it has been a very rewarding experience. I would also like to thank several folks at the University of Iowa, who have made my Ph.D. an incredible experience. Especially my comprehensive, proposal, and thesis defense committee members, Omar Chowdhury, Rishab Nithyanand, Juan Pablo, and Supreeth Shastri for their valuable feedback, that helped me improve my research. I am particularly thankful to Omar Chowdhury for providing immense support and writing tens of letters. I cannot forget my weekly meetings with my lab members and friends, Shehroze Farooqi, Adnan Ahmad, Hammad Mazhar, John Cook, and Huyen Le. They provided invaluable critical feedback and a friendly environment for me to learn and excel. Last, but not the least, I want to thank Sheryl Semler and Catherine Till for providing swift administrative support and tolerating my last minute requests. ii I would also like to thank my undergraduate research advisor, Fareed Zaffar, for introducing me to research, providing me an opportunity to work with talented individuals, and encouraging me to pursue a Ph.D. I would not have been where I am today, if it was not for the encouragement and advise of my middle school principal, Khalida Parveen. I have been fortunate to collaborate and learn from many talented people, both in academia and in industry. I would especially like to thank, Steven Englehardt, Zhiyun Qian, Carmela Troncoso, Shitong Zhu, Sandra Siby, John Hazen, and John Wilander. I am thankful to have friends who were always there for me through the ups and downs of graduate school. A special thank you to Bilal Khan, Bilal Bhatti, Hamza Naveed, Bilal Asif, Usman Rana, and Ankur Parupally. I owe everything to my parents, Iqbal and Farhana, who provided their utmost support in all my endeavors. I thank them for their unwavering love and guidance. I want to thank my wife, Jeehan, for supporting me through thick and thin. Especially for tolerating my busy work schedule and helping me get better at maintaining my work life balance : ) I dedicate this thesis to my parents and my wife. iii ABSTRACT Modern web applications are built by combining functionality from external third parties; with the caveat that the website developers trust them. However, third parties come from various sources and website developers are often unaware of their origin and their complete functionality. Thus, the presence of “trusted” third parties has lead to many security and privacy abuses on the web, with one of the most severe consequence being privacy-invasive cross-site tracking without the knowledge or consent of users. In this thesis, I aim to tackle the cross-site tracking menace to make the web more secure and private. Specifically, I build novel privacy-enhancing systems using system instrumentation, machine learning, program analysis, and internet measure- ments techniques. At a high level, my research process involves: instrumenting web browsers to capture detailed execution of webpages, conducting rigorous measure- ments of privacy and security abuses, and using insights from the measurement stud- ies to build machine learning based approaches that counter the privacy and security abuses. In the first half of this thesis, I build privacy-enhancing systems that counter third party cross-site tracking by blocking both stateful tracking, commonly referred to as cookie based tracking, and stateless tracking, commonly referred to as browser fingerprinting. In the second half of this thesis, I build privacy-enhancing systems that counter retaliation by third party circumvention services that evade blocking, by iv either detecting and removing them or by stealthily concealing the traces of blocking. At the end of the thesis, I highlight the research contributions made by this thesis and some of the open research problems. v PUBLIC ABSTRACT Modern web applications are built by combining functionality from external third parties; with the caveat that the website developers trust them. However, third parties come from various sources and website developers are often unaware of their origin and their complete functionality. Thus, the presence of “trusted” third parties has lead to many security and privacy abuses on the web, with one of the most severe consequence being privacy-invasive cross-site tracking without the knowledge or consent of users. In this thesis, I aim to tackle the cross-site tracking menace to make the web more secure and private. Specifically, I build novel privacy-enhancing systems using system instrumentation, machine learning, program analysis, and internet measure- ments techniques. At a high level, my research process involves: instrumenting web browsers to capture detailed execution of webpages, conducting rigorous measure- ments of privacy and security abuses, and using insights from the measurement stud- ies to build machine learning based approaches that counter the privacy and security abuses. In the first half of this thesis, I build privacy-enhancing systems that counter third party cross-site tracking by blocking both stateful tracking, commonly referred to as cookie based tracking, and stateless tracking, commonly referred to as browser fingerprinting. In the second half of this thesis, I build privacy-enhancing systems that counter retaliation by third party circumvention services that evade blocking, by vi either detecting and removing them or by stealthily concealing the traces of blocking. At the end of the thesis, I highlight the research contributions made by this thesis and some of the open research problems. vii TABLE OF CONTENTS LIST OF TABLES . xiii LIST OF FIGURES . xvii CHAPTER 1 INTRODUCTION . .1 1.1 Problem Statement . .1 1.2 Research Challenges . .1 1.3 Research Approach . .2 1.4 Research Contributions . .2 1.4.1 Content Blocking . .3 1.4.1.1 Stateful tracking (AdGraph [216], WebGraph [288], Khaleesi [217]) . .3 1.4.1.2 Stateless tracking (FP-Inspector [214]) . .5 1.4.2 Anti Circumvention . .6 1.4.2.1 Active blocking (AdWars [215]) . .6 1.4.2.2 Stealthy blocking (ShadowBlock [286]) . .7 1.4.2.3 Research Impact . .8 1.4.3 Thesis Organization . .9 2 ADGRAPH: A GRAPH-BASED APPROACH TO AD AND TRACKER BLOCKING . 10 2.1 Introduction . 10 2.2 Background and Related Work . 13 2.2.1 Problem Difficulty . 13 2.2.2 Existing Blocking Techniques . 14 2.2.3 JavaScript Attribution . 19 2.3 AdGraph Design . 23 2.3.1 Graph Representation . 24 2.3.2 Graph Construction . 27 2.3.3 Feature Extraction . 30 2.3.4 Classification . 32 2.4 AdGraph Evaluation . 34 2.4.1 Accuracy . 34 2.4.2 Disagreements Between AdGraph and Filter Lists . 38 2.4.3 Site Breakage . 43 2.4.4 Feature Analysis . 46 viii 2.4.5 Tradeoffs in Browser Instrumentation . 49 2.4.6 Performance . 50 2.5 Discussions . 52 2.5.1 Offline Application of AdGraph .............. 52 2.5.2 AdGraph Limitations And Future Improvements . 54 2.6 Conclusion . 56 3 WEBGRAPH: CAPTURING ADVERTISING AND TRACKING IN- FORMATION FLOWS FOR ROBUST BLOCKING . 57 3.1 Introduction . 57 3.2 Background & Related Work . 60 3.3 AdGraph Robustness . 64 3.3.1 Threat Model & Attack . 65 3.3.2 Results . 67 3.4 WebGraph ............................. 71 3.4.1 Design & Implementation . 74 3.4.1.1 Graph Construction . 74 3.4.1.2 Features . 79 3.4.2 Evaluation . 82 3.4.3 Efficiency . 84 3.5 WebGraph Robustness . 86 3.5.1 Content mutation attacks . 86 3.5.2 Structure mutation attacks . 87 3.5.3 Empirical evaluation . 88 3.5.3.1 Adversary’s success . 90 3.5.3.2 Impact of mutation choice . 95 3.5.3.3 Comparison with AdGraph............ 96 3.6 Limitations . 97 3.7 Conclusion . 99 3.8 Appendix . 100 3.8.1 Comparison between AdGraph and WebGraph features 100 3.8.2 Distribution of graph sizes . 100 3.8.3 Experimental run times . 100 3.8.4 Graph Mutation algorithm . 103 3.8.5 Mutations on a single web page. 107 3.8.6 WebGraph robustness experiments . 108 4 KHALEESI: BREAKER OF ADVERTISING & TRACKING REQUEST CHAINS . 112 4.1 Introduction . 112 4.2 Background & Related Work . 116 4.2.1 Background . 116 ix 4.2.2 Related Work . 119 4.3 Khaleesi .............................. 122 4.3.1 Motivation & Key Idea . 122 4.3.2 Request Chain Construction . 124 4.3.3 Feature Extraction . 126 4.3.4 Classification . 130 4.4 Evaluation . 131 4.4.1 Accuracy . 131 4.4.2 Robustness Analysis . 137 4.4.2.1 Classification accuracy over time . 137 4.4.2.2 Robustness against evasions . 138 4.5 Performance . 140 4.5.1 Breakage Analysis . 143 4.5.2 Performance . 145 4.6 Discussion . 146 4.6.1 Feature Analysis . 146 4.6.2 Request Chain Graph . 148 4.7 Concluding Remarks . 151 4.8 Appendix . 153 4.9 Features definitions . 153 4.9.1 Sequential features . 153 4.9.2 Response features .
