web browser privacy security
play

Web Browser Privacy & Security Fan Du CMSC 818D Class - PowerPoint PPT Presentation

Jun 03, 2023 •45 likes •555 views

Web Browser Privacy & Security Fan Du CMSC 818D Class Presentation 4/16/2015 1 Outline Q1: How to Prevent Web Tracking ? Q2: How to Opt Out Online Behavioral Advertising ? Q3: How to Design Phishing Websites ? 2 Outline

  1. Web Browser Privacy & Security Fan Du CMSC 818D Class Presentation 4/16/2015 1

  2. Outline • Q1: How to Prevent Web Tracking ? • Q2: How to Opt Out Online Behavioral Advertising ? • Q3: How to Design Phishing Websites ? 2

  3. Outline • Q1: How to Prevent Web Tracking ? ShareMeNot: Balancing Privacy and Functionality of Third-Party Social Widgets • • Q2: How to Opt Out Online Behavioral Advertising ? • Q3: How to Design Phishing Websites ? 3

  4. source: www.addthis.com 4

  5. Social Widgets source: Facebook, Google, Twitter, Linkedin 5

  6. Social Widgets source: Facebook, Google, Twitter, Linkedin 6

  7. Your identity Your browsing history Your politics opinion Your habits source: TL - Facebook, TR - http://iptv-work.at.ua, BL - http://pixshark.com/timeline-clipart-for-kids.htm, BR - CNN

  8. Vote • A - Social Widgets track me when I click on them . • B - Social Widgets track me even if I ignore them . source: Facebook, Google, Twitter, Linkedin, http://www.gunslot.com/pictures/re-imagined-facebook-button

  9. How They Work? source: Roesner, Franziska, et al. "Sharemenot: Balancing privacy and functionality of third-party social widgets." Usenix (2012).

  10. How They Work? source: Roesner, Franziska, et al. "Sharemenot: Balancing privacy and functionality of third-party social widgets." 10 Usenix (2012).

  11. How They Work? source: Roesner, Franziska, et al. "Sharemenot: Balancing privacy and functionality of third-party social widgets." 11 Usenix (2012).

  12. Hard to Defense • The cookie are “baked” from a 1st-party position source: http://pixgood.com/facebook-cookies.html 12

  13. Hard to Defense • The cookie are “baked” from a 1st-party position • Do Not Track Header source: http://amqueretaro.com/fotogalerias/2014/04/20/fotos-ir-en-contra-de-las-reglas-nunca-fue-tan-divertido 13

  14. Hard to Defense • The cookie are “baked” from a 1st-party position • Do Not Track Header • The functions are desired source: http://i.kinja-img.com/gawker-media/image/upload/s--xGcq1y03--/ 14 c_fit,fl_progressive,q_80,w_636/18rc5mwoft1d3jpg.jpg

  15. ShareMeNot source: sharemenot.cs.washington.edu 15

  16. ShareMeNot source: sharemenot.cs.washington.edu 16

  17. ShareMeNot 1. Identify HTTP requests for tracker buttons 2. Block the requests and insert replacement buttons 3. When users click the buttons, load the actual widget 4. Users need to click again to trigger the “like” function source: sharemenot.cs.washington.edu 17

  18. source: sharemenot.cs.washington.edu 18

  19. source: sharemenot.cs.washington.edu 19

  20. source: CNN 20

  21. Evaluation # of Top Domains Top 20 Social Widgets source: Roesner, Franziska, et al. "Sharemenot: Balancing privacy and functionality of third-party social widgets." 21 Usenix (2012).

  22. Evaluation Tracker Without ShareMeNot With ShareMeNot Facebook 154 9 Google 149 15 Twitter 93 0 AddThis 34 0 YouTube 30 0 LinkedIn 22 0 Digg 8 0 Stumbleupon 6 0 source: Roesner, Franziska, et al. "Sharemenot: Balancing privacy and functionality of third-party social widgets." 22 Usenix (2012).

  23. User Study source: http://adsoftheworld.com/sites/default/files/media-vimeo/70533052.jpg 23

  24. Discussion • How would you design a user study for ShareMeNot? source: sharemenot.cs.washington.edu 24

  25. Outline • Q1: How to Prevent Web Tracking? • Q2: How to Opt Out Online Behavioral Advertising ? • Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising • Q3: How to Design Phishing Websites? 25

  26. Your identity Your browsing history Social Widgets Your politics opinion Your habits source: TL - Facebook, TR - http://iptv-work.at.ua, BL - http://pixshark.com/timeline-clipart-for-kids.htm, BR - CNN

  27. Your identity Your browsing history Social Widgets Your politics opinion Your habits source: TL - Facebook, TR - http://iptv-work.at.ua, BL - http://pixshark.com/timeline-clipart-for-kids.htm, BR - 27 CNN, CENTER - http://www.gunslot.com/pictures/re-imagined-facebook-button

  28. Online Behavior Advertising Trackers Social Widgets source: http://adsoftheworld.com/media/print/dicks_sporting_goods_nike_cleat, http://s.petrolicious.com/2015/ vintage-friday/01-jan/Mens%20Shaving%20Posters/vf-mens-shaving-posters-6.jpg, http://www.ideyab.com/ 28 images/contents/0123230525-galleries.jpg

  29. “I would not allow advertisers to track my information” – 87% participants of a 2009 study (Turow et al.) 29

  30. “Targeted Ads are invasive” – 64% participants of a 2009 study (Turow et al.) 30

  31. Privacy Tools • Opt-out tools source: www.privacyfix.com/start/install 31

  32. Privacy Tools • Opt-out tools • Browsers’ built-in settings source: FireFox 32

  33. Privacy Tools • Opt-out tools • Browsers’ built-in settings • Blocking tools source: AdBlockPlus 33

  34. Study • 45 participants between-subjects lab study. • Each participant tested one of nine privacy tools. • All non-technical and not knowledgable about privacy tools. source: Leon, Pedro, et al. "Why Johnny can't opt out: a usability evaluation of tools to limit online behavioral 34 advertising." Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2012.

  35. Study 1. Journal Video -> attitudes towards behavioral advertising 2. Installation -> understanding of the tool 3. Configuration -> survey and verbal questions source: Leon, Pedro, et al. "Why Johnny can't opt out: a usability evaluation of tools to limit online behavioral 35 advertising." Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2012.

  36. Study 1. Journal Video -> attitudes towards behavioral advertising 2. Installation -> understanding of the tool 3. Configuration -> survey and verbal questions 4. Resolve Problems -> usability questionnaire source: Leon, Pedro, et al. "Why Johnny can't opt out: a usability evaluation of tools to limit online behavioral 36 advertising." Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2012.

  37. Results • Users can’t distinguish between trackers source: AdBlockPlus 37

  38. Results • Users can’t distinguish between trackers • Inappropriate defaults source: FireFox 38

  39. Results • Users can’t distinguish between trackers • Inappropriate defaults • Communication problems source: AdBlockPlus 39

  40. Results • Users can’t distinguish between trackers • Inappropriate defaults • Communication problems • Need for feedback source: http://habrahabr.ru/hub/javascript/page7/ 40

  41. Results • Users can’t distinguish between trackers • Inappropriate defaults • Communication problems • Need for feedback • Breaking websites source: http://facebookcommentimages.com/wp-content/uploads/2014/01/like.png 41

  42. Feedback source: FireFox 42

  43. Outline • Q1: How to Prevent Web Tracking? • Q2: How to Opt Out Online Behavioral Advertising? • Q3: How to Design Phishing Websites ? • Why Phishing Works 43

  44. Phishing Websites source: https://www.eff.org/files/images_insert/april_11_copy.png

  45. Strategies Lack of Knowledge • Domain names (www.ebay-members.com) • Security indicators (SSL certificate) • source: https://www.thesslstore.com/images/img-green-addressbar.png 45

  46. Strategies Visual Deception • Domain names (www.paypai.com) • Logo and design • source: https://www.eff.org/files/images_insert/april_11_copy.png 46

  47. Strategies Bounded Attention • Absence of security indicators (SSL certificate) • 47

  48. Study • 22 participants • 20 websites • Within-subjects: every participant saw every website source: Dhamija, Rachna, J. Doug Tygar, and Marti Hearst. "Why phishing works." Proceedings of the SIGCHI 48 conference on Human Factors in computing systems. ACM, 2006.

  49. “Imagine that you receive an email message that asks you to click on one of the following links. Imagine that you decide to click on the link to see if it is legitimate website or a spoof” – Senario source: Dhamija, Rachna, J. Doug Tygar, and Marti Hearst. "Why phishing works." Proceedings of the SIGCHI 49 conference on Human Factors in computing systems. ACM, 2006.

  50. Results Good phishing websites fooled 90% of participants • 23% participants did not look at the address bar, status bar or the • security indicators Participants on average made mistakes 40% of the time • 68% participants proceeded without hesitation when presented • with popup warnings Education, age, sex, previous experience, hours of computer use • are all not significantly correlated with vulnerability to phishing source: Dhamija, Rachna, J. Doug Tygar, and Marti Hearst. "Why phishing works." Proceedings of the SIGCHI 50 conference on Human Factors in computing systems. ACM, 2006.

  51. Thank you! • Q1: How to Prevent Web Tracking ? • Q2: How to Opt Out Online Behavioral Advertising ? • Q3: How to Design Phishing Websites ? 51

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Web Security [Browser Security Model] Spring 2020 Franziska (Franzi) Roesner

Web Security [Browser Security Model] Spring 2020 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Web Security [Browser Security Model] Spring 2020 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John

810 views • 24 slides
Web Security [SSL/TLS and Browser Security Model] Fall 2017 Franziska (Franzi) Roesner

Web Security [SSL/TLS and Browser Security Model] Fall 2017 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Web Security [SSL/TLS and Browser Security Model] Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner,

570 views • 43 slides
Web Security! Big Picture: Browser and Network request website Browser reply OS Network

Web Security! Big Picture: Browser and Network request website Browser reply OS Network

CSE 484 / CSE M 584: Computer Security and Privacy CSRF and XSS attacks Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell,

1.29k views • 59 slides
Surveillance Defense Small Easy Steps for Security and Privacy Pete Snyder psnyde2@uic.edu -

Surveillance Defense Small Easy Steps for Security and Privacy Pete Snyder psnyde2@uic.edu -

Surveillance Defense Small Easy Steps for Security and Privacy Pete Snyder psnyde2@uic.edu - peteresnyder.com Surveillance Defense 1. Good Practices 2. System / PC Security 3. Mobile Security 4. Browser Security 5. Secure Networking Tools

443 views • 27 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami ,

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami ,

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami , Panagiotis Ilia, Konstantinos Solomos, Jason Polakis University of Illinois at Chicago, USA skaram5@uic.edu February 24, 2020 Browser extensions

492 views • 28 slides
Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami ,

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami ,

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami , Panagiotis Ilia, Konstantinos Solomos, Jason Polakis University of Illinois at Chicago, USA skaram5@uic.edu February 24, 2020 Browser extensions

886 views • 30 slides
Browser and Network request Browser website CS 4803 reply Network OS Computer and Network

Browser and