DOCSLIB.ORG

Protecting Users from Third-Party Web Tracking with Trackingfree Browser

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Protecting Users from Third-Party Web Tracking with Trackingfree Browser I Do Not Know What You Visited Last Summer: Protecting Users from Third-party Web Tracking with TrackingFree Browser Xiang Pan Yinzhi Cao Yan Chen Northwestern University Columbia University Northwestern University [email protected] [email protected] [email protected] Abstract—Stateful third-party web tracking has drawn the neither of the approaches can completely protect users from attention of public media given its popularity among top Alexa third-party tracking: in addition to browser cookies, a tracker web sites. A tracking server can associate a unique identifier can store user’s unique identifier into many other places on from the client side with the private information contained in the client-side state, such as Flash files [4] [26] [17] and browser referer header of the request to the tracking server, thus recording caches [26] [4] [17]; meanwhile, blacklist tools highly depend the client’s behavior. Faced with the significant problem, existing on all the records in the database and a tracking company can works either disable setting tracking identifiers or blacklist third- party requests to certain servers. However, neither of them can always adopt new domains to track users. completely block stateful web tracking. To address the shortcomings of existing anti-tracking ap- In this paper, we propose TrackingFree, the first anti-tracking proaches, a third-party tracking defense system should achieve browser by mitigating unique identifiers. Instead of disabling the following goals: those unique identifiers, we isolate them into different browser Complete blocking. The system can completely block all principals so that the identifiers still exist but are not unique •existing stateful third-party tracking techniques, such as those among different web sites. By doing this, we fundamentally cut off tracked by browser cookies, caches, HTML5 localStorage and the tracking chain for third-party web tracking. Our evaluation shows that TrackingFree can invalidate all the 647 trackers found Flash files. High function preservation. While blocking third-party in Alexa Top 500 web sites, and we formally verified that in • TrackingFree browser, a single tracker can at most correlate user’s tracking, the system should be compatible to existing web activities on three web sites by Alloy. sites and web services. Low performance overhead. The system should incur afford- • I. INTRODUCTION able overhead compared with that of normal browsing. Stateful third-party web tracking, the practice by which third- In this paper, we propose TrackingFree, the first anti-tracking party web sites collect private information about web users, has browser that can completely protect users from stateful third- been adopted by more than 90% of Alexa Top 500 web sites [34]. party tracking practice. Instead of disabling places that store To track a web user, a third-party tracking1 site first needs to third-party unique identifiers, such as browser cookies and flash identify the user by a unique string stored in client-side state. files, TrackingFree automatically partitions client-side state into Then, the tracking site associates the identifier of the user with multiple isolation units (a.k.a., browser principals) so that the the private information, such as first-party web site domain name, identifiers still exist but are not unique any more. Therefore, third- contained in the referer header of the third-party request. party tracking web sites cannot correlate a user’s requests sent from different principals with those identifiers. As a comparison, Faced with the significance of third-party tracking in the all existing multi-principal browsers [5], [8], [10], [15], [28], wild, researchers have proposed solutions targeting the two [38] aim to protect users from memory attacks and cannot defend steps of third-party tracking: mitigating the unique identifier like against tracking practices. To summarize, we make the following disabling third-party cookies, or cutting off requests with private contributions: information like blacklisting known tracking servers. However, Anti-tracking Content Allocation Mechanism. To obtain • 1In this paper, unless otherwise stated, third-party tracking refers to stateful the completeness of anti-tracking capability, TrackingFree third-party tracking. partitions client-side state into different browser principals through a novel content allocation mechanism. TrackingFree first allocates initial server-side contents based on the regis- Permission to freely reproduce all or part of this paper for noncommercial tered domain names, and then allocates derivative server-side purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited contents, such as user-navigated windows/frames and pop-up without the prior written consent of the Internet Society, the first-named author windows, based on a dynamically generated in-degree-bounded (for reproduction of an entire paper only), and the author’s employer if the graph with its nodes as browser principals. paper was prepared within the scope of employment. Privacy-preserving Communication. TrackingFree is the NDSS ’15, 8-11 February 2015, San Diego, CA, USA • Copyright 2015 Internet Society, ISBN 1-891562-38-X first multi-principal browser with isolated client-side state http://dx.doi.org/10.14722/ndss.2015.23163 that enables communication among different principals. The on the kernel, has isolated persistent storage so the third-party Algorithm 1 Principal Switch Determination Algorithm contents in different principals cannot share the same identifiers. Input: We adopt profile based isolation mechanism [9] [31] because target : Frame . target frame source : Frame . source frame of its completeness in isolating client-side state and minimum domain : Domain . the domain of the principal overhead. Profile will also isolate user preferences, so we propose isUserT riggered : Boolean preference configure to synchronize all user-initiated preferences Output: 1: isCrossSiteReq (not equal(target.domain, domain)) among all principals. See Section III-D for details. 