Load more

Recommended publications
  • In-Depth Evaluation of Redirect Tracking and Link Usage
    Proceedings on Privacy Enhancing Technologies ; 2020 (4):394–413 Martin Koop*, Erik Tews, and Stefan Katzenbeisser In-Depth Evaluation of Redirect Tracking and Link Usage Abstract: In today’s web, information gathering on 1 Introduction users’ online behavior takes a major role. Advertisers use different tracking techniques that invade users’ privacy It is common practice to use different tracking tech- by collecting data on their browsing activities and inter- niques on websites. This covers the web advertisement ests. To preventing this threat, various privacy tools are infrastructure like banners, so-called web beacons1 or available that try to block third-party elements. How- social media buttons to gather data on the users’ on- ever, there exist various tracking techniques that are line behavior as well as privacy sensible information not covered by those tools, such as redirect link track- [52, 69, 73]. Among others, those include information on ing. Here, tracking is hidden in ordinary website links the user’s real name, address, gender, shopping-behavior pointing to further content. By clicking those links, or or location [4, 19]. Connecting this data with informa- by automatic URL redirects, the user is being redirected tion gathered from search queries, mobile devices [17] through a chain of potential tracking servers not visible or content published in online social networks [5, 79] al- to the user. In this scenario, the tracker collects valuable lows revealing further privacy sensitive information [62]. data about the content, topic, or user interests of the This includes personal interests, problems or desires of website. Additionally, the tracker sets not only third- users, political or religious views, as well as the finan- party but also first-party tracking cookies which are far cial status.
    [Show full text]
  • IBM Cognos Analytics - Reporting Version 11.1
    IBM Cognos Analytics - Reporting Version 11.1 User Guide IBM © Product Information This document applies to IBM Cognos Analytics version 11.1.0 and may also apply to subsequent releases. Copyright Licensed Materials - Property of IBM © Copyright IBM Corp. 2005, 2021. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM, the IBM logo and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at " Copyright and trademark information " at www.ibm.com/legal/copytrade.shtml. The following terms are trademarks or registered trademarks of other companies: • Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. • Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. • Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. • Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. • UNIX is a registered trademark of The Open Group in the United States and other countries. • Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
    [Show full text]
  • Google's March 2021 Announcement
    ACXIOM POINT OF VIEW GOOGLE’S MARCH 2021 ANNOUNCEMENT WHAT YOU NEED TO KNOW EXECUTIVE SUMMARY When Google speaks, everyone listens. It owns over 60% of browser market share and over 29% of the U.S. digital ad revenue.1, 2 Any change that Google makes to its Chrome browser will likely impact all advertisers, publishers and adtech vendors that depend on the internet as a way to make money. Just the facts. 1. What did Google say on March 3? • The company reiterated that third-party cookies will go away on Chrome in March 2022. • Google will not build alternate user-based identifiers to track individuals, nor use them in its products. • As part of Chrome’s Privacy Sandbox proposals, different APIs will be used for different use cases. FLoC (Interest-based targeting), Fledge (Remarketing), and Conversions API (Measurement use cases} are three out of the nine APIs that will be available. All data will be aggregated and no longer used to track and target users at the individual user level. Per Google’s announcement, we have one year to prepare for a world without third-party cookies. While we’ve all known this was coming, we really didn’t know when. Now you can set your countdown timer to March 2022. Google has also clarified that there will be no alternate identifiers used in Google products. In a blog post, David Temkin, Google’s Director of Product Management, made it clear Google would be curbing any attempt by third-party intermediaries to track individuals across sites as they browse the internet.
    [Show full text]
  • What the Floc?
    Security Now! Transcript of Episode #811 Page 1 of 30 Transcript of Episode #811 What the FLoC? Description: This week we briefly, I promise, catch up with ProxyLogon news regarding Windows Defender and the Black Kingdom. We look at Firefox's next release which will be changing its Referer header policy for the better. We look at this week's most recent RCE disaster, a critical vulnerability in the open source MyBB forum software, and China's new CAID (China Anonymization ID). We then conclude by taking a good look at Google's plan to replace tracking with explicit recent browsing history profiling, which is probably the best way to understand FLoC (Federated Learning of Cohorts). And as a special bonus we almost certainly figure out why they named it something so awful. High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-811.mp3 Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-811-lq.mp3 SHOW TEASE: It's time for Security Now!. Steve Gibson is here. We've got a new fix for the Microsoft Exchange Server flaw. This one's automatic, thanks to Microsoft. We'll also take a look at some nice new features in Firefox 87. You can get it right now. And then, what the FLoC? We'll take a look at Google's proposal for replacing third-party cookies. Is it better? It's all coming up next on Security Now!. Leo Laporte: This is Security Now! with Steve Gibson, Episode 811, recorded Tuesday, March 23rd, 2021: What the FLoC? It's time for Security Now!, the show where we cover your privacy, your security, your safety online with this guy right here, Steve Gibson from GRC.com.
    [Show full text]
  • Egta Insight the Future of Online Advertising Without 3Rd Party Cookies May 2020
    EU affairs egta insight the future of online advertising without 3rd party cookies May 2020 www.egta.com table of contents 5 Introduction: The end of 3rd party cookies 6 Part 1: Impact of the end of 3rd party cookies – use cases 7 Part 2: Technical alternatives to 3rd party cookies 7 1.1 Google’s Privacy Sandbox 10 1.2 W3C – ‘Improving Web Advertising’ Business Group 10 1.3 IAB US – Project Rearc 12 Conclusion and egta advice legal notice This publication has been researched and produced by egta’s EU affairs department, and it draws inspiration from the open sources, egta materials and databases, conversations with industry experts and literature from multiple sources. Whilst every effort has been made to ensure the accuracy of the information in publication, egta does not accept responsibility for possible errors or omissions. The opinions and analysis expressed in the publication are those of egta and do not necessarily reflect the views of the other parties. fora are discussing coordinated approaches to Introduction: introduce technical alternatives in support of THE END OF 3rd party targeted advertising (see third section). COOKIES In January 2020, Google confirmed in a blog post that it would phase out the use of 3rd party cookies in its browser Chrome within 2 years. With over 60% of the global browser market, the Chrome announcement, in addition to similar moves by Safari and Firefox, means that by January 2022, 3rd party cookies will be de facto impossible to use across the web. Why did Google feel compelled to make such a move? Chrome essentially found themselves between a rock and a hard place.
    [Show full text]
  • Download Forecheck Guide
    Forecheck Content 1 Welcome & Introduction 5 2 Overview: What Forecheck Can Do 6 3 First Steps 7 4 Projects and Analyses 9 5 Scheduler and Queue 12 6 Important Details 13 6.1 La..n..g..u..a..g..e..s.,. .C...h..a..r.a..c..t.e..r. .S..e..t.s.. .a..n..d.. .U..n..i.c..o..d..e....................................................................... 13 6.2 Ch..o..o..s..i.n..g.. .t.h..e.. .c.o..r..r.e..c..t. .F..o..n..t............................................................................................. 14 6.3 St.o..r.a..g..e.. .L..o..c..a..t.i.o..n.. .o..f. .D..a..t.a................................................................................................ 15 6.4 Fo..r.e..c..h..e..c..k. .U...s.e..r.-.A...g..e..n..t. .a..n..d.. .W...e..b.. .A..n..a..l.y..s.i.s.. .T..o..o..l.s............................................................. 15 6.5 Er.r.o..r.. .H..a..n..d..l.i.n..g................................................................................................................ 17 6.6 Ro..b..o..t.s...t.x..t.,. .n..o..i.n..d..e..x..,. .n..o..f.o..l.l.o..w......................................................................................... 18 6.7 Co..m...p..l.e..t.e.. .A..n..a..l.y..s..i.s. .o..f. .l.a..r.g..e.. .W....e..b..s.i.t.e..s............................................................................. 20 6.8 Fi.n..d..i.n..g.. .a..l.l. .p..a..g..e..s. .o..f. .a.. .W....e..b..s.i.t.e....................................................................................... 21 6.9 Go..o..g..l.e.. .A...n..a..l.y.t.i.c..s.
