web browser history detection
play

Web Browser History Detection Artur Janc, ukasz Olejnik What the - PowerPoint PPT Presentation

Dec 13, 2022 •18 likes •248 views

Feasibility and Real-world Implications of Web Browser History Detection Artur Janc, ukasz Olejnik What the Internet Knows About You W2SP 2010 Outline A ttacks on privacy using CSS :visited to inspect users Web browsing histories 1.

  1. Feasibility and Real-world Implications of Web Browser History Detection Artur Janc, Ł ukasz Olejnik What the Internet Knows About You W2SP 2010

  2. Outline A ttacks on privacy using CSS :visited to inspect users’ Web browsing histories 1. Basics (quick) and history 2. Analysis • What can be detected, performance • Building a history detection system 3. Results 4. Current work / Countermeasures

  3. How it Works • CSS :visited, :link styling • Browsers apply additional styles to links which the user had visited (requirement) • Attack: • Insert a link with a URL to check for • Check if visited style was applied (JS) or if a visited “marker” resource was downloaded

  4. Examples CSS JavaScript A known Mozilla “bug” since at least 2000

  5. History (of) Detection • Mozilla bugs #57351 (2000), #147777 (2002) • Issue described by: • (Felten & Schneider), Ruderman, Jakobsson & Stamm., Jackson et al., others • Several analyses of Web security issues (including Google’s BSH) • Rediscovered on multiple occasions (PoCs) • Life always goes on

  6. What Changed Since Then • Browsers still support :visited selectors • The Web has changed • More apps are Web-based • More personal interactions with the Web (social networks/news, forums) • Browsers are much faster

  7. What Can Be Detected? IE Firefox Safari Chrome Opera ✓ ✓ ✓ ✓ ✓ http ✓ ✓ ✓ ✓ ✓ https • Protocols ✓ ✓ ✓ ✓ ✓ ftp ✓ ✓ ✓ ✓ file • Framed content ✓ ✓ frames ✓ ✓ iframes • HTTP status codes ✓ ✓ ✓ ✓ ✓ 200 30x n/a both original both both ✓ ✓ ✓ ✓ meta redir n/a ✓ ✓ ✓ ✓ 4xx ✓ ✓ ✓ ✓ 5xx • Usually: if in address bar ⇔ detectable • Can detect parameters from forms submitted with HTTP GET (not POST) • Affected by history expiration policies

  8. How Long Does it Take? • Modern browsers are fast • Can do a few smart things to improve performance & avoid resource limits • Can optimize JS detection code for each browser (can be significantly faster) • Fallback CSS-only technique still good

  9. How Long Does it Take? • JavaScript: ~ 20,000 links/second

  10. How Long Does it Take? • CSS: up to 25,000 links/sec (small sets)

  11. Detection System • Demonstrate browser history detection • Thousands of websites, categorized • Detect secondary resources (subpages) and other information (usernames, etc) • Educate users, describe issue • Gather real world data (analyze impact)

  14. How it Works • For each test send primary links to user • http://msn.com, http://msn.com/home.asp • For each found link check ~100 popular secondary links (subpages & resources) • Crawling, search engine API, manual • For certain sites, enumerate resources • Usernames, search terms, zipcodes

  15. Test Categories • Popular websites (Alexa, Quantcast, ...) • Categorized sites • Online stores, .gov/.mil sites, banks, dating sites, universities, adult • Social news sites: Slashdot, Digg, Reddit • Sensitive sites (also zipcodes, search terms) • 21 tests, 72k primary URLs, 8.6M secondary

  16. General Results • Gathered between 09/2009 and 02/2010 • 271,576 users, 703,895 tests executed Users Users Found ound pri #pri (m ri (med) #sec (m ec (med) JS CSS JS CSS JS CSS JS CSS top5k 206,437 8,165 76.1% 76.9% 12.7 (8) 9.8 (5) 49.9 (17) 34.6 (9) top20k 31,151 1,263 75.4% 87.3% 13.6 (7) 15.1 (8) 48.1 (15) 51.0 (13) all 32,158 1,325 69.7% 80.6% 15.3 (7) 20.0 49.1 (14) 61.2

  17. Top5k Distribution 90th percentile: ~30 primary, ~120 secondary

  18. Browser Differences IE IE Firefo Firefox Safari Safari Chrom Chrome Opera Opera JS CSS JS CSS JS CSS JS CSS JS CSS top5k 73 92 75 77 83 79 93 100 70 82 top20k 81 95 69 86 89 97 90 100 88 95 all 78 97 62 79 85 89 87 98 85 83

  19. Social News • Links from RSS feeds of popular social news sites and 32 regular news services Median Average secondary secondary All news 7 45.0 Slashdot 3 15.2 Digg 7 51.8 Distribution of Reddit 26 163.3 Reddit secondary links • Monitored for visited profile pages to detect usernames (Reddit: 2.4%)

  20. Some Random Results Percentage of visitors with adult sites in their browsing history 30 23 21 15 18 18 16 16 15 14 14 14 14 13 13 13 12 12 11 11 11 11 11 8 10 10 9 7 7 5 5 4 0 Country code • Found some zipcodes (9.8%) and search engine queries (~0.2%) • Can identify Wikileaks power users

  21. Fixing It • All browsers susceptible • A server-side fix won’t help (impractical) • Hard to get adoption for a plug-in (has been tried with SafeHistory) • Hard to change browser behavior to close the hole (standards; developers get angry) • But...

  22. Coming Soon • David Baron’s/Mozilla Corp.’s proposal • Apply only *-color rules to visited styles • Make JS functions lie about actual style • Should be in Firefox 4.0 (~November) • Similar changes rumored for WebKit • Not ideal, but a big step forward; now we must get other browsers to do the same

  23. Thank you

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Detecting the ghost in the browser: Real time detection of drive-by infections Thijs Kinkhorst

Detecting the ghost in the browser: Real time detection of drive-by infections Thijs Kinkhorst

Introduction Lab setup and dataset composition Analysis of patterns Detection method Validation Conclusion Detecting the ghost in the browser: Real time detection of drive-by infections Thijs Kinkhorst Michael van Kleij 1 July 2009 T.

318 views • 20 slides
Identity in the Browser 2011 Michael Hanson, Dan Mills, Ben Adida A quick history - current and

Identity in the Browser 2011 Michael Hanson, Dan Mills, Ben Adida A quick history - current and

Identity in the Browser 2011 Michael Hanson, Dan Mills, Ben Adida A quick history - current and proposed browser identity features Password store & sync Account Manager authentication and session metaprotocol Contacts API

483 views • 10 slides
Detection of Browser Fingerprinting by Static JavaScript Code Classification Sjors Haanen &

Detection of Browser Fingerprinting by Static JavaScript Code Classification Sjors Haanen &

Detection of Browser Fingerprinting by Static JavaScript Code Classification Sjors Haanen & Tim van Zalingen UvA February 6, 2018 Supervisors (KPMG): Aidan Barrington & Ruben de Vries Research Project 82 Sjors Haanen & Tim van

331 views • 30 slides
Detection of browser-based cryptocurrency mining Veelasha Moonsamy Radboud University, The

Detection of browser-based cryptocurrency mining Veelasha Moonsamy Radboud University, The

Detection of browser-based cryptocurrency mining Veelasha Moonsamy Radboud University, The Netherlands 25 June 2019 Blockchain and Cryptocurrencies Security School University of Padova, Italy Radboud University, Nijmegen, NL 2 DiS research

1.44k views • 107 slides
Browser history re :visited Michael Smith Craig Disselkoen Shravan Narayan Fraser Brown

Browser history re :visited Michael Smith Craig Disselkoen Shravan Narayan Fraser Brown

Browser history re :visited Michael Smith Craig Disselkoen Shravan Narayan Fraser Brown * Deian Stefan UC San Diego * Stanford University Web Content Web Content sandboxing Web Content history history history data data

1.49k views • 134 slides
Browser forensics: Adblocker extensions Willem Rens (UvA MSc SNE student) Supervisor: Johannes

Browser forensics: Adblocker extensions Willem Rens (UvA MSc SNE student) Supervisor: Johannes

Browser forensics: Adblocker extensions Willem Rens (UvA MSc SNE student) Supervisor: Johannes de Vries (Fox-IT) Why traditional browser forensics may not work Cleared Cookies Cache History Sometimes recoverable, Jeon et

786 views • 44 slides
Web Real-Time Communication Solutions History Browser-based Real-time Communications Video,

Web Real-Time Communication Solutions History Browser-based Real-time Communications Video,

Web Real-Time Communication Solutions History Browser-based Real-time Communications Video, Audio, Data licode Recording, Screen Sharing. HTML5 & WebRTC Designed to dynamically scale on-demand Real-time In your own

412 views • 19 slides
Introduction to NMR Ravinder Reddy Brief History of NMR First detection of NMR

Introduction to NMR Ravinder Reddy Brief History of NMR First detection of NMR

Introduction to NMR Ravinder Reddy Brief History of NMR First detection of NMR MSNMR FT NMR 2D NMR 2D-NMR and protein structure Development of MRI Outline Concept of SPIN

825 views • 36 slides
Br Browser fi fingerprinting Nataliia Bielova @nataliabielova February 12

Br Browser fi fingerprinting Nataliia Bielova @nataliabielova February 12

Br Browser fi fingerprinting Nataliia Bielova @nataliabielova February 12 th , 2019 Security and ethical aspects of data Universit Cote d'Azur Todays class A brief history

534 views • 38 slides
Browser and Network request Browser website CS 4803 reply Network OS Computer and Network

Browser and Network request Browser website CS 4803 reply Network OS Computer and Network

Browser and Network request Browser website CS 4803 reply Network OS Computer and Network Security Hardware Alexandra (Sasha) Boldyreva Browser sends requests May reveal private information (in forms, cookies) Web security.

517 views • 7 slides
RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS

RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS

RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS One global namespace Often inline JS code embedded directly in HTML Many <script> tags with hidden ordering dependencies Very

362 views • 15 slides
Photon detection workshop CSU May 18, 2016 1. Motivations for this study 2. History and

Photon detection workshop CSU May 18, 2016 1. Motivations for this study 2. History and

Carlos Escobar, Paul Rubinov Photon detection workshop CSU May 18, 2016 1. Motivations for this study 2. History and Background 3. Recent investigations 4. Test using the SCENE cryostat at Fermilab 5. Preliminary Results 6. Using the Solid

527 views • 39 slides
Circumventing Internet censorship with Tor Philipp Winter The Tor Project What Tor Browser does

Circumventing Internet censorship with Tor Philipp Winter The Tor Project What Tor Browser does

Circumventing Internet censorship with Tor Philipp Winter The Tor Project What Tor Browser does Standard Tor is easy to block GetTor helps you get Tor Browser GetTor helps you get Tor Browser Tor Browser ships with default

567 views • 24 slides
THE BROWSER IS DEAD Dan North Dan North & Associates LONG LIVE THE BROWSER! Dan North

THE BROWSER IS DEAD Dan North Dan North & Associates LONG LIVE THE BROWSER! Dan North

THE BROWSER IS DEAD Dan North Dan North & Associates LONG LIVE THE BROWSER! Dan North Dan North & Associates The gangs 1990: Tim Berners-Lee - (WorldWideWeb) 1993: NCSA Mosaic 1994: Netscape - Navigator 1995: Microsoft -

971 views • 21 slides
CS371m - Mobile Computing WebView and Web Services Using Built In Browser App To use the

CS371m - Mobile Computing WebView and Web Services Using Built In Browser App To use the

CS371m - Mobile Computing WebView and Web Services Using Built In Browser App To use the built in browser create an Intent and start the Activity 2 WebView A View that display web pages basis for creating your own web browser OR

1.28k views • 54 slides
Detection of neutral particles detection of neutrons detection of neutrinons detection of low

Detection of neutral particles detection of neutrons detection of neutrinons detection of low

Detection of neutral particles detection of neutrons detection of neutrinons detection of low energy photons (detection of high energy photons calorimeters) Peter Krizan, Neutron and neutrino detection Detection of neutral particles

1.21k views • 67 slides
Fi Final Ex Exam m Review No screens Say your name Prof. Lydia Chilton COMS 4170 30 April

Fi Final Ex Exam m Review No screens Say your name Prof. Lydia Chilton COMS 4170 30 April

Fi Final Ex Exam m Review No screens Say your name Prof. Lydia Chilton COMS 4170 30 April 2018 1 Users interact with a system to accomplish a goal Buy a book Get to events on time Get a directions 2 User Interfaces should be designed

740 views • 45 slides
OmniUpdate Training Tuesday CSS in OU Campus WebEx Event # 809 452 667 Audio will be heard on

OmniUpdate Training Tuesday CSS in OU Campus WebEx Event # 809 452 667 Audio will be heard on

OmniUpdate Training Tuesday CSS in OU Campus WebEx Event # 809 452 667 Audio will be heard on your computer speakers. If you do not have working computer speakers, call 1-408-792-6300. Enter event number and attendee ID or press # if no

384 views • 14 slides
CSS Custom Properties (variables) Joan Boone jpboone@email.unc.edu Slide 1 When CSS Custom

CSS Custom Properties (variables) Joan Boone jpboone@email.unc.edu Slide 1 When CSS Custom

INLS 572 Web Development CSS Custom Properties (variables) Joan Boone jpboone@email.unc.edu Slide 1 When CSS Custom Properties can be useful Purple, gold, red, dark teal, and green are used throughout the Weaver Street Market website

222 views • 5 slides
CSS Rule Selector body { font-family: Tahoma, Arial, sans-serif; Declaration color: black;

CSS Rule Selector body { font-family: Tahoma, Arial, sans-serif; Declaration color: black;

CSS Rule Selector body { font-family: Tahoma, Arial, sans-serif; Declaration color: black; background: white; Block margin: 8px; } Value Attribute Name CS 142 Lecture Notes: CSS Slide 1 CSS Selectors CSS HTML Tag h1 {

83 views • 7 slides
Rich custom GUI with Glade and CSS by Juan Pablo Ugarte GU ADEC 2013 Brno, Czech Republic

Rich custom GUI with Glade and CSS by Juan Pablo Ugarte GU ADEC 2013 Brno, Czech Republic

Rich custom GUI with Glade and CSS by Juan Pablo Ugarte GU ADEC 2013 Brno, Czech Republic August 1 - 8 TM Conference The GNOME GUADEC Graphical User Intefaces Graphical User Intefaces GNOME 2.10 screenshot showing Rhythmbox,

1.32k views • 18 slides
Political opinions of us and them and the influence of digital media usage Laura Burbach Opinion

Political opinions of us and them and the influence of digital media usage Laura Burbach Opinion

Political opinions of us and them and the influence of digital media usage Laura Burbach Opinion polarization How does media usage influence the perception of polarization? Evaluating opinions - Results Conclusion People do perceive

182 views • 4 slides
LET'S MAKE A KNOWLEDGE GRAPH! A HANDS-ON, INTERACTIVE, LINKED DATA WORKSHOP PHUSE CSS 2019

LET'S MAKE A KNOWLEDGE GRAPH! A HANDS-ON, INTERACTIVE, LINKED DATA WORKSHOP PHUSE CSS 2019

LET'S MAKE A KNOWLEDGE GRAPH! A HANDS-ON, INTERACTIVE, LINKED DATA WORKSHOP PHUSE CSS 2019 Silver Spring, MD 2019-06-09 1 INSTRUCTOR Tim Williams Principal Statistical Solutions Analyst UCB BioSciences tim.williams@PhUSE.eu Assisted by:

857 views • 42 slides
E4 Spies and tools 29 October 2014 I - OPCoach I OPCoach About me Olivier Prouvost

E4 Spies and tools 29 October 2014 I - OPCoach I OPCoach About me Olivier Prouvost

E4 Spies and tools 29 October 2014 I - OPCoach I OPCoach About me Olivier Prouvost Eclipse expert trainer and committer (E4 Tools) olivier.prouvost@opcoach.com @OPCoach_Eclipse About OPCoach Company

376 views • 24 slides

More recommend