2: isMainF rameNav( ( 3: (source.isMainF rame() and isNavigation(source, target)) In addition to isolation mechanism, another key factor for 4: if isMainF rameNav & isCrossSiteReq then TrackingFree is content allocation mechanism. In TrackingFree, 5: return switch-principal 6: else if isCrossSiteReq & isUserT riggered then the principal manager handles how to allocate contents from 7: return switch-principal the server into different browser principals. Specifically, it 8: else dynamically determines how to put different frames into different 9: return non-switch 10: principals based on user activities, frame properties and principal end if organization. Principal organization is maintained by principal backend as a directed graph with maximum in-degree set as two. to store identifiers [35] [4]. We treat plugin objects like other We claim that TrackingFree’s content allocation mechanism can HTML objects: putting them in the same principal as their strike a good balance between privacy and compatibility. We embedding frames to cut off the identifier sharing channels will discuss it in details in Section III-B. provided by plugin objects. Principal communication also plays an important role for browser’s privacy and compatibility. They can be classified 2) Derivative Content Allocation: Once a frame is placed as two categories: explicit communication (e.g., postMessage) in a principal, TrackingFree needs to decide how to allocate and implicit communication (e.g., history information sharing). its child frames. There are two steps in allocating those child In TrackingFree, message policy enforcer and public history frames. First, TrackingFree decides whether those child frames manager handle all the principal communication: the former should stay in the same principal as their parent frames. A short restricts the range of explicit communication for privacy- answer is that TrackingFree keeps all non-user-triggered child preserving purpose and the latter proposes a secure history frames in the principals that their parent frames reside in, and sharing channel. We will discuss principal communication in moves all user-triggered cross-site frames to other principals. Section III-C. This process is defined as principal switch. Each frame can TrackingFree also gives user the flexibility of controlling the at most be switched once in its creation phase. Second, for balance between anti-tracking capability and user experience. those frames that need to be moved out of current principal, Specifically, the two components of domain data manager can TrackingFree selects an existing principal or creates a new decrease the number of principals and share specified domains’ one to render them. This process is defined as principal selection. sessions among multiple principals, while still achieving expected privacy. Domain data manager will be discussed in Section III-E. Principal Switch. There are two intuitive yet extreme principal switch algorithms: keeping all child frames in current B. Content Allocation principal (no switch) and making a switch for every child frame. TrackingFree’s content allocation mechanism is composed However, keeping all child frames in the same principal allows of two parts: initial content allocation and derivative content trackers to collect user’s browsing history; making a switch all allocation. Initial content allocation handles top frames
Load more

Recommended publications
  • Personal Data Processing Policy
    PERSONAL DATA PROCESSING POLICY (website, customers and prospects) Cisbio Bioassays is a business-to-business (B2B) company and in most cases, the information we process concerns legal entities and not individuals. Nevertheless, behind the companies, there are men and women. Respect for your privacy and the protection of your personal data is a priority and constant concern for Cisbio Bioassays, who have adopted a "privacy by design" approach. This notably implies that your personal data is protected by default both in terms of the system design and Cisbio Bioassays internal practices. Everyone in our company that is required to view or use personal data has been trained to respect the applicable law and the issues of confidentiality. Data processing is performed transparently within the rights granted to you by the laws and regulations, but also by this personal data processing policy. The protection of your privacy is ensured from end to end, from the design of the application to the erasure of your data. Cisbio Bioassays ensures a high level of protection in accordance with the European standards for the protection of personal data to all its customers and users, whatever their country of origin and, subject to legal and regulatory obligations, regardless of where they access the services. OUR PRINCIPLES, OUR ETHICS Our ethics on privacy protection and personal data is based on the following principles: • Transparency and loyalty: you know what information is collected, by whom, by what means and for which use. At any moment you can also request details on the processing implemented by contacting our services.
