identifying and preventing conditions for web privacy
play

Identifying and Preventing Conditions for Web Privacy Leakage Craig - PowerPoint PPT Presentation

Sep 10, 2023 •413 likes •474 views

Identifying and Preventing Conditions for Web Privacy Leakage Craig E. Wills Computer Science Department Worcester Polytechnic Institute Worcester, MA USA W3C Workshop on Web Tracking and User Privacy April, 2011 1 Its Not Just Tracking

  1. Identifying and Preventing Conditions for Web Privacy Leakage Craig E. Wills Computer Science Department Worcester Polytechnic Institute Worcester, MA USA W3C Workshop on Web Tracking and User Privacy April, 2011 1

  2. It’s Not Just Tracking ...but also leakage of private information via a range of first-party sites (employment, news, travel, entertainment...) utilizing registered user accounts (not just OSNs!) to third parties. Leakage may be explicit (intentional?) or implicit (inadvertent?). Leakage may be included as part of privacy policy or it may not. Bottom line, it’s not just tracking of user behavior by third-parties, but the capability to link this behavior and bits of private information about users. 2

  3. How Does Leakage Occur? • Via information embedded in URLs and leaked via Referer header. GET http://tracker.thirdparty.com/params... Referer: http://www.firstparty.com/...zip=12201... • Via page titles GET http://tracker.thirdparty.com/...title=John Doe profile... Referer: http://www.firstparty.com/profile/123456789... • Via information stored in first-party domain cookies, which are passed to hidden third parties. GET http://thirdparty.firstparty.com/... Referer: http://www.firstparty.com/... Cookie: ...e=jdoe@email.com&f=John&l=Doe... • Via population of third-party requests GET http://tracker.thirdparty.com/...age=30&gender=M&zip=12201... Referer: http://www.firstparty.com/... 3

  4. How Can Leakage be Prevented? Limited means for users beyond blocking third-party requests. An opt-out cookie does not prevent leakage. A “Do Not Track” header does not prevent leakage. Best done by first parties to negate a condition causing leakage. • not embedding private info in URLs—using POST to send data rather than a paramaterized GET request. • Not putting info in page titles where JavaScript APIs can access the info. • Not embedding private info in domain-wide first-party cookies so that hidden-third parties on these domains get access to the info. • Not allowing third parties access to the private information provided by users to first parties. 4

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IQCP for POCT in the Pre-Analytic State: Identifying and Preventing the Most Common Sources of

IQCP for POCT in the Pre-Analytic State: Identifying and Preventing the Most Common Sources of

IQCP for POCT in the Pre-Analytic State: Identifying and Preventing the Most Common Sources of Error Prof. Maria Stevens Hardy, IMA (ASCP), AHI & CLC (AMT) President & CEO Medical, Laboratory & Technology Consultants, LLC

566 views • 27 slides
Preventing & Identifying Failures of Dead Break Elbows Wind Farm Applications 1

Preventing & Identifying Failures of Dead Break Elbows Wind Farm Applications 1

Preventing & Identifying Failures of Dead Break Elbows Wind Farm Applications 1 Introduction Brian Peyres, Senior High Voltage Reliability Engineer, EDP Renewables. Level 2 Thermographer with 20 Years in the generating and utility

987 views • 44 slides
1 Identifying and Preventing Human Trafficking in Your County 2 Tips for viewing this webinar:

1 Identifying and Preventing Human Trafficking in Your County 2 Tips for viewing this webinar:

1 Identifying and Preventing Human Trafficking in Your County 2 Tips for viewing this webinar: The questions box and buttons are on the right side of the webinar window. This panel can collapse so that you can better view the

667 views • 45 slides
Identifying, Preventing, and Responding to Bullying in Long-Term Care Facilities Tuesday, July

Identifying, Preventing, and Responding to Bullying in Long-Term Care Facilities Tuesday, July

Identifying, Preventing, and Responding to Bullying in Long-Term Care Facilities Tuesday, July 28, 2015 Use the Red Aresidents' rightsow to expand or collapse your control panel. Audio: Select Mic & Speakers to use your speakers for

781 views • 63 slides
AW ARE : Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings Giuseppe Petracca

AW ARE : Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings Giuseppe Petracca

AW ARE : Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings Giuseppe Petracca Ahmad-Atamli Reineh Trent Jaeger gxp18@cse.psu.edu atamli@cs.ox.ac.uk tjaeger@cse.psu.edu The Pennsylvania State University University of

813 views • 55 slides
AW ARE : Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings Giuseppe Petracca

AW ARE : Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings Giuseppe Petracca

AW ARE : Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings Giuseppe Petracca Ahamad-Atamli Reineh Trent Jaeger gxp18@cse.psu.edu atamli@cs.ox.ac.uk tjaeger@cse.psu.edu The Pennsylvania State University University of

860 views • 50 slides
De-Identifying Education Data Future of Privacy Forum Webinar October 13, 2017 MICHAEL HAWES

De-Identifying Education Data Future of Privacy Forum Webinar October 13, 2017 MICHAEL HAWES

De-Identifying Education Data Future of Privacy Forum Webinar October 13, 2017 MICHAEL HAWES Director of Student Privacy Policy U.S. Department of Education United States Department of Education 2 Student Privacy Policy and Assistance

535 views • 38 slides
Philip Kolvin QC The licensing objectives In England, licences can be refused, or conditions

Philip Kolvin QC The licensing objectives In England, licences can be refused, or conditions

Philip Kolvin QC The licensing objectives In England, licences can be refused, or conditions imposed, only if they promote one or more of the licensing objectives These are: Preventing crime Public safety Preventing harm to

