Replication: Why We Still Can't Browse in Peace: On the Uniqueness - - PowerPoint PPT Presentation

▶

Nov 21, 2023 457 likes •561 views

Replication: Why We Still Can't Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories Sarah Bird, Mozilla Ilana Segall, Mozilla Martin Lopatka, Mozilla SOUPS 2020 Original Paper Browsing history - the set of

SLIDE 1

SOUPS 2020

Sarah Bird, Mozilla Ilana Segall, Mozilla Martin Lopatka, Mozilla

Replication: Why We Still Can't Browse in Peace: On the Uniqueness and Reidentifiability

f Web Browsing Histories

SLIDE 2

Why Johnny Can't Browse in Peace: On the Uniqueness of Web Browsing History Patterns Olejnik, Castelluccia, and Janc 5th Workshop on Hot Topics in Privacy Enhancing Technologies (Hot-PETS 2012)

Browsing history - the set of domains you have visited - is highly unique and could be used as a tracking vector. Why replicate:

The web and browsing has evolved:

user generated content and core platforms

Tracking ecosystem has grown and

consolidated

We can collect more detailed data to

answer questions about reidentifiability raised by original paper

Original Paper

SLIDE 3

52,000 Firefox opt-in users 2 weeks of data collection 35 million site visits 660,000 distinct domains

Types of profile

○ All observed domains ○ Predefined list of domains - Trexa (Tranco + Alexa) ○ Categories

Profile - a list of x that a user visited
Profile size - how many x did a user have in total?
Length of subvector - how many x are we considering?

Background & Definitions

SLIDE 4

We replicate the core findings of Olejnik et al. A large proportion of profiles are unique. This holds even for small profiles e.g. 50 domains.

Replication

SLIDE 5

We move beyond profile stability to measure a reidentification rate.

Jaccard distance - degree of overlap between two sets. (a) For each wk1 profile compute the Jaccard distance to all wk2 profiles (b) pick the profile with the lowest Jaccard distance (c) If wk1 and wk2 users are the same, it is a match. Reidentifiability metric: % of users correctly matched

Extension

SLIDE 6

n = 19,263 users with profile size > 50

Baseline reidentifiability

SLIDE 7

A 10x reduction in the number of users increases reidentification rate by 10%.

Monte Carlo simulation

n users with profile >50,

sampling between 1 and 19,263 users, 55,000 times.

Scalability

SLIDE 8

Compute reidentifiability rates for equally sized groups of users (n=1,766) with different profile sizes. Reidentifiability does not change dramatically between all domains and Trexa list.

Profile Size

~80% for profile size >150 ~50% for profile size ~50

SLIDE 9

Use complete request-response data to identify actual exposure to third parties (grouped by entity e.g. Alphabet parent company of Google and others).

Third-parties

Alphabet and Facebook have close to maximum theoretical reidentifiability rates. A large number of third parties have sufficient presence for meaningful reidentification rates

SLIDE 10

SOUPS 2020

Replication: Why We Still Can't Browse in Peace: On the Uniqueness - - PowerPoint PPT Presentation

Sarah Bird, Mozilla Ilana Segall, Mozilla Martin Lopatka, Mozilla

Replication: Why We Still Can't Browse in Peace: On the Uniqueness and Reidentifiability

Why Johnny Can't Browse in Peace: On the Uniqueness of Web Browsing History Patterns Olejnik, Castelluccia, and Janc 5th Workshop on Hot Topics in Privacy Enhancing Technologies (Hot-PETS 2012)

Browsing history - the set of domains you have visited - is highly unique and could be used as a tracking vector. Why replicate:

user generated content and core platforms

consolidated

answer questions about reidentifiability raised by original paper

Original Paper

52,000 Firefox opt-in users 2 weeks of data collection 35 million site visits 660,000 distinct domains

○ All observed domains ○ Predefined list of domains - Trexa (Tranco + Alexa) ○ Categories

Background & Definitions

We replicate the core findings of Olejnik et al. A large proportion of profiles are unique. This holds even for small profiles e.g. 50 domains.

Replication

We move beyond profile stability to measure a reidentification rate.

Jaccard distance - degree of overlap between two sets. (a) For each wk1 profile compute the Jaccard distance to all wk2 profiles (b) pick the profile with the lowest Jaccard distance (c) If wk1 and wk2 users are the same, it is a match. Reidentifiability metric: % of users correctly matched

Extension

n = 19,263 users with profile size > 50

Baseline reidentifiability

A 10x reduction in the number of users increases reidentification rate by 10%.

Scalability

Compute reidentifiability rates for equally sized groups of users (n=1,766) with different profile sizes. Reidentifiability does not change dramatically between all domains and Trexa list.

Profile Size

~80% for profile size >150 ~50% for profile size ~50

Use complete request-response data to identify actual exposure to third parties (grouped by entity e.g. Alphabet parent company of Google and others).

Third-parties

Alphabet and Facebook have close to maximum theoretical reidentifiability rates. A large number of third parties have sufficient presence for meaningful reidentification rates

Sarah Bird, Mozilla* Ilana Segall, Mozilla Martin Lopatka, Mozilla * Corresponding author - sbird@mozilla.com

Discussion!