    [Show full text]
  • What's Happening to Cookies, and What Does It Mean for the Future of Digital? Contents
    THE COOKIE CONUNDRUM WHAT'S HAPPENING TO COOKIES, AND WHAT DOES IT MEAN FOR THE FUTURE OF DIGITAL? CONTENTS Where are we now? 02 Where are we going? 04 The way forward 14 WHERE ARE WE 01NOW? WHERE ARE WE NOW? 3 WHAT IS A COOKIE? WHAT ARE THEY USED Cookies are little bits of information which are stored on your device by your web browser when you FOR NOW? visit a website. Imagine if Netflix never remembered who you were and you had to login afresh each time you used the site, or your Amazon basket forgot all the items you added as you shopped on Prime Day. What about if you had the privacy choices banner pop up every time you visited a website. Pretty WHERE DID THEY annoying, right? These are simple examples of the use of browser cookies for storing little COME FROM? bits of information about the use of that browser (think families using the same browser as an example of why it is not always information related to individuals). They are fundamental to, and incredibly useful for, the web 1994 experience we have come to expect and enjoy. Cookies are also used to remember information about users as they move The year cookies were introduced as a way across different websites on the web, enabling advertisers to serve ads of remembering what was in a user's virtual based on what sites users have been to in the past and how they behaved shopping carts. on those sites. WHERE ARE WE NOW? 4 ARE WE ACTUALLY GOING SO WHAT'S THE DIFFERENCE COOKIE-LESS? BETWEEN FIRST-PARTY AND The short answer is no.
    [Show full text]
  • Ix POV Google 3Rd Party Cookie Phase-Out
    iX POV Google 3rd Party Cookie Phase-out Breaking up with cookies doesn’t have to leave you heart broken. Google’s Third-Party Cookie Phase-out n December 2019, Google Chrome had a leading share Iof the web browser market – over 56%. In January 2020, Google announced that within two years, it will phase out third-party cookies. Thoughts immediately fled to old headlines around how German publishers saw almost a 40% drop in bidding activity when Firefox (the market leading browser in this market) enabled enhanced tracking protection (ETP). So it’s no wonder concern is rife. In an advertising landscape where cookies are crumbling, reliance on first-party data is likely to increase, heightening the importance of collecting it through a value exchange. 56% But what does this mean for your business? Is there cause for concern? And should you start to make changes to the way you operate? Google In this report, a taskforce of specialists across iCrossing demystify information shared by Google and contributors to Google Privacy Sandbox and share their collective point of view on what steps you should be taking at this stage of the shift. As this is an evolving topic, over the next 17 months and beyond, iCrossing will continue to share our thoughts from a cross-disciplinary perspective, to help you navigate and manage this transition. Krishan Gandhi Director of data strategy & analytics 2 Google’s Third-Party Cookie Phase-out We are all in this together, but what does this cookie break-up mean for my business? or large enterprise businesses – particularly in retail or finance Fwhere customer activity is frequent, we’d expect that first-party data collection is not a new ambition, having collected data through compelling value exchange for several years.