    [Show full text]
  • Browsercookies Und Alternative Tracking-Technologien: Technische Und Datenschutzrechtliche Aspekte
    Browsercookies und alternative Tracking-Technologien: technische und datenschutzrechtliche Aspekte Inhaltsübersicht 1. Einleitung 2. Tracking und Datenschutz 2.1. Personenbezogene Daten 2.2. Nutzungsdaten 2.3. Pseudonyme Daten 2.4. Anonyme Daten 2.5. Praktische Relevanz der Unterscheidung 3. Browser-Cookies 3.1. First- und Third-Party-Cookies 3.2. Einsatz von Browser-Cookies zur Messung, Steuerung und Profilbildung 3.3. Cookies und Datenschutz 3.3.1. Datenschutzrechtliche Regelungen im Telemediengesetz (TMG) 3.3.2. Die Cookie-Richtlinie 3.3.3. Fazit 4. Alternative Tracking-Technologien 4.1. Browser-basierte Technologien 4.1.1. Fingerprinting 4.1.2. Common-IDs 4.1.3. eTag 4.1.4. Local Storage (auch Web Storage, DOM Storage) 4.1.5. Flash-Cookies 4.1.6. Authentication Cache 4.2. Mobile app-basierte Technologien 4.2.1. Device abhängige IDs von Apple iOS 4.2.2. Device abhängige IDs von Google Android 4.3. Datenschutzrechtliche Aspekte bei alternativen Tracking-Technologien 5. Selbstregulierung in Deutschland (DDOW) 5.1. Technologieneutraler Geltungsbereich 5.2. Die Informationspflichten 5.3. Die Kontrollmöglichkeiten für Verbraucher 5.4. Weitere Verpflichtungen 6. Ausblicke – Regelungen einer künftigen Datenschutzgrundverordnung 1. Einleitung Im Internet versteht man unter Tracking die quantitative Messung und das Nachvollziehen des Nutzerverhaltens auf Websites sowie in einem weiteren Nutzungskontext die Messung von Werbeeinblendungen zum Zweck der Auslieferungskontrolle und -steuerung. Ein verlässlich funktionierendes Tracking, das eindeutige Ergebnisse über alle benötigten Metriken liefert und zugleich eine optimale Aussteuerung erlaubt, ist für Webangebote und werbetreibende Unternehmen im heute bestehenden wirtschaftlichen Konkurrenzumfeld absolut unerlässlich. Den technologischen Schlüssel zu einem leistungsfähigen Tracking liefert bis heute das Browsercookie, das häufig auch einfach nur als „Cookie“ bezeichnet wird.
    [Show full text]
  • Understanding Ad Blockers
    Understanding Ad Blockers A Major Qualifying Project Submitted to the Faculty of Worcester Polytechnic Institute In partial fulfillment of the requirements for the Degree of Bachelor of Science In Computer Science By _________________________________ Doruk Uzunoglu March 21, 2016 _______________________ Professor Craig E. Wills, Project Advisor Professor and Department Head Department of Computer Science ABSTRACT This project aims to provide useful information for users and researchers who would like to learn more about ad blocking. Three main research areas are explored in this project. The first research area provides general information about ad blocking tools and aims to explore ad blockers from a user’s perspective. The second research area provides analyses regarding third­party sites that appear on popular first­party sites in order to explore the behavior of third­parties. Finally, the third research area provides analyses regarding filter lists, which are sets of ad filtering rules used by ad blocking tools. The third research area aims to convey the differences and similarities between individual filter lists as well as sets of filter lists that form the defaults of ad blocking tools. 1 ACKNOWLEDGEMENTS I would like to thank Professor Craig Wills for advising my project, providing insight, and gathering the popular third­party domains data which I analyzed as part of this project. In addition, I would like to thank Jinyan Zang for sharing the third­party data regarding mobile apps, which they have gathered as part of their 2015 paper named “Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps.” The data provided by Jinyan Zang was also analyzed as part of this project.
    [Show full text]
  • PRIVACY in ONLINE ADVERTISING PLATFORMS a Dissertation
    PRIVACY IN ONLINE ADVERTISING PLATFORMS a dissertation submitted to the department of telematics engineering and the committee on graduate studies of universitat politecnica` de catalunya in partial fulfillment of the requirements for the degree of doctor of philosophy Jos´eAntonio Estrada Jim´enez July 2020 c Copyright by Jos´eAntonio Estrada Jim´enez2020 All Rights Reserved ii I certify that I have read this dissertation and that, in my opinion, it is fully adequate in scope and quality as a dissertation for the degree of Doctor of Philosophy. (Jordi Forn´eMu~noz) Principal Co-Adviser I certify that I have read this dissertation and that, in my opinion, it is fully adequate in scope and quality as a dissertation for the degree of Doctor of Philosophy. (Javier Parra Arnau) Principal Co-Adviser Approved for the University Committee on Graduate Studies. iii iv A A. A. v Abstract Online advertising is consistently considered as the pillar of the \free" content on the Web. By giving websites a way of financing their operation, advertising would be preventing users from being charged for the content consumed on the Web. Besides promoting content creation, this revolution of the marketing business created a myriad of new opportunities for advertisers to reach potential customers at the right time. Furthermore, the option of delivering personalized ads has turned advertising into a service that can be really valuable for end users, who thank receiving ads tailored to their interests. Given its apparent success in getting paying customers, online advertising is fueling a billionaire business in which the largest tech companies are involved.
    [Show full text]
  • Mass Surveillance Part 1 - Risks and Opportunities Raised by the Current Generation of Network Services and Applications
    Science and Technology Options Assessment (STOA) Mass Surveillance Part 1 - Risks and opportunities raised by the current generation of network services and applications ANNEX EPRS | European Parliamentary Research Service Scientific Foresight (STOA) Unit PE 527.409 EN Mass Surveillance What are the risks for the citizens and the opportunities for the European Information Society? What are the possible mitigation strategies? Part 1 - Risks and opportunities raised by the current generation of network services and applications Annex IP/G/STOA/FWC-2013-1 - LOT 9 – Safety and security technologies December 2014 STOA - Science and Technology Options Assessment The STOA project “Mass Surveillance – Risks, Opportunities and Mitigation Strategies Part 1” was carried out by TECNALIA Research and Investigation. AUTHORS Arkaitz Gamino Garcia Concepción Cortes Velasco Eider Iturbe Zamalloa Erkuden Rios Velasco Iñaki Eguía Elejabarrieta Javier Herrera Lotero José Javier Larrañeta Ibañez Stefan Schuster (Editor) STOA RESEARCH ADMINISTRATOR Peter Ide-Kostic Scientific Foresight Unit Directorate for Impact Assessment and European Added Value Directorate-General for Parliamentary Research Services European Parliament, Rue Wiertz 60, B-1047 Brussels E-mail: [email protected] LINGUISTIC VERSION Original: EN ABOUT THE PUBLISHER To contact STOA or to subscribe to its newsletter please write to: [email protected] This document is available on the Internet at: http://www.ep.europa.eu/stoa/ Manuscript completed in November, 2014 Brussels, © European Union, 2014 DISCLAIMER The content of this document is the sole responsibility of the author and any opinions expressed therein do not necessarily represent the official position of the European Parliament. It is addressed to the Members and staff of the EP for their parliamentary work.
    [Show full text]
  • A Comparison of Web Privacy Protection Techniques
    A comparison of web privacy protection techniques Johan Mazel Richard Garnier Kensuke Fukuda National Institute of Informatics/JFLI ENSIMAG National Institute of Informatics/Sokendai [email protected] [email protected] [email protected] Abstract—Tracking is pervasive on the web. Third party users regarding their interests. To this end, advertisers leverage trackers acquire user data through information leak from context (e.g. visited website) or previous browsing interests. websites, and user browsing history using cookies and device Advertisers use techniques such as cookies to identify users fingerprinting. In response, several privacy protection techniques (e.g. the Ghostery browser extension) have been developed. To the across websites and build their browsing history. Other tech- best of our knowledge, our work is the first study that proposes niques have also been developed to allow advertising actors a reliable methodology for privacy protection comparison, and to communicate with each other (such as cookie syncing [2]), extensively compares a wide set of privacy protection techniques. or circumvent cookie removal by respawning cookies using Our contributions are the following. First, we propose a robust diverse types of data storage inside the browser (e.g. using methodology to compare privacy protection techniques when crawling many websites, and quantify measurement error. To this Flash [3]). Browser fingerprinting [4] allows a tracking entity end, we reuse the privacy footprint [1] and apply the Kolmogorov- to follow a user across websites without any in-browser data Smirnov test on browsing metrics. This test is likewise applied storage. In response to these techniques, several counter- to HTML-based metrics to assess webpage quality degradation.
