Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)

Slides:

Advertisements

Similar presentations

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.

Advertisements

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

Privacy: Facebook, Twitter

Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.

Google Docs is a free, web-based office suite offered by Google within its Google Drive service. It was formerly a storage service as well, but has since.

On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

What is a Firewall Anyway?

Mitigating Malware Collin Jackson CS142 – Winter 2009.

Securing Interaction for Sites, Apps and Extensions in the Browser Brad Miller J. D. Tygar.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Internet Explorer Browsing & Windows XP Service Pack 2 What is Service Pack 2? The newest update for Windows XP which aims to make your computer more secure.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

Use my floppy disk. 1. copy short cut to desktop. 2.run NoAdHOSTS.exe 3. Surf without ad’s. 4.to reverse everything -edit out all url s you want to return.

Internet safety By Lydia Snowden.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.

Staying Safe Online Keep your Information Secure.

Ben Miller. Shawn “Jay Z” Carter  Rapper, Producer, Entrepreneur, Investor and Sports Agent  Worth nearly $500 Million  Arguably the most successful.

People use the internet more and more these days so it is very important that we make sure everyone is safe and knows what can happen and how to prevent.

I Do Not Know What You Visited Last Summer: Protecting users from stateful third-party web tracking with TrackingFree browser Xiang Pan §, Yinzhi Cao †,

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Ad placed based on my visit to a page on Lulu.com.

CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

Olof Nilsson.  Ex: Facebook, MySpace, LinkedIn ◦ Allows users to create web pages or profiles that provide information about themselves and are available.

Module 5: Configuring Internet Explorer and Supporting Applications.

Georgios Kontaxis‡, Michalis Polychronakis‡, Angelos D. Keromytis‡, and Evangelos P.Markatos* ‡Columbia University and *FORTH-ICS USENIX-SEC (August, 2012)

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

University of Central Florida The Postman Always Rings Twice: Attacking & Defending postMessage in HTML5 Websites Ankur Verma University of Central Florida,

Protecting Browsers from Extension Vulnerabilities Paper by: Adam Barth, Adrienne Porter Felt, Prateek Saxena at University of California, Berkeley and.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Activity 4 Protecting Ourselves. Keeping Safe There are lots of different ways we can be at risk on the Internet. How can we protect ourselves and keep.

1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011.

Web Browsing *TAKE NOTES*. Millions of people browse the Web every day for research, shopping, job duties and entertainment. Installing a web browser.

ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,

Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.

Remove [Browser Hijackers] For more information regarding [Browser Hijackers] Please Visit:

Windows Vista Configuration MCTS : Internet Explorer 7.0.

Advertisements & Ad Blocking Technology By: Daniel Jackson.

Some from Chapter 11.9 – “Web” 4 th edition and SY306 Web and Databases for Cyber Operations Cookies and.

Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.

BUILD SECURE PRODUCTS AND SERVICES

Managing Windows Security

Hotspot Shield Protect Your Online Identity

World Wide Web policy.

Unit 11 Using the Internet & Browsing the Web

Browser Settings *Failure to have the correct Browser cache setting may result in incorrect data being displayed. This is the procedure to allow Indistar.

Practical Censorship Evasion Leveraging Content Delivery Networks

Shavonne Henry, Nikia Clarke, David Heymann, Brandon Knight

Latest Updates on BlackHawk Mines Music : Privacy Policy

Importance of Privacy Internet Safety

Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.

Cookies BIS1523 – Lecture 23.

Auditing Etsy The Security of Etsy

AUTOFILL FORMS. Open Internet explorer browser.

What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.

Configuring Internet-related services

Technical Integration Guide

Understanding Android Security

Personal Privacy and the Public Internet

Protecting Browsers from Extension Vulnerabilities

Cross Site Request Forgery (CSRF)

Presentation transcript:

Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)

Introduction Privacy Issues related to social plug-ins on websites Even if one doesn’t interact with social plug-ins Novel design for privacy-preserving social plug-ins without sacrifices in functionality

What are social plug-ins? Provided by online social networking services (SNS) Included in third-party Web sites Enable users to interact with the page content through their social identity via a series of actions Offers personalized information based on social data

How many of them? Facebook has 955 million users 33% of the Top 10K Web sites have integrated the Like button (at least 2 million in total) Google+ has 425 million users 22% of Top 10K sites have integrated the +1 button (at least 1 million in total)

How do Social Plug-ins Work?

Privacy Risks Social networking services know the user’s real name Don’t have to interact with a plug-in Cannot know beforehand whether a page carries plug- ins

Who knows I visited Mashable.com?

Preventing Privacy Leaks Logging Out of the Social Networking Service? Today at least 2 cookies persist Never logged in Facebook Logged in, then logged out While logged in

Preventing Privacy Leaks Disabling Third-party Cookies? Social plug-ins will render as if the user is not a member of the social networking service However, doesn’t always protect from third-party tracking In Chrome it’s trivial for a third party to position itself as a first party( popup window – native blocker won’t help)

Preventing Privacy Leaks Enabling the “Do Not Track HTTP” Header? Policy technique, no technical enforcement Very few sites support it at the moment Removing third parties from Web pages? Commonly used to filter out advertisements Social plug-ins will not appear Users lose the option of viewing and/or interacting with some of the social plug-ins if they want to

Privacy-Preserving Social Plug-ins

The SafeButton Browser Extension Disables the original social plug-ins SafeButton DOM replacement preserve the same (personalized) content Upon interaction, the original plug-in is loaded to enable write functionality

SafeButton’s Bootstrapping Privacy protected from the beginning Downloading social data upon user’s login to social network service Bootstrapping the local store for 5,000 friends took a little less than 10 hours Periodic, incremental updates

SafeButton’s Resource Requirements

SafeButton As a Service Web browser extensions are not good enough Users unaware of privacy risks of social plug-ins Users unwilling or unable to install extensions Implemented with Web technologies that enable an in-browser solution without additional software

SafeButton As a Service Pages incl. social plug-ins as usual Social network will return a SafeButton agent

SafeButton As a Service How to avoid leaking user-identifying info? Isolate social plug-ins to diff. domain Secure message passing with SNS Cacheable agent Encrypt data store

Summary Identified privacy issues of current social plug-ins that most users aren’t aware of Pointed out the dilemma between privacy and functionality Presented the proposal for privacy-preserving social plug-ins