PrivacyMeter: Designing and Developing a Privacy-Preserving Browser Extension

@inproceedings{Starov2018PrivacyMeterDA,
  title={PrivacyMeter: Designing and Developing a Privacy-Preserving Browser Extension},
  author={Oleksii Starov and Nick Nikiforakis},
  booktitle={ESSoS},
  year={2018}
}
Anti-tracking browser extensions are popular among web users since they provide them with the ability to limit the number of trackers who get to learn about their browsing habits. These extensions however are limited in that they ignore other privacy signals, such as, the presence of a privacy policy, use of HTTPS, or presence of insecure web forms that can leak PII. To effectively inform users about the privacy consequences of visiting particular websites, we design, implement, and evaluate… 

An Analysis of Web Tracking Domains in Mobile Applications

TLDR
This paper investigates the top applications in categories designed to provide information to users or that are used in social networks and advocates that the same features in web browsers become available through the native mobile operating system.

The Seven Deadly Sins of the HTML5 WebAPI

TLDR
A large-scale study of mobile-specific HTML5 WebAPI calls across more than 183K of the most popular websites reveals the extent to which websites are actively leveraging the WebAPI for collecting sensor data, and finds that 1.63% of websites can carry out at least one attack.

Protecting Private Attributes in App Based Mobile User Profiling

TLDR
This work demonstrates, based on wide-range experimental evaluation of Android apps in a nine month test campaign, that the proposed obfuscation mechanism based on similarity with user’s existing apps can achieve a good trade-off between efforts required by the obfuscating system and the resulting privacy protection.

Who ’ s Tracking Sensitive Domains ? ( and how can you tell a sensitive domain anyway ? )

TLDR
Having analyzed around 30k sensitive domains, it is shown that such domains are tracked, albeit less intensely than the mainstream ones, by third party tracking services operating on them.

Oh, the Places You've Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing

TLDR
Tracking Transparency is presented, a privacy-preserving browser extension that visualizes examples of long-term, longitudinal information that third-party trackers could have inferred from users' browsing.

Invisible Pixels Are Dead, Long Live Invisible Pixels!

TLDR
It is shown that classical 1 x 1 images are still commonly used for third-party tracking in the contemporary world wide web, and it seems that ad-blockers are unable to fully block these classical image-based tracking beacons.

Who's Tracking Sensitive Domains?

TLDR
It is shown that sensitive domains are tracked, albeit less intensely than the mainstream ones, by the third party tracking services operating on them.

Actions speak louder than words: Semi-supervised learning for browser fingerprinting detection

TLDR
Over one hundred device-class fingerprinting scripts present on hundreds of domains are identified, the first time device- class fingerprinting has been measured in the wild, and the power of a sparse vector representation and semi-supervised learning to complement and extend existing tracking detection techniques.

Privacy-preserving targeted mobile advertising: A Blockchain-based framework for mobile ads

TLDR
The main goal is to design a decentralized framework for targeted ads, which enables private delivery of ads to users whose behavioral profiles accurately match the presented ads, defined by the ad system.

Crowdsourcing as a guardian of transparency, privacy, and anti-discrimination in a personalized web

TLDR
This research presented here presents a probabilistic procedure for estimating the response of the immune system to laser-spot assisted, 3D image analysis for the first time.

References

SHOWING 1-10 OF 21 REFERENCES

Extended Tracking Powers: Measuring the Privacy Diffusion Enabled by Browser Extensions

TLDR
BrowsingFog is designed, implemented, and evaluated, a browser extension that automatically browses the web in a way that conceals a user's true interests, from a vantage point of history-stealing, third-party trackers.

Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting

TLDR
By analyzing the code of three popular browser-fingerprinting code providers, it is revealed the techniques that allow websites to track users without the need of client-side identifiers and how fragile the browser ecosystem is against fingerprinting through the use of novel browser-identifying techniques.

Discovering Browser Extensions via Web Accessible Resources

TLDR
This paper explores browser extension discovery, through a non-behavioral technique, based on detecting extensions' web accessible resources, being able to detect over 50% of the top 1,000 free Chrome extensions, including popular security- and privacy-critical extensions such as AdBlock, LastPass, Avast Online Security, and Ghostery.

XHOUND: Quantifying the Fingerprintability of Browser Extensions

TLDR
It is shown that an extension's organic activity in a page's DOM can be used to infer its presence, and XHound, the first fully automated system for fingerprinting browser extensions is developed, is developed.

Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies

TLDR
Two attacks that bypass access control techniques in every major browser family are presented, enabling enumeration attacks against the list of installed extensions and an attack that takes advantage of poor programming practice, affecting a large number of Safari extensions are presented.

PrivacyScore: Improving Privacy and Security via Crowd-Sourced Benchmarks of Websites

TLDR
PrivacyScore is introduced, an automated website scanning portal that allows anyone to benchmark security and privacy features of multiple websites and can be used by data protection authorities to perform regularly scheduled compliance checks.

Privacy leakage vs . Protection measures : the growing disconnect

TLDR
The growing disconnect between the protection measures and increasing leakage and linkage suggests that the community needs to move beyond the losing battle with aggregators and examine what roles first-party sites can play in protecting privacy of their use rs.

Privacy awareness about information leakage: who knows what about me?

TLDR
This paper moves towards a comprehensive and efficient client-side tool that maximizes users' awareness of the extent of their information leakage and shows that such a customizable tool can help users to make informed decisions on controlling their privacy footprint.

Are You Sure You Want to Contact Us? Quantifying the Leakage of PII via Website Contact Forms

TLDR
Formlock, a browser extension that warns the user when contact forms are using PII-leaking practices, and provides the ability to comprehensively lock-down a form so that a user’s details cannot be, neither accidentally, nor intentionally, leaked to third parties is designed.

Why Johnny can't opt out: a usability evaluation of tools to limit online behavioral advertising

TLDR
Results of a 45-participant laboratory study investigating the usability of nine tools to limit online behavioral advertising found serious usability flaws in all tools tested.