• Corpus ID: 18745411

Show Me Your Cookie And I Will Tell You Who You Are

@article{Toubiana2011ShowMY,
  title={Show Me Your Cookie And I Will Tell You Who You Are},
  author={Vincent Toubiana and Vincent Verdot},
  journal={ArXiv},
  year={2011},
  volume={abs/1108.5864}
}
With the success of Web applications, most of our data is now stored on various third-party servers where they are processed to deliver personalized services. Naturally we must be authenticated to access this personal information, but the use of personalized services only restricted by identification could indirectly and silently leak sensitive data. We analyzed Google Web Search access mechanisms and found that the current policy applied to session cookies could be used to retrieve users… 

Figures and Tables from this paper

Privacy Notice and Choice in Practice
TLDR
It is argued that notice and choice are necessary, but not sufficient to protect online privacy, and that government regulation is necessary to establish necessary additional protections including access, redress, accountability, and enforcement.
Smart, useful, scary, creepy: perceptions of online behavioral advertising
TLDR
Non-technical users' attitudes about and understanding of OBA are investigated, using participants' expectations and beliefs to explain their attitudes, and existing notice and choice mechanisms are not effectively reaching users.

References

SHOWING 1-9 OF 9 REFERENCES
Private Information Disclosure from Web Searches
TLDR
The Historiographer is presented, a novel attack that reconstructs the web search history of Google users - Google's Web History - even though this service is supposedly protected from session hijacking by a stricter access control policy.
Session Fixation Vulnerability in Web-based Applications
TLDR
A fourth class of attacks against session IDs is revealed: session fixation attacks, where the attacker fixes the user’s session ID before the user even logs into the target server, thereby eliminating the need to obtain the users’ session ID afterwards.
Summary of the experiment results
  • Firesheep,
  • 2010
The freedom to be who you want to be
  • 2011
Google ramps up personalized search http://searchengineland.com/ google-ramps-up-personalized-search-10430
  • Google ramps up personalized search http://searchengineland.com/ google-ramps-up-personalized-search-10430
  • 2007
Google ramps up personalized search, 2007. http://searchengineland.com/ google-ramps-up-personalized-search-10430
  • 2007
Electronic Frontier Foundation. Https everywhere. https://www.eff.org/https-everywhere
  • Electronic Frontier Foundation. Https everywhere. https://www.eff.org/https-everywhere
Google ramps up personalized search , 2007
The freedom to be who you want to be. . . , February 2011. http://googlepublicpolicy.blogspot.com/2011/02/ freedom-to-be-who-you-want-to-be.html
  • The freedom to be who you want to be. . . , February 2011. http://googlepublicpolicy.blogspot.com/2011/02/ freedom-to-be-who-you-want-to-be.html