TU Darmstadt / ULB / TUbiblio

Reducing User Tracking through Automatic Web Site State Isolations

Stopczynski, Martin ; Zugelder, Michael (2014)
Reducing User Tracking through Automatic Web Site State Isolations.
doi: 10.1007/978-3-319-13257-0_18
Conference or Workshop Item, Bibliographie

Abstract

Protecting the privacy of web users against tracking by blocking third-party content has become a cat-and-mouse game. Continuously changing tracking methods make it difficult to block all third-party content. On the other hand, it is necessary to accept some third-party content to ensure web site functionality. In this work we present the concept and an implementation for the automatic isolation of the locally stored web site state into separate containers. This eliminates the ability of trackers to re-identify users across different sites, by isolating HTTP cookies, HTML5 Web Storage, Indexed DB, and the browsing cache. The so-called Site Isolation was implemented for the Chromium browser and in addition secures the browser against CORS, CSRF, and click-jacking attacks, while limiting the impact of cache timing, and rendering engine hijacking. To evaluate the effectiveness of Site Isolation, we visited 1.6 million pages on over 94,000 distinct domains and compared the data saved against usual browsing. We show that top trackers collect enough information to identify billions of users reliably. In contrast, with Site Isolation in place the number of tracked pages can be reduced by 44%.

Item Type: Conference or Workshop Item
Erschienen: 2014
Creators: Stopczynski, Martin ; Zugelder, Michael
Type of entry: Bibliographie
Title: Reducing User Tracking through Automatic Web Site State Isolations
Language: English
Date: October 2014
Publisher: Springer
Book Title: Information Security
Series: Lecture Notes in Computer Science
Series Volume: 8783
DOI: 10.1007/978-3-319-13257-0_18
Abstract:

Protecting the privacy of web users against tracking by blocking third-party content has become a cat-and-mouse game. Continuously changing tracking methods make it difficult to block all third-party content. On the other hand, it is necessary to accept some third-party content to ensure web site functionality. In this work we present the concept and an implementation for the automatic isolation of the locally stored web site state into separate containers. This eliminates the ability of trackers to re-identify users across different sites, by isolating HTTP cookies, HTML5 Web Storage, Indexed DB, and the browsing cache. The so-called Site Isolation was implemented for the Chromium browser and in addition secures the browser against CORS, CSRF, and click-jacking attacks, while limiting the impact of cache timing, and rendering engine hijacking. To evaluate the effectiveness of Site Isolation, we visited 1.6 million pages on over 94,000 distinct domains and compared the data saved against usual browsing. We show that top trackers collect enough information to identify billions of users reliably. In contrast, with Site Isolation in place the number of tracked pages can be reduced by 44%.

Uncontrolled Keywords: Tracking; Privacy; Browser; Isolation; Security
Identification Number: TUD-CS-2014-0994
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > Security in Information Technology
Profile Areas > Cybersecurity (CYSEC)
LOEWE > LOEWE-Zentren
20 Department of Computer Science
Profile Areas
LOEWE
Date Deposited: 31 Dec 2016 11:42
Last Modified: 17 May 2018 13:02
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details