Stopczynski, Martin ; Zugelder, Michael (2014)
Reducing User Tracking through Automatic Web Site State Isolations.
doi: 10.1007/978-3-319-13257-0_18
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Protecting the privacy of web users against tracking by blocking third-party content has become a cat-and-mouse game. Continuously changing tracking methods make it difficult to block all third-party content. On the other hand, it is necessary to accept some third-party content to ensure web site functionality. In this work we present the concept and an implementation for the automatic isolation of the locally stored web site state into separate containers. This eliminates the ability of trackers to re-identify users across different sites, by isolating HTTP cookies, HTML5 Web Storage, Indexed DB, and the browsing cache. The so-called Site Isolation was implemented for the Chromium browser and in addition secures the browser against CORS, CSRF, and click-jacking attacks, while limiting the impact of cache timing, and rendering engine hijacking. To evaluate the effectiveness of Site Isolation, we visited 1.6 million pages on over 94,000 distinct domains and compared the data saved against usual browsing. We show that top trackers collect enough information to identify billions of users reliably. In contrast, with Site Isolation in place the number of tracked pages can be reduced by 44%.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2014 |
| Autor(en): | Stopczynski, Martin ; Zugelder, Michael |
| Art des Eintrags: | Bibliographie |
| Titel: | Reducing User Tracking through Automatic Web Site State Isolations |
| Sprache: | Englisch |
| Publikationsjahr: | Oktober 2014 |
| Verlag: | Springer |
| Buchtitel: | Information Security |
| Reihe: | Lecture Notes in Computer Science |
| Band einer Reihe: | 8783 |
| DOI: | 10.1007/978-3-319-13257-0_18 |
| Kurzbeschreibung (Abstract): | Protecting the privacy of web users against tracking by blocking third-party content has become a cat-and-mouse game. Continuously changing tracking methods make it difficult to block all third-party content. On the other hand, it is necessary to accept some third-party content to ensure web site functionality. In this work we present the concept and an implementation for the automatic isolation of the locally stored web site state into separate containers. This eliminates the ability of trackers to re-identify users across different sites, by isolating HTTP cookies, HTML5 Web Storage, Indexed DB, and the browsing cache. The so-called Site Isolation was implemented for the Chromium browser and in addition secures the browser against CORS, CSRF, and click-jacking attacks, while limiting the impact of cache timing, and rendering engine hijacking. To evaluate the effectiveness of Site Isolation, we visited 1.6 million pages on over 94,000 distinct domains and compared the data saved against usual browsing. We show that top trackers collect enough information to identify billions of users reliably. In contrast, with Site Isolation in place the number of tracked pages can be reduced by 44%. |
| Freie Schlagworte: | Tracking; Privacy; Browser; Isolation; Security |
| ID-Nummer: | TUD-CS-2014-0994 |
| Fachbereich(e)/-gebiet(e): | LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt 20 Fachbereich Informatik > Sicherheit in der Informationstechnik Profilbereiche > Cybersicherheit (CYSEC) LOEWE > LOEWE-Zentren 20 Fachbereich Informatik Profilbereiche LOEWE |
| Hinterlegungsdatum: | 31 Dez 2016 11:42 |
| Letzte Änderung: | 17 Mai 2018 13:02 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum