Web Browser History Detection as a Real-World Privacy Threat
Identifieur interne : 000E51 ( Main/Exploration ); précédent : 000E50; suivant : 000E52Web Browser History Detection as a Real-World Privacy Threat
Auteurs : Artur Janc ; Lukasz OlejnikSource :
- Lecture Notes in Computer Science [ 0302-9743 ] ; 2010.
Abstract
Abstract: Web browser history detection using CSS visited styles has long been dismissed as an issue of marginal impact. However, due to recent changes in Web usage patterns, coupled with browser performance improvements, the long-standing issue has now become a significant threat to the privacy of Internet users. In this paper we analyze the impact of CSS-based history detection and demonstrate the feasibility of conducting practical attacks with minimal resources. We analyze Web browser behavior and detectability of content loaded via standard protocols and with various HTTP response codes. We develop an algorithm for efficient examination of large link sets and evaluate its performance in modern browsers. Compared to existing methods our approach is up to 6 times faster, and is able to detect up to 30,000 visited links per second. We present a novel Web application capable of effectively detecting clients’ browsing histories and discuss real-world results obtained from 271,576 Internet users. Our results indicate that at least 76% of Internet users are vulnerable to history detection, including over 94% of Google Chrome users; for a test of most popular Internet websites we were able to detect, on average, 62.6 (median 22) visited locations per client. We also demonstrate the potential to profile users based on social news stories they visited, and to detect private data such as zipcodes or search queries typed into online forms.
Url:
DOI: 10.1007/978-3-642-15497-3_14
Affiliations:
Links toward previous steps (curation, corpus...)
- to stream Istex, to step Corpus: 000A84
- to stream Istex, to step Curation: 000A84
- to stream Istex, to step Checkpoint: 000223
- to stream Main, to step Merge: 000E61
- to stream Main, to step Curation: 000E51
Le document en format XML
<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">Web Browser History Detection as a Real-World Privacy Threat</title><author><name sortKey="Janc, Artur" sort="Janc, Artur" uniqKey="Janc A" first="Artur" last="Janc">Artur Janc</name></author><author><name sortKey="Olejnik, Lukasz" sort="Olejnik, Lukasz" uniqKey="Olejnik L" first="Lukasz" last="Olejnik">Lukasz Olejnik</name></author></titleStmt><publicationStmt><idno type="wicri:source">ISTEX</idno><idno type="RBID">ISTEX:EDA9194CE75A28023E174B335B08764D50A6FCCB</idno><date when="2010" year="2010">2010</date><idno type="doi">10.1007/978-3-642-15497-3_14</idno><idno type="url">https://api.istex.fr/document/EDA9194CE75A28023E174B335B08764D50A6FCCB/fulltext/pdf</idno><idno type="wicri:Area/Istex/Corpus">000A84</idno><idno type="wicri:Area/Istex/Curation">000A84</idno><idno type="wicri:Area/Istex/Checkpoint">000223</idno><idno type="wicri:doubleKey">0302-9743:2010:Janc A:web:browser:history</idno><idno type="wicri:Area/Main/Merge">000E61</idno><idno type="wicri:Area/Main/Curation">000E51</idno><idno type="wicri:Area/Main/Exploration">000E51</idno></publicationStmt><sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">Web Browser History Detection as a Real-World Privacy Threat</title><author><name sortKey="Janc, Artur" sort="Janc, Artur" uniqKey="Janc A" first="Artur" last="Janc">Artur Janc</name><affiliation><wicri:noCountry code="no comma">E-mail: artur@lingro.com</wicri:noCountry></affiliation></author><author><name sortKey="Olejnik, Lukasz" sort="Olejnik, Lukasz" uniqKey="Olejnik L" first="Lukasz" last="Olejnik">Lukasz Olejnik</name></author></analytic><monogr></monogr><series><title level="s">Lecture Notes in Computer Science</title><imprint><date>2010</date></imprint><idno type="ISSN">0302-9743</idno><idno type="eISSN">1611-3349</idno><idno type="ISSN">0302-9743</idno></series><idno type="istex">EDA9194CE75A28023E174B335B08764D50A6FCCB</idno><idno type="DOI">10.1007/978-3-642-15497-3_14</idno><idno type="ChapterID">Chap14</idno><idno type="ChapterID">14</idno></biblStruct></sourceDesc><seriesStmt><idno type="ISSN">0302-9743</idno></seriesStmt></fileDesc><profileDesc><textClass></textClass><langUsage><language ident="en">en</language></langUsage></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">Abstract: Web browser history detection using CSS visited styles has long been dismissed as an issue of marginal impact. However, due to recent changes in Web usage patterns, coupled with browser performance improvements, the long-standing issue has now become a significant threat to the privacy of Internet users. In this paper we analyze the impact of CSS-based history detection and demonstrate the feasibility of conducting practical attacks with minimal resources. We analyze Web browser behavior and detectability of content loaded via standard protocols and with various HTTP response codes. We develop an algorithm for efficient examination of large link sets and evaluate its performance in modern browsers. Compared to existing methods our approach is up to 6 times faster, and is able to detect up to 30,000 visited links per second. We present a novel Web application capable of effectively detecting clients’ browsing histories and discuss real-world results obtained from 271,576 Internet users. Our results indicate that at least 76% of Internet users are vulnerable to history detection, including over 94% of Google Chrome users; for a test of most popular Internet websites we were able to detect, on average, 62.6 (median 22) visited locations per client. We also demonstrate the potential to profile users based on social news stories they visited, and to detect private data such as zipcodes or search queries typed into online forms.</div></front></TEI><affiliations><list></list><tree><noCountry><name sortKey="Janc, Artur" sort="Janc, Artur" uniqKey="Janc A" first="Artur" last="Janc">Artur Janc</name><name sortKey="Olejnik, Lukasz" sort="Olejnik, Lukasz" uniqKey="Olejnik L" first="Lukasz" last="Olejnik">Lukasz Olejnik</name></noCountry></tree></affiliations></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Musique/explor/OperaV1/Data/Main/Exploration
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000E51 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd -nk 000E51 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Musique
|area= OperaV1
|flux= Main
|étape= Exploration
|type= RBID
|clé= ISTEX:EDA9194CE75A28023E174B335B08764D50A6FCCB
|texte= Web Browser History Detection as a Real-World Privacy Threat
}}
| This area was generated with Dilib version V0.6.21. |  |