Presentation is loading. Please wait.

Presentation is loading. Please wait.

This work was supported by the TRUST Center (NSF award number CCF-0424422) Methods Data Collection: 1. Start Sever on the host OS: This creates a sanitized.

Published byEgbert Armstrong Modified over 8 years ago

Similar presentations

Presentation on theme: "This work was supported by the TRUST Center (NSF award number CCF-0424422) Methods Data Collection: 1. Start Sever on the host OS: This creates a sanitized."— Presentation transcript:

1 This work was supported by the TRUST Center (NSF award number CCF-0424422) Methods Data Collection: 1. Start Sever on the host OS: This creates a sanitized VM guest environment 2. Start Client on the guest OS: This creates a Firefox instance at site 'x' (See Image 1) 3. Browse the web making 10 clicks on the same domain to simulate a user session. 4. Exit the browser: This will automatically do the data collection, and prompt the user to send the data to the server or “punt”(restart at domain 'x') 5. Browse next site. Note: The script will restart the VM at the next website on a new Respawning: Analysis of FLASH,HTTP, and HTML5 DATA Mika Ayenson – Worcester Polytechnic Institute, Dietrich Wambach – University of Wyoming Faculty : Professor Chris Hoofnagle, J.D., Mentors : Nathan Good, Ph.D, Ashkan Soltani Abstract Web tracking is an increasingly demonstrated technique that websites are using to determine private and sensitive information about their users. Companies employ a number of techniques to track users in order to place advertisements and measure usage of websites. It is generally agreed that users can avoid this tracking by deleting or blocking cookies. Here, we investigate techniques employed by website owners to track individuals persistently, even where they take privacy- protective steps. Background Flash and HTTP cookies have been the cranking engine behind user tracking. With the introduction of HTML5 local storage data, it has provided further areas of research. The 2009 Flash study similarly analyzed the top 100 websites in order to determine how Flash and Http cookies were being used. 54 of the sites set 157 LSOs, and 98 of the sites set 3,602 HTTP cookies[1]. Cookies not only have the power to track a user, but also to respawn previously deleted cookies. The study discovered HTTP cookie's respawning on several websites including about.com, hulu.com, aol.com, and mapquest.com. HTML5 data is very analogous to Flash and HTTP cookies in being able to respawn HTTP cookies or Flash cookies, thus it is just as vital to test if HTML5 is respawning user deleted data. Project Goals The overall goal of this project is to expose the potential threat of user tracking devices deployed by websites, while developing an overall survey on the tracking usage per device. These devices include, HTTP Cookies, FLASH Cookies, and HTML5 local storage data. It is also important to determine if these websites are using these devices to respawn user deleted tracking devices. Results/Outcomes HTTP Seen on all 100 websites Detected 5,675 7 websites placed more than 150 (wikia.com, 242; legacy.com, 230; foxnews.com, 185; bizrate.com, 175; drudgereport.com, 168; myspace.com, 151; time.com 151) FLASH Seen on 37 websites (decrease from 2009 at 54) Detected 100 Shared values seen between HTML5 HTML5 Seen on 17 websites Detected 60 key/value pairs Shared values seen between FLASH and HTTP Respawning Hulu.com via HTTP and HTML5 -Kissmetrics is using ETags and an array of different tracking mechanisms to create a unique identifier and set it on first-party sites such as hulu.com -This method tracks the user even if she blocks Flash, HTML5, and HTTP cookies. Foxnews.com via FLASH and HTML5 Photo or graphic caption Conclusions/Future Work Over the last couple years, websites have shifted their tracking techniques in comparison to the 2009 Flash study. Fewer websites are using Flash to respawn cookies. In contrast, more websites are setting more HTTP cookies. Due to the spike in HTTP cookies, and the HTML5 tracking technique addition, there is a significant increase in overall cookies being set. This study is evidence that with HTML5 still gaining exposure and popularity, there is a growing threat of tracking users with this new technique. As future work, further exploration in sites not in the top 100 that are focusing on HTML5 development would provide more information on how the power of HTML5 is used. References [1] Soltani, Ashkan, Canty, Shannon, Mayo, Quentin, Thomas, Lauren and Hoofnagle, Chris Jay, Flash Cookies and Privacy (August 10, 2009). Available at SSRN: http://ssrn.com/abstract=1446862 Acknowledgments I would like to thank TRUST (Team for Research in Ubiquitous Secure Technology) as well as the National Science Foundation for the support throughout this research experience. A special thank you is to Dr. Gates and my advisors Chris Hoofnagle, Nathan Good, and Ashkan Soltani for working with me on this project. Image 1 Image 3 Image 2

Download ppt "This work was supported by the TRUST Center (NSF award number CCF-0424422) Methods Data Collection: 1. Start Sever on the host OS: This creates a sanitized."

