TU Darmstadt / ULB / TUbiblio

Reducing User Tracking through Automatic Web Site State Isolations

Stopczynski, Martin and Zugelder, Michael (2014):
Reducing User Tracking through Automatic Web Site State Isolations.
In: Information Security, Springer, In: Lecture Notes in Computer Science, 8783, ISBN 978-3-319-13256-3,
DOI: 10.1007/978-3-319-13257-0_18,
[Conference or Workshop Item]

Abstract

Protecting the privacy of web users against tracking by blocking third-party content has become a cat-and-mouse game. Continuously changing tracking methods make it difficult to block all third-party content. On the other hand, it is necessary to accept some third-party content to ensure web site functionality. In this work we present the concept and an implementation for the automatic isolation of the locally stored web site state into separate containers. This eliminates the ability of trackers to re-identify users across different sites, by isolating HTTP cookies, HTML5 Web Storage, Indexed DB, and the browsing cache. The so-called Site Isolation was implemented for the Chromium browser and in addition secures the browser against CORS, CSRF, and click-jacking attacks, while limiting the impact of cache timing, and rendering engine hijacking. To evaluate the effectiveness of Site Isolation, we visited 1.6 million pages on over 94,000 distinct domains and compared the data saved against usual browsing. We show that top trackers collect enough information to identify billions of users reliably. In contrast, with Site Isolation in place the number of tracked pages can be reduced by 44%.

Item Type: Conference or Workshop Item
Erschienen: 2014
Creators: Stopczynski, Martin and Zugelder, Michael
Title: Reducing User Tracking through Automatic Web Site State Isolations
Language: ["languages_typename_1" not defined]
Abstract:

Protecting the privacy of web users against tracking by blocking third-party content has become a cat-and-mouse game. Continuously changing tracking methods make it difficult to block all third-party content. On the other hand, it is necessary to accept some third-party content to ensure web site functionality. In this work we present the concept and an implementation for the automatic isolation of the locally stored web site state into separate containers. This eliminates the ability of trackers to re-identify users across different sites, by isolating HTTP cookies, HTML5 Web Storage, Indexed DB, and the browsing cache. The so-called Site Isolation was implemented for the Chromium browser and in addition secures the browser against CORS, CSRF, and click-jacking attacks, while limiting the impact of cache timing, and rendering engine hijacking. To evaluate the effectiveness of Site Isolation, we visited 1.6 million pages on over 94,000 distinct domains and compared the data saved against usual browsing. We show that top trackers collect enough information to identify billions of users reliably. In contrast, with Site Isolation in place the number of tracked pages can be reduced by 44%.

Title of Book: Information Security
Series Name: Lecture Notes in Computer Science
Volume: 8783
Publisher: Springer
ISBN: 978-3-319-13256-3
Uncontrolled Keywords: Tracking; Privacy; Browser; Isolation; Security
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > Security, Usability and Society
Profile Areas > Cybersecurity (CYSEC)
LOEWE > LOEWE-Zentren
20 Department of Computer Science
Profile Areas
LOEWE
Date Deposited: 31 Dec 2016 11:42
DOI: 10.1007/978-3-319-13257-0_18
Identification Number: TUD-CS-2014-0994
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item