    [Show full text]
  • Measurement and Detection of Security Properties of Client-Side Web Applications
    Measurement and Detection of Security Properties of Client-Side Web Applications A Thesis Presented by Michael Weissbacher to The College of Computer and Information Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Information Assurance Northeastern University Boston, Massachusetts April 2018 For my parents. Contents List of Figures v List of Tables vii Acknowledgments viii Abstract of the Thesis ix 1 Introduction 1 1.1 Structure of the Thesis .............................. 4 2 Background 5 2.1 HTTP Security Headers ............................. 5 2.1.1 Overview of Security Headers ...................... 5 2.1.2 Browser policy frameworks ....................... 6 2.1.3 Content Security Policy ......................... 7 2.1.4 Evasion and Attacks Against CSP ................... 8 2.1.5 Beyond Level 1 of CSP .......................... 8 2.2 Browser Extensions ................................ 8 2.2.1 Extension Security Aspects for Browsers ................ 8 2.2.2 Privacy leaks in Extensions ....................... 11 2.2.3 Privacy leaks in Other Platforms .................... 11 2.2.4 Extension Ad Injection .......................... 12 2.2.5 Extension Analysis Systems ....................... 12 2.2.6 Tracking: Extensions and the Web ................... 13 2.3 Vulnerabilities in Web Applications ....................... 14 2.3.1 Measuring and Reducing Complexity .................. 14 2.3.2 Single Page Applications ......................... 15 2.3.3 Mash-ups or Widgets ........................... 15 2.3.4 Client-side communication ........................ 16 2.3.5 Popular JavaScript Frameworks ..................... 16 2.3.6 Server-Side Pre-Rendering ........................ 18 2.3.7 Vulnerability Scanners .......................... 19 2.3.8 Analysis of Web Vulnerability Scanners ................. 20 ii 3 Investigating Content Security Policy 22 3.1 Introduction .................................... 22 3.2 Content Security Policy ............................
    [Show full text]
  • Digital Footprints an Internet Society Reference Framework
    Digital Footprints An Internet Society Reference Framework JANUARY 2014 Table of Contents Structure and Use of This Document…………………………………………..1 Guide to the Themes and Sections……………………………………..…..….2 What Is A Digital Footprint?...........................................................................3 How Did We Start Leaving Such Big Footprints?..........................................4 Is “Monetized” the New “Free”?.....................................................................7 Who Is Tracking Me, and How?.....................................................................9 What Problems Can Digital Footprints Cause?..…………….…………..…..12 Different Devices, Different Traces...............................................................14 What Dynamics are at Work in the World of Digital Footprints?...................17 How Does Legislation Affect Digital Footprints?...........................................19 How Can I Manage my Digital Footprints?...................................................22 2 WWW.INTERNETSOCIETY.COM Structure and Use of the Document This framework document has been structured to make it simple for you to understand and manage your digital footprints. Each section deals with a particular topic: how digital footprints are created, why third parties are interested in our digital footprints, how privacy, economics, and legislation intersect, and so on. Each section has been written to be self-contained, giving a description of the problem or topic, why it matters to you, and what you can do about it. We have grouped the sections into three over-arching themes (economics, risk and context), so you can treat the whole thing as a single document, or pick out a single section that interests you most, or read the sections that related to a common theme. We finish with a guidance section, giving examples of four types of action you can take to develop your understanding and control of your digital footprint. If that's your over-riding concern, just go straight to “How can I manage my digital footprints?”.
    [Show full text]
  • Data, Trust, and Transparency in Personalized Advertising by Darren
    Data, Trust, and Transparency in Personalized Advertising by Darren M. Stevenson A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Communication) in the University of Michigan 2016 Doctoral Committee: Professor Christian E. Sandvig, Chair Associate Professor Sonya Dal Cin Professor Nicole B. Ellison Professor Shane M. Greenstein, Harvard Business School © Copyright Darren M. Stevenson, 2016 All Rights Reserved For my father who sacrificed much so that I might have opportunities he did not who always encouraged me to do my best ii Acknowledgements I was extremely privileged to pursue doctoral studies. I was also quite fortunate that my particular experience included working alongside so many remarkable people across several stimulating departments and institutions. At each point along the way I received generous intellectual, professional, social, and financial support. As a result, I am indebted to a great number of individuals, academic departments, and organizations willing to support me in various ways during this time. Attempting to recall and thank all those who substantively contributed to my doctoral education and the research reported in this document underscores the collective effort it is to complete a Ph.D., rather than an individualistic endeavor. Additionally, while this dissertation builds directly on the theories, ideas, and in many cases the precise suggestions of numerous colleagues, any errors herein are my own. First and foremost, I am immensely grateful to Christian Sandvig, my Ph.D. supervisor. Christian guided my doctoral studies and this entire research project. Unbeknownst to us at the onset, these efforts would span multiple universities.