    [Show full text]
  • Lxmldoc-4.5.0.Pdf
    lxml 2020-01-29 Contents Contents 2 I lxml 14 1 lxml 15 Introduction................................................. 15 Documentation............................................... 15 Download.................................................. 16 Mailing list................................................. 17 Bug tracker................................................. 17 License................................................... 17 Old Versions................................................. 17 2 Why lxml? 18 Motto.................................................... 18 Aims..................................................... 18 3 Installing lxml 20 Where to get it................................................ 20 Requirements................................................ 20 Installation................................................. 21 MS Windows............................................. 21 Linux................................................. 21 MacOS-X............................................... 21 Building lxml from dev sources....................................... 22 Using lxml with python-libxml2...................................... 22 Source builds on MS Windows....................................... 22 Source builds on MacOS-X......................................... 22 4 Benchmarks and Speed 23 General notes................................................ 23 How to read the timings........................................... 24 Parsing and Serialising........................................... 24 The ElementTree
    [Show full text]
  • Importance of Your First Party Data and What Do You Need to Know About Privacy to Succeed in the Market
    Importance of your first party data and what do you need to know about privacy to succeed in the market July 2021 Who We Are Hosted by: Karolina Magda Wójtowicz Kraszewska Partner Manager CEE Platforms Partner Account Google Marketing Manager Platform Proprietary + Confidential Proprietary + Confidential Technology changes Proprietary + Confidential Rising user expectations for online privacy are affecting users and marketers alike Growing concerns from users, driven by … and marketers are seeing direct business missteps across the ecosystem have reduced impacts based on how well they’re building consumer trust... and sustaining user trust. of consumers say that in the past of people globally have stopped buying year they have become more or using a service from a company concerned with how companies 81% 48% due to privacy concerns.1 are using their data.1 of consumers say they are not return for every dollar a company confident their privacy is protected spent on privacy (cost of 59% by companies whose services or 2.7x compliance, privacy certifications, products they use online.2 maintaining data security).2 Source: 1Consumers kinda, sorta care about their data; 2Axios|SurveyMonkey poll: privacy deep dive Proprietary + Confidential Technology changes are fundamentally altering the foundations of the digital ads industry ! 3P Web Cookie is Browsers begin to cut Chrome announces Chrome announces plans Ecosystem is collaborating developed support for 3P cookies [ITP] Privacy Sandbox to phase out 3P cookies on alternatives 1994 2019 2019
    [Show full text]
  • CSE 190 M (Web Programming), Spring 2008 University of Washington
    Extra Slides, week 2 CSE 190 M (Web Programming), Spring 2008 University of Washington Reading: Chapter 2, sections 2.4 - 2.6 Except where otherwise noted, the contents of this presentation are © Copyright 2008 Marty Stepp and Jessica Miller and are licensed under the Creative Commons Attribution 2.5 License. Additional XHTML Tags for adding metadata and icons to a page Web page metadata: <meta> information about your page (for a browser, search engine, etc.) <meta name="description" content="Authors' web site for Building Java Programs." /> <meta name="keywords" content="java, textbook" /> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> placed in the head of your XHTML page meta tags often have both the name and content attributes some meta tags use the http-equiv attribute instead of name meta element to aid browser / web server <meta http-equiv="Content-Type" content=" type of document (character encoding)" /> <meta http-equiv="refresh" content=" how often to refresh the page (seconds)" /> </head> using the Content-Type gets rid of the W3C "tentatively valid" warning <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> the meta refresh tag can also redirect from one page to another: <meta http-equiv="refresh" content="5;url=http://www.bjp.com " /> why would we want to do this? (example ) meta element to describe the page <head> <meta name="author" content=" web page's author " /> <meta name="revised" content=" web page version and/or last modification date " /> <meta name="generator"
    [Show full text]
  • Playing Fair in the Privacy Sandbox: Competition, Privacy, and Interoperability Standards
    Playing fair in the Privacy Sandbox: competition, privacy, and interoperability standards Mark Nottingham* Abstract Google’s Privacy Sandbox proposals to change the Chrome browser in ways that are likely to further advantage them over other publishers and advertising platforms has attracted the attention of competition regulators, the online advertising industry, and critics of their platform power. At the same time, the Privacy Sandbox appears to answer a call from data protection regulators, privacy advocates and users for ‘privacy by design,’ moving in lockstep with its industry peers. How, then, should this behaviour be evaluated for abuse? I argue that there are several hurdles to considering the most controversial Privacy Sandbox proposal – blocking third-party cookies – as an abuse of market power. Furthermore, I propose that, because web browsers are an architecturally regulated market, competition regulators should distinguish unilateral behaviour by examining it in the context of other browsers’ behaviours, along with signals regarding consensus from the relevant standards bodies. I Introduction The UK Competition and Markets Authority (CMA) recently announced an investigation into Google’s Privacy Sandbox proposals1 because of their potential to ‘undermine the ability of publishers to generate revenue and undermine competition in digital advertising, entrenching Google’s market power.’2 Geradin, Katsifis, and Karanikioti support this view, concluding that ‘Chrome’s policy change raises… antitrust concerns, in that it may distort * Mark Nottingham is a student at Melbourne Law School, Chair of the IETF HTTP Working Group, and recently a member of the Internet Architecture Board. Previously, he was a member of the W3C Technical Architecture Group.
    [Show full text]