Similar presentations

The Internet and the Web

The Internet and the Web
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Assessing Privacy Risks of Flash Cookies Kevin Fuller and Stacy Jordan February.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Assessing Privacy Risks of Flash Cookies Kevin Fuller and Stacy Jordan February.
This work was supported by the TRUST Center (NSF award number CCF-0424422) Background In order to subsidize free services to consumers, web sites often.

This work was supported by the TRUST Center (NSF award number CCF ) Background In order to subsidize free services to consumers, web sites often.
This work was supported by the TRUST Center (NSF award number CCF-0424422) 1 Introduction Within the last few years, online advertisement companies have.

This work was supported by the TRUST Center (NSF award number CCF ) 1 Introduction Within the last few years, online advertisement companies have.
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.

Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
This work was supported by the TRUST Center (NSF award number CCF-0424422) 1. Setting up experiment on DETER testbed a)Created twelve pc backbone nodes.

This work was supported by the TRUST Center (NSF award number CCF ) 1. Setting up experiment on DETER testbed a)Created twelve pc backbone nodes.
WEB BROWSER SECURITY By Robert Sellers Brian Bauer.

WEB BROWSER SECURITY By Robert Sellers Brian Bauer.
On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.

On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.
This work was supported by the TRUST Center (NSF award number CCF-0424422) Introduction With recent advances in technology comes an increase in the quantity.

This work was supported by the TRUST Center (NSF award number CCF ) Introduction With recent advances in technology comes an increase in the quantity.
Lauren Thomas 1,3 Chris Hoofnagle, JD 2 Ashkan Soltani, MIMS 2 Louisiana State University 1 University of California, Berkeley 2 SUPERB-TRUST REU 3 Do.

Lauren Thomas 1,3 Chris Hoofnagle, JD 2 Ashkan Soltani, MIMS 2 Louisiana State University 1 University of California, Berkeley 2 SUPERB-TRUST REU 3 Do.
PGN5: KAING, RISHER AND SCHULTE PERSISTENT COOKIES WITH BROWSER FINGERPRINTING.

PGN5: KAING, RISHER AND SCHULTE PERSISTENT COOKIES WITH BROWSER FINGERPRINTING.
How’s My Network (HMN)? A Java approach to Home Network Measurement Alan Ritacco, Craig Wills, and Mark Claypool Computer Science Department Worcester.

How’s My Network (HMN)? A Java approach to Home Network Measurement Alan Ritacco, Craig Wills, and Mark Claypool Computer Science Department Worcester.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Mapping Online Advertising: From Anxiety to Method Fernando Bermejo Fellow, Berkman Center for Internet & Society, Harvard University January 12th, 2010.

Mapping Online Advertising: From Anxiety to Method Fernando Bermejo Fellow, Berkman Center for Internet & Society, Harvard University January 12th, 2010.
Firefox 2 Feature Proposal: Remote User Profiles TeamOne August 3, 2007 TeamOne August 3, 2007.

Firefox 2 Feature Proposal: Remote User Profiles TeamOne August 3, 2007 TeamOne August 3, 2007.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie(name, value, expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Introduction 2: Internet, Intranet, and Extranet J394 – Perancangan Situs Web Program Sudi Manajemen Universitas Bina Nusantara.

Introduction 2: Internet, Intranet, and Extranet J394 – Perancangan Situs Web Program Sudi Manajemen Universitas Bina Nusantara.
“InPrivate” Jennifer Bui MIS 304 September 4, 2008 Professor Fang Jennifer Bui MIS 304 September 4, 2008 Professor Fang.

“InPrivate” Jennifer Bui MIS 304 September 4, 2008 Professor Fang Jennifer Bui MIS 304 September 4, 2008 Professor Fang.
March Intensive: XSS Exploits

March Intensive: XSS Exploits
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.

Similar presentations

Ads by Google