816 views • 28 slides
Data Security/Privacy Class Actions: Identifying and Mitigating the Expanding and Evolving Risks

Data Security/Privacy Class Actions: Identifying and Mitigating the Expanding and Evolving Risks

Presenting a live 90-minute webinar with interactive Q&A Data Security/Privacy Class Actions: Identifying and Mitigating the Expanding and Evolving Risks THURSDAY, DECEMBER 4, 2014 1pm Eastern | 12pm Central | 11am Mountain |

528 views • 48 slides
Seductive myths about privacy Myth: The major privacy risk is from unauthorized access to

Seductive myths about privacy Myth: The major privacy risk is from unauthorized access to

Seductive myths about privacy Myth: The major privacy risk is from unauthorized access to information Myth: Privacy can be adequately protected by removing personally identifying information (PII) from records to be released. Myth:

504 views • 24 slides
Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE Privacy Policy Terms & Conditions and Subscriptions Consent Structure and Preferences Meetings, Conferences, and Events

926 views • 36 slides
Privacy in Business Processes - Identifying Non-Authorized Disclosure of Personal Data to Third

Privacy in Business Processes - Identifying Non-Authorized Disclosure of Personal Data to Third

National Institute of Informatics National Institute of Informatics Privacy in Business Processes - Identifying Non-Authorized Disclosure of Personal Data to Third Parties - Austria-Japan Workshop 2010 October 18, 2010 Dr. Sven Wohlgemuth

324 views • 14 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
CURB Connect, Unite, Resist, Begin CURB Royal Greenwichs response to preventing children

CURB Connect, Unite, Resist, Begin CURB Royal Greenwichs response to preventing children

CURB Connect, Unite, Resist, Begin CURB Royal Greenwichs response to preventing children becoming victims or perpetrators of youth crime and gang involvement. Identifying and intervening early to help them live positive lives free from

405 views • 14 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
Chapter 12 COOKIES AND SESSIONS INTRO Unlike the unified single process that is the typical

Chapter 12 COOKIES AND SESSIONS INTRO Unlike the unified single process that is the typical

Chapter 12 COOKIES AND SESSIONS INTRO Unlike the unified single process that is the typical desktop application, a web application consists of a series of disconnected HTTP requests to a web server where each request for a server page is

660 views • 45 slides
Large Deviations and Slowdown Asymptotics of Excited Random Walks Jonathon Peterson Department

Large Deviations and Slowdown Asymptotics of Excited Random Walks Jonathon Peterson Department

LDP for Excited Random Walks Large Deviations and Slowdown Asymptotics of Excited Random Walks Jonathon Peterson Department of Mathematics Purdue University September 4, 2012 Jonathon Peterson 9/4/2012 1 / 13 LDP for Excited Random Walks

688 views • 32 slides
Cookies Cookies HTTP is stateless To "remember" a user we use cookies In a

Cookies Cookies HTTP is stateless To "remember" a user we use cookies In a

Cookies Cookies HTTP is stateless To "remember" a user we use cookies In a response header, we can give the user information as a cookie All subsequent requests will contain these cookies in a header Since cookies work

475 views • 10 slides
McTiny: Fast High-Confidence Post-Quantum Key Erasure for Tiny Network Servers Daniel J.

McTiny: Fast High-Confidence Post-Quantum Key Erasure for Tiny Network Servers Daniel J.

McTiny: Fast High-Confidence Post-Quantum Key Erasure for Tiny Network Servers Daniel J. Bernstein 1,2 and Tanja Lange 3 1 University of Illinois at Chicago 2 Ruhr University Bochum 3 Eindhoven University of Technology USENIX Security 2020

388 views • 19 slides
CSE 510 Web Data Engineering Java Server Pages (JSPs) UB CSE 510 Web Data Engineering Java

CSE 510 Web Data Engineering Java Server Pages (JSPs) UB CSE 510 Web Data Engineering Java

CSE 510 Web Data Engineering Java Server Pages (JSPs) UB CSE 510 Web Data Engineering Java Server Pages: Embedding Java Code in Static Content 2 UB CSE 510 Web Data Engineering Why JSPs? Need to separate the business logic

439 views • 31 slides
October T.E.A.M. Meeting Opening Flag Ceremony Juliette Gordon Low Birthday October 31, 1860

October T.E.A.M. Meeting Opening Flag Ceremony Juliette Gordon Low Birthday October 31, 1860

October T.E.A.M. Meeting Opening Flag Ceremony Juliette Gordon Low Birthday October 31, 1860 in Savannah, Georgia to swim and canoe at every opportunity. She even did it in the board room of National Headquarters to show off the new Girl

548 views • 20 slides
Cooking on Gas: How to use Chef to get a better cloud deal Stephen Nelson-Smith, CTO, Strategic

Cooking on Gas: How to use Chef to get a better cloud deal Stephen Nelson-Smith, CTO, Strategic

Cooking on Gas: How to use Chef to get a better cloud deal Stephen Nelson-Smith, CTO, Strategic Blue Wednesday, 6 March 13 ASK ME HARD QUESTIONS SEKRIT CODE: 6927 Wednesday, 6 March 13 Buying airline tickets the day you travel: NOT SMART

1.18k views • 74 slides
Schematized Access Control for Data Cubes and Trees Claudio Marxer Christian Tschudin <

Schematized Access Control for Data Cubes and Trees Claudio Marxer Christian Tschudin <

Schematized Access Control for Data Cubes and Trees Claudio Marxer Christian Tschudin < claudio.marxer@unibas.ch > < christian.tschudin@unibas.ch > Computer Networks Group University of Basel Switzerland ACM ICN 17, Berlin

332 views • 7 slides

More recommend