A Privacy Analysis of Google and Yandex Safe Browsing

@article{Gerbet2016APA,
  title={A Privacy Analysis of Google and Yandex Safe Browsing},
  author={Thomas Gerbet and Amrit Kumar and C{\'e}dric Lauradoux},
  journal={2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)},
  year={2016},
  pages={347-358}
}
Google and Yandex Safe Browsing are popular services included in many web browsers to prevent users from visiting phishing or malware websites. [...] Key Result Our analysis and experimental results show that Google and Yandex Safe Browsing canpotentially be used as a tool to track specific classes of individuals. Additionally, our investigations on the data currently included in Google and Yandex Safe Browsing provides a concrete set of URLs/domains that can be re-identified without much effort.Expand
PPSB: An Open and Flexible Platform for Privacy-Preserving Safe Browsing
TLDR
A Privacy-Preserving Safe Browsing (PPSB) platform that bridges the browser that uses the service and the third-party blacklist providers who provide unsafe URLs, with the guaranteed privacy of users and blacklist providers is presented. Expand
Web Browser Privacy: What Do Browsers Say When They Phone Home?
TLDR
The aim is to assess the privacy risks associated with this data exchange between a browser and its back-end servers, and finds that both the desktop and mobile versions of Brave do not use any identifiers allowing tracking of IP address over time, and do not share details of web pages visited with backend servers. Expand
Security and privacy for outsourced computations.
TLDR
This dissertation highlights the misunderstandings related to the use of hashingand hash-based data structures in a security and privacy context and shows that Safe Browsing can potentially be used as a tool to track specific classes of individuals. Expand
The Pitfalls of Hashing for Privacy
TLDR
This paper is a tutorial to explain the limits of cryptographic hash functions as an anonymization technique and provides three case studies to illustrate how hashing only yields a weakly anonymized data. Expand
Private Blocklist Lookups with Checklist
TLDR
Checklist is the first blocklist-lookup system that leaks no information about the client's string to the server, does not require the client to store the blocklist in its entirety, and allows the server to respond to the client’s query in time sublinear in the block list size. Expand
MyTrackingChoices: Pacifying the Ad-Block War by Enforcing User Privacy Preferences
TLDR
The proposed approach consists in providing users with an option to specify the categories of web pages that are privacy-sensitive to them and block trackers present on such web pages only, and shows that the economic impact of ad blocking exerted by privacy- sensitive users can be significantly reduced. Expand
Fine-Grained Control over Tracking to Support the Ad-Based Web Economy
TLDR
This article investigates an Internet technology that targets users who are not, in general, against advertising, accept the trade-off that comes with the “free” content, but—for privacy concerns—they wish to exert fine-grained control over tracking. Expand
Analysis of malware download sites by focusing on time series variation of malware
TLDR
It is found that some sites survive for a very long time and are revived frequently, a finding not revealed in previous research, and effective countermeasures for each category are discussed. Expand
AnNotify: A Private Notification Service
TLDR
A number of extensions are presented, such as generic presence and broadcast notifications, and applications, including notifications for incoming messages in anonymous communications, updates to private cached web and Domain Name Service (DNS) queries. Expand
Cyber attacks, countermeasures, and protection schemes — A state of the art survey
  • A. Shabut, K. Lwin, M. A. Hossain
  • Engineering, Computer Science
  • 2016 10th International Conference on Software, Knowledge, Information Management & Applications (SKIMA)
  • 2016
TLDR
The state of the art of cyber security attacks, countermeasures, and protection tools related to everyday online activities are described and a useful cyber-attack taxonomy and classification is provided which helps to involve in a protection process to identify attacks and measures for cyber security. Expand
...
1
2
...

References

SHOWING 1-10 OF 48 REFERENCES
Quantifying Web-Search Privacy
TLDR
This paper formalizes adversary's background knowledge and attacks, the users' privacy objectives, and the algorithms to evaluate effectiveness of query obfuscation mechanisms, and designs a generic tool that can be used for evaluating generic obfuscation mechanism, and users with different web search behavior. Expand
"I know what you did last summer": query logs and user privacy
TLDR
It is concluded that known schemes to release even heavily scrubbed query logs that contain session information have significant privacy risks. Expand
Improving the Robustness of Private Information Retrieval
  • I. Goldberg
  • Computer Science
  • 2007 IEEE Symposium on Security and Privacy (SP '07)
  • 2007
TLDR
This paper presents a Byzantine-robust PIR protocol which provides information-theoretic privacy protection against coalitions of up to all but one of the responding servers, improving the previous result by a factor of 3. Expand
k-Anonymity: A Model for Protecting Privacy
  • L. Sweeney
  • Computer Science
  • Int. J. Uncertain. Fuzziness Knowl. Based Syst.
  • 2002
TLDR
The solution provided in this paper includes a formal protection model named k-anonymity and a set of accompanying policies for deployment and examines re-identification attacks that can be realized on releases that adhere to k- anonymity unless accompanying policies are respected. Expand
Revisiting the Computational Practicality of Private Information Retrieval
TLDR
A performance analysis of a single-server lattice-based PIR scheme by Aguilar-Melchor and Gaborit, as well as two multi-server information-theoretic PIR schemes by Chor et al. and by Goldberg find the end-to-end response times of these schemes to be one to three orders of magnitude smaller than the trivial scheme for realistic computation power and network bandwidth. Expand
Uniform Resource Identifier (URI): Generic Syntax
TLDR
The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier. Expand
Space/time trade-offs in hash coding with allowable errors
TLDR
Analysis of the paradigm problem demonstrates that allowing a small number of test messages to be falsely identified as members of the given set will permit a much smaller hash area to be used without increasing reject time. Expand
Uniform Resource Identifiers (URI): Generic Syntax
TLDR
This document defines the generic syntax of URI, including both absolute and relative forms, and guidelines for their use, and revises and replaces the generic definitions in RFC 1738 and RFC 1808. Expand
Routing in random ad-hoc networks: provably better than worst-case
TLDR
It is proved that each of the three proposed methods for wireless network routing are almost always efficient under relevant, models and metrics models for wireless networks. Expand
Uniform Resource Locators (URL)
This document specifies a Uniform Resource Locator (URL), the syntax and semantics of formalized information for location and access of resources via the Internet.
...
1
2
3
4
5
...