inter internet monitoring net monitoring and web tracking
play

Inter Internet monitoring net monitoring and web tracking and web - PowerPoint PPT Presentation

Dec 21, 2022 •20 likes •440 views

CyLab Inter Internet monitoring net monitoring and web tracking and web tracking Engineering & Public Policy Lorrie Faith Cranor September 30, 2014 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533

  1. CyLab Inter Internet monitoring net monitoring and web tracking and web tracking Engineering & Public Policy Lorrie Faith Cranor � September 30, 2014 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 / 95-818: � b r a a t L o Privacy Policy, Law, and Technology y r C y U H D T T E P . U : / M / C C U . S P S C . 1

  2. Today’s agenda • Quiz • Survey results • Questions/comments about the readings • Finish international homework presentations • How online tracking works • Measuring OBA 2

  3. By the end of class you will be able to: • Understand how tracking through third- party cookies works • Be familiar with other ways of tracking users 3

  4. Video • http://cironline.org/reports/easily-obtained- subpoenas-turn-your-personal-information- against-you-5104 4

  5. How online tracking works 5

  6. Browser Chatter • Browsers chatter about • To anyone who might be listening – IP address, domain name, organization, – End servers – Referring page – System administrators – Platform: O/S, browser – Internet Service Providers – What information is – Other third parties requested • Advertising networks • URLs and search terms – Anyone who might – Cookies subpoena log files later 6

  7. Typical HTTP request with cookie GET /retail/searchresults.asp?qu=beer HTTP/1.0 • Referer: http://www.us.buy.com/default.asp • User-Agent: Mozilla/4.75 [en] (X11; U; NetBSD 1.5_ALPHA i386) • Host: www.us.buy.com • Accept: image/gif, image/jpeg, image/pjpeg, */* • Accept-Language: en • Cookie: buycountry=us; dcLocName=Basket; dcCatID=6773; • dcLocID=6773; dcAd=buybasket; loc=; parentLocName=Basket; parentLoc=6773; ShopperManager%2F=ShopperManager %2F=66FUQULL0QBT8MMTVSC5MMNKBJFWDVH7; Store=107; Category=0 7

  8. Referer log problems • GET methods result in values in URL • These URLs are sent in the referer header to next host • Example: http://www.merchant.com/cgi_bin/order?name=Tom +Jones&address=here+there&credit +card=234876923234&PIN=1234&->index.html • Access log example: http://www.sdr.info/logs/access_log • Click from this page to see the referer too: � http://cups.cs.cmu.edu/courses/pplt-fa13/referer.html 8

  9. Cookies • What are cookies? • What are people concerned about cookies? • What useful purposes do cookies serve? 9

  10. Cookies 101 • Cookies can be useful – Used like a staple to attach multiple parts of a form together – Used to identify you when you return to a web site so you don ’ t have to remember a password – Used to help web sites understand how people use them • Cookies can do unexpected things – Used to profile users and track their activities, especially across web sites 10

  11. How cookies work – the basics • A cookie stores a small string of characters • A web site asks your browser to “ set ” a cookie • Whenever you return to that site your browser sends the cookie back automatically Please store Here is cookie cookie xyzzy xyzzy site browser site browser First visit to site Later visits 11

  12. How cookies work – advanced • Cookies are only sent • Cookies can store user back to the “ site ” that set info or a database key that them, but this may be any is used to look up user host in domain info – Sites setting cookies – Either way the cookie Database indicate path, domain, and Send me enables info to be Send Users … with requests me with expiration for cookies User=Joe linked to the current Email … for any Email= browsing session index.html Visits … request Joe@ on y.x.com to x.com x.com for this until Visits=13 User=4576 session only 2008 904309 12

  13. Cookie terminology • Cookie replay • Third-party cookie – sending a cookie back to a – cookie associated with an site image, ad, frame, or other content from a site with a • Session cookie different domain name that is embedded in the site the – cookie replayed only during user requested current browsing session – Browser interprets third- • Persistent cookie party cookie based on domain name, even if both – cookie replayed until domains are owned by the expiration date same company • First-party cookie – cookie associated with the site the user requested 13

  14. Web bugs • Invisible “images” (1-by-1 pixels, transparent) embedded in web pages and cause referer info and cookies to be transferred • Also called web beacons, clear gifs, tracker gifs,etc. • Work just like banner ads from ad networks, but you can ’ t see them unless you look at the code behind a web page • Also embedded in HTML formatted email messages, MS Word documents, etc. 14

  15. How data can be linked • Every time the same cookie is replayed to a site, site may add information to the record associated with that cookie – Number of times you visit a link, time, date – What page you visit – What page you visited last – Information you type into a web form • If multiple cookies are replayed together, they are usually logged together, linking their data – Narrow scoped cookie might get logged with broad scoped cookie 15