    [Show full text]
  • Factors That Affect Users' Willingness to Share Information with Online
    What Matters to Users? Factors that Affect Users’ Willingness to Share Information with Online Advertisers Pedro Giovanni Leon∗, Blase Ur∗, Yang Wangz, Manya Sleeper∗, Rebecca Balebako∗, Richard Shay∗, Lujo Bauer∗, Mihai Christodorescuy, Lorrie Faith Cranor∗ ∗Carnegie Mellon University yQualcomm Research Silicon Valley zSyracuse University {pedrogln, bur, msleeper, balebako, [email protected] [email protected] rshay, lbauer, lorrie}@cmu.edu ABSTRACT 1. INTRODUCTION Much of the debate surrounding online behavioral adver- Online behavioral advertising (OBA), the practice of tar- tising (OBA) has centered on how to provide users with geting online advertising based on users' past online activi- notice and choice. An important element left unexplored ties, has been the subject of a major privacy debate in recent is how advertising companies' privacy practices affect users' years. Reports released in 2012 by the U.S. Federal Trade attitudes toward data sharing. We present the results of Commission [5] and the White House [36] discuss the pri- a 2,912-participant online study investigating how facets of vacy tradeoffs inherent in this practice. At the same time, privacy practices|data retention, access to collected data, browser vendors have recently taken steps to reduce track- and scope of use|affect users' willingness to allow the col- ing: Microsoft sends a Do Not Track signal by default in IE lection of behavioral data. We asked participants to visit a 10 [22], and Mozilla has announced that Firefox will even- health website, explained OBA to them, and outlined poli- tually block third-party cookies by default [6]. cies governing data collection for OBA purposes.
    [Show full text]
  • Protecting Users from Third-Party Web Tracking with Trackingfree Browser
    I Do Not Know What You Visited Last Summer: Protecting Users from Third-party Web Tracking with TrackingFree Browser Xiang Pan Yinzhi Cao Yan Chen Northwestern University Columbia University Northwestern University [email protected] [email protected] [email protected] Abstract—Stateful third-party web tracking has drawn the neither of the approaches can completely protect users from attention of public media given its popularity among top Alexa third-party tracking: in addition to browser cookies, a tracker web sites. A tracking server can associate a unique identifier can store user’s unique identifier into many other places on from the client side with the private information contained in the client-side state, such as Flash files [4] [26] [17] and browser referer header of the request to the tracking server, thus recording caches [26] [4] [17]; meanwhile, blacklist tools highly depend the client’s behavior. Faced with the significant problem, existing on all the records in the database and a tracking company can works either disable setting tracking identifiers or blacklist third- party requests to certain servers. However, neither of them can always adopt new domains to track users. completely block stateful web tracking. To address the shortcomings of existing anti-tracking ap- In this paper, we propose TrackingFree, the first anti-tracking proaches, a third-party tracking defense system should achieve browser by mitigating unique identifiers. Instead of disabling the following goals: those unique identifiers, we isolate them into different browser Complete blocking. The system can completely block all principals so that the identifiers still exist but are not unique •existing stateful third-party tracking techniques, such as those among different web sites.
    [Show full text]
  • EFF: How Facebook Monetizes
    Security Now! Transcript of Episode #404 Page 1 of 20 Transcript of Episode #404 EFF: How Facebook Monetizes Description: After catching up with the past week's updates and security news, Iyaz and I share information presented by the Electronic Frontier Foundation (EFF) which describes how Facebook manages the privacy interactions with their third-party data warehouses and advertisers. High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-404.mp3 Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-404-lq.mp3 SHOW TEASE: Coming up to Security Now!. Leo's out, but Steve is here to give us the updates on Java, the new Firefox, and to find out how you're making Facebook a lot of money, and more. IYAZ AKHTAR: This is Security Now! with Steve Gibson, Episode 404, recorded May 15th, 2013: How Facebook Monetizes. It's time for Security Now!, the show that helps you stay safe online. And Leo's obviously not in. I'm Iyaz Akhtar, and thankfully I'm joined by the star of Security Now!, the mustachioed master of security, Steve Gibson. Steve Gibson: Hey, Iyaz. Great to be with you today on Episode 404. IYAZ: 404. Steve: The "missing" Security Now!. The "not found" page of Security Now!. IYAZ: But this episode is findable, anyway. It's not going to be 404'd. We've got a full episode coming up. I'm a little fried. I'm going to get that right out, tell people right in the beginning, because this is hour, what, five of broadcasting for me.
    [Show full text]