• PDF / 829,202 Bytes
• 17 Pages / 439.37 x 666.142 pts Page_size
• 21 Downloads / 225 Views

DOWNLOAD

REPORT

CSC/SnT, University of Luxembourg, Luxembourg, Luxembourg Open University of the Netherlands, Heerlen, The Netherlands [email protected]

2

Abstract. Online tracking of users is used for benign goals, such as detecting fraudulent logins, but also to invade user privacy. We posit that for non-oppressed users, tracking within one website does not have a substantial negative impact on privacy, while it enables legitimate benefits. In contrast, cross-domain tracking negatively impacts user privacy, while being of little benefit to the user. Existing methods to counter fingerprint-based tracking treat crossdomain tracking and regular tracking the same. This often results in hampering or disabling desired functionality, such as embedded videos. By distinguishing between regular and cross-domain tracking, more desired functionality can be preserved. We have developed a prototype tool, FPBlock, that counters cross-domain fingerprint-based tracking while still allowing regular tracking. FP-Block ensures that any embedded party will see a different, unrelatable fingerprint for each site on which it is embedded. Thus, the user’s fingerprint can no longer be tracked across the web, while desired functionality is better preserved compared to existing methods.

1

Introduction

Online activities play an ever-growing role in everyday life. Consequently, companies are increasingly tracking users online [14]. There may be various reasons for such tracking, such as fraud prevention by identifying illegitimate usage attempts [16], suggesting related content, and better targeting advertisements. Where such tracking remains confined to the tracker’s own website, the balance between privacy and functionality is (arguably) satisfied: the website learns a user’s browsing habits on that particular website, which helps to improve the website for this user. We will call this type of tracking regular tracking. However, some companies offer online services that are embedded on a large number of websites. Examples of such services are social sharing buttons, popular JavaScript libraries, and popular web analytics services. Thanks to this ubiquitous embedding, such companies can track users over large portions of the web. According to various studies, plenty of different companies are embedded on a sizable1 portion of the Web. For example, consider the Facebook “Like” button. 1

E.g. penetration rates for top 1 million sites according to BuiltWith.com (October 2014): DoubleClick.net 18.5 %, Facebook Like button 15.6 %, Google Analytics 46.6 %.

c Springer International Publishing Switzerland 2015  G. Pernul et al. (Eds.): ESORICS 2015, Part II, LNCS 9327, pp. 3–19, 2015. DOI: 10.1007/978-3-319-24177-7 1

4

C.F. Torres et al.

The embedding site includes a piece of code that triggers the user’s browser to contact the Facebook servers to download the button. As browsers are made to explain where a request originated (the HTTP Referer field), the browser will tell Facebook exactly which URL triggered this request each time. This enables Facebook to track t

Recommend Documents

Privacy-Preserving for Web Hosting

157 93 49MB

Shared Images and Camera Fingerprinting May Lead to Privacy Issues

142 55 9MB

PrivLeAD: Privacy Leakage Detection on the Web

163 75 110MB

Fingerprinting

194 7 1MB

Oblivion: Mitigating Privacy Leaks by Controlling the Discoverability of Online Information

141 18 23MB

Automatic Assistance to Cognitive Disabled Web Users via Reinforcement Learning on the Browser

149 113 40MB

Fingerprint/Fingerprinting

188 84 72MB

Digital Fingerprinting

156 88 5MB

Multimedia Fingerprinting

163 12 23MB

Metabolite Fingerprinting

161 56 72MB

Multimedia Fingerprinting

184 12 27MB

Fingerprinting Localization

191 50 49MB