  16. Ad networks search for buy CD medical information set cookie replay cookie Ad Ad Ad company can get your name and address from CD order and link them to your search Search Service CD Store 16

  17. What ad networks may know… • Personal data: • Transactional data: – Email address – Details of plane trips – Full name – Search phrases used at search engines – Mailing address (street, city, state, and Zip – Health conditions code) – Phone number “ It was not necessary for me to click on the banner ads for information to be sent to DoubleClick servers. ” – Richard M. Smith 17

  18. Online and o ffl ine merging • In November 1999, DoubleClick � purchased Abacus Direct, a � company possessing detailed consumer profiles on more than 90% of US households • In mid-February 2000 DoubleClick announced plans to merge “anonymous” online data with personal information obtained from offline databases • By March 2000 the plans were put on hold – Stock dropped from $125 (12/99) to $80 (03/00) 18

  19. Network Advertising Initiative • NAI formed in 2000 and published NAI principles, guided by the FTC – No use of sensitive PII for OBA – Opt-in to merge PII with previously collected non-PII – Robust notice and choice for future merging of PII with non-PII – Robust notice and choice for merging offline and online PII – Websites that have third-party OBA will provide notice and choice • Updated in 2008 19

  20. Behavioral targeting • In 2007/2008, more concerns raised about “behavioral” targeting as a new round of companies started deploying systems to target ads based on previous online behavior • FTC privacy roundtables in 2009/2010 raised more questions about this practice – What is the distinction between behavioral and contextual advertising? – How do you implement effective notice and choice? • Where should notice be provided? • Opt-in? Opt-out? When? Where? – Do opt-out cookies work? – Do we need a “do not track” list? 20

  21. Tracking without cookies • Browser fingerprinting – What are the components of a browser fingerprint? – https://panopticlick.eff.org • How else can users be tracked? 21

  22. Tracking email • What mechanisms can be used to track email? • What can be learned through email tracking? 22

  23. Can you control Behavioral Advertising ? Measuring the effectiveness of c y & a S e v c i r u privacy tools for limiting P r i e t y l b L a a s b U o behavioral advertising b r a a t L o y r C y Rebecca Balebako, Pedro G. Leon, U H D T T E Richard Shay, Blase Ur, Yang Wang, P . U : / M / C C U . P S S . C and Lorrie Faith Cranor 23

  24. Objective of this work • Measure behavioral advertising based on web history (build on Guha, et. al 2010) • Develop method to measure any reduction in behavioral advertising with privacy tools 24

  25. Tools Tested • Block third party content – Abine TACO – Ghostery – Block third party cookies • Opt-out – Digital Advertising Agency (DAA) – Network Advertising Initiative (NAI) • Do Not Track headers 25

  26. Method 1. Automatically run scenarios that could induce behavioral advertising with training and testing 2. Measure ad turnover 3. Confirm behavioral advertising exists 4. Run scenarios with privacy tools 5. Compare tools 26

  27. Scenarios - Training • Training: visit 10-20 pages (~7 unique domains) on a topic • Topics: – European Travel – Digital Camera – Bicycling – Wedding planning – Pregnancy – Blank (no training) 27

  28. Scenarios - Testing • Test: Unrelated sites with little context – New York Times – LA Times – Chicago Tribune – HowStuffWorks – CNN • 7 hits • Save the text ads 28

  29. Two di ff erent automated tests goal ¡ ¡ control ¡ ¡ synchroniza/on ¡ ¡ all topics run measure OBA � no training � simultaneously � all tools run test tools � no tool � simultaneously for each topic � 29

  30. Automated Testing • Server synchronizes identical virtual machines. � • We controlled for time, IP, & browser fingerprint. � 1. Control 12:00 2. Control2 3. Abine Taco 4. Ghostery 5. DAA 6. NAI 7. Firefox 3 rd Party Cookies 8. Firefox DNT 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fuel Monitoring Presentation Fuel Monitoring We specialize in fuel monitoring also can customize

Fuel Monitoring Presentation Fuel Monitoring We specialize in fuel monitoring also can customize

Fuel Monitoring Presentation Fuel Monitoring We specialize in fuel monitoring also can customize any tracking product: We provides fuel monitoring comprehensive solutions for Vehicles and Generators with very comprehensive reports: Offering

256 views • 8 slides
DRSI Sharepoint Monitoring and Audit Folders FOLDERS SAMPLE ATTACHMENTS: Monitoring/TA

DRSI Sharepoint Monitoring and Audit Folders FOLDERS SAMPLE ATTACHMENTS: Monitoring/TA

DRSI Sharepoint Monitoring and Audit Folders FOLDERS SAMPLE ATTACHMENTS: Monitoring/TA Correspondence & Monitoring Reports Event Profiles Tracking of Individual Monitoring Exhibits Related to Individual Findings/Concerns

86 views • 5 slides
The PerfSONAR framework for inter-domain monitoring in the GLIF infrastructure Authors: ing.

The PerfSONAR framework for inter-domain monitoring in the GLIF infrastructure Authors: ing.

Introduction Outline Requirements for monitoring the GLIF infrastructure Problem description PerfSONAR framework Research question E2E inter-domain monitoring in the GLIF infrastructure Context Conclusions and future work The PerfSONAR

524 views • 30 slides
Monitoring or Tracking for Monitoring or Tracking for Performance and Performance and

Monitoring or Tracking for Monitoring or Tracking for Performance and Performance and

Monitoring or Tracking for Monitoring or Tracking for Performance and Performance and Compliance Compliance Subrecipients, UGLGs, and Subrecipients, UGLGs, and Contractors Contractors Why monitor? Why monitor? Improve subrecipient and

534 views • 19 slides
FY21 21 st Century Community Learning Centers Tracking and Monitoring System Training November

FY21 21 st Century Community Learning Centers Tracking and Monitoring System Training November

FY21 21 st Century Community Learning Centers Tracking and Monitoring System Training November 2020 Welcome and Overview Charmaine Davis-Bey, M.Ed., EdPsyc 21 st CCLC Education Program Specialist Compliance/Monitoring System Lead Regional

908 views • 63 slides
Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Infrastructure Architecture for a Cloud IaaS Provider Software Defined Networking and Network Virtualization Network Monitoring Security Enforcement Inter-Domain Routing for Virtualized Networks Security Monitoring and Enforcement for the

795 views • 42 slides
ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a

Motivation Design Evaluation Discussion ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems Min Du, Feifei Li School of Computing, University of Utah ATOM: Automated Tracking,

1.28k views • 98 slides
Compliance Tracking T ool Activity Entry and Progress Monitoring November 2012 1 Login

Compliance Tracking T ool Activity Entry and Progress Monitoring November 2012 1 Login

Compliance Tracking T ool Activity Entry and Progress Monitoring November 2012 1 Login Add an Activity Progress Monitoring Verify Correction of Noncompliance 2 Compliance Tracking T ool Address

747 views • 36 slides
Monitoring Kit Descriptor Slides Natives/Invasives Watching Wildlife Plant Monitoring Watching

Monitoring Kit Descriptor Slides Natives/Invasives Watching Wildlife Plant Monitoring Watching

Testing the Waters Macroinvertebrate Reptile & Amphibian Monitoring Monitoring Monitoring Kit Descriptor Slides Natives/Invasives Watching Wildlife Plant Monitoring Watching Wetland Wildlife Tracking Wildlife Testing the Waters kit

420 views • 6 slides
2016 Coordinated Monitoring Schedule 1 Navigation of Coordinated Monitoring website

2016 Coordinated Monitoring Schedule 1 Navigation of Coordinated Monitoring website

2016 Coordinated Monitoring Schedule 1 Navigation of Coordinated Monitoring website https://cms.lcra.org/ 2 FY16 Monitoring in the San 2015 Routine 2016 Routine Monitoring Antonio River Monitoring Monitoring Program Station

705 views • 34 slides
The network neutrality bot architecture: a preliminary approach for self-monitoring of Internet

The network neutrality bot architecture: a preliminary approach for self-monitoring of Internet

The network neutrality bot architecture: a preliminary approach for self-monitoring of Internet access QoS Simone Basso Antonio Servetti Juan Carlos De Martin NEXA Center for Internet & Society Politecnico di Torino, Italy

522 views • 14 slides
Department of Market Monitoring Update Eric Hildebrandt Director, Department of Market Monitoring

Department of Market Monitoring Update Eric Hildebrandt Director, Department of Market Monitoring

Department of Market Monitoring Update Eric Hildebrandt Director, Department of Market Monitoring EIM Governing Body Meeting General Session February 1, 2017 Prices in new EIM areas tracking closely with other adjacent EIM areas $40

331 views • 9 slides
On the Effectiveness of Distributed Worm Monitoring Moheeb Abu Rajab Fabian Monrose Andreas

On the Effectiveness of Distributed Worm Monitoring Moheeb Abu Rajab Fabian Monrose Andreas

On the Effectiveness of Distributed Worm Monitoring Moheeb Abu Rajab Fabian Monrose Andreas Terzis Computer Science Department Johns Hopkins University 1 Monitoring Internet Threats Threat monitoring techniques: Intrusion detection

510 views • 24 slides
Tracking in a Spaghetti Bowl: Monitoring Transactions Using Footprints Anima Anandkumar 1 , 2

Tracking in a Spaghetti Bowl: Monitoring Transactions Using Footprints Anima Anandkumar 1 , 2

Tracking in a Spaghetti Bowl: Monitoring Transactions Using Footprints Anima Anandkumar 1 , 2 Chatschik Bisdikian 2 Dakshi Agrawal 2 1 ECE Dept., Cornell University, Ithaca, NY 14853. 2 Networking Tech., IBM Watson Research, Hawthorne, NY 10532.

1.45k views • 123 slides
Surveillance Programs - GLNPO Cooperative Monitoring Coordinated Science and Monitoring

Surveillance Programs - GLNPO Cooperative Monitoring Coordinated Science and Monitoring

Great Lakes Monitoring and Surveillance Programs - GLNPO Cooperative Monitoring Coordinated Science and Monitoring Initiative Open Lake Water Quality Monitoring Biological Monitoring Water Quality Surveys

1.04k views • 39 slides
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones William Enck Peter Gilbert Byung-Gon Chun Landon P. Cox Jaeyeon Jung Patrick McDaniel Anmol N. Sheth Presentation by Krzysztof Pawlowski

447 views • 30 slides
Dragonfly June 2012 IndieCrews Photo??? Paperclip https:/ /github.com/thoughtbot/paperclip

Dragonfly June 2012 IndieCrews Photo??? Paperclip https:/ /github.com/thoughtbot/paperclip

Dragonfly June 2012 IndieCrews Photo??? Paperclip https:/ /github.com/thoughtbot/paperclip Dinosaur / Dragon ? Dragonfly CarrierWave Anyone? GitHub stats CarrierWave - 3046 watchers, 390 forks Paperclip - 4294 watchers, 877 forks

658 views • 22 slides
Assignments Office Hours Graded Work CPSC 314 Computer Graphics project extra TA

Assignments Office Hours Graded Work CPSC 314 Computer Graphics project extra TA

University of British Columbia Assignments Office Hours Graded Work CPSC 314 Computer Graphics project extra TA office hours in lab 005 for P4/H4 still have some marked work not picked up, Jan-Apr 2010 P4 due today 5pm (plus

258 views • 3 slides
1 Octrees Spatial Subdivision Subdivision algorithm Volume is subdivided into 4 equal

1 Octrees Spatial Subdivision Subdivision algorithm Volume is subdivided into 4 equal

Photon Mapping Combines backward/ reverse ray tracing Photon Mapping with stochastic ray tracing Used to simulate the interaction of light with a variety transparent substances (caustics) Glass Water Diffuse

293 views • 6 slides
Introduction to HTML & CSS Instructor: Beck Johnson Week 2 today Week One review and

Introduction to HTML & CSS Instructor: Beck Johnson Week 2 today Week One review and

Introduction to HTML & CSS Instructor: Beck Johnson Week 2 today Week One review and questions File organization CSS Box Model: margin and padding Background images and gradients with CSS Make a hero banner!

1.1k views • 76 slides
From gridified scripts to workflows: the FSL Feat case Tristan Glatard and Slvia D. Olabarriaga

From gridified scripts to workflows: the FSL Feat case Tristan Glatard and Slvia D. Olabarriaga

From gridified scripts to workflows: the FSL Feat case Tristan Glatard and Slvia D. Olabarriaga Academic Medical Center Informatics Institute University of Amsterdam MICCAI-G workshop September 6 th 2008 T.Glatard - S.D. Olabarriaga -

357 views • 17 slides
Lecture 15 Log into Linux. Copy files from /home/hwang/cs375/lecture15/*.* Reminder:

Lecture 15 Log into Linux. Copy files from /home/hwang/cs375/lecture15/*.* Reminder:

Lecture 15 Log into Linux. Copy files from /home/hwang/cs375/lecture15/*.* Reminder: Project 4 due today. Project 5 posted to course webpage. Questions? Tuesday, October 19 CS 375 UNIX System Programming - Lecture 15 1 Outline

640 views • 20 slides
Networking: Transport Layer Summer 2013 Cornell University 1 Today What are the services

Networking: Transport Layer Summer 2013 Cornell University 1 Today What are the services

CS 4410 Operating Systems Networking: Transport Layer Summer 2013 Cornell University 1 Today What are the services that the Transport layer offers? Transport Layer Multiplexing-Demultiplexing UDP TCP Reliable

427 views • 21 slides
Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce supported by almost all transactions browsers, web

570 views • 21 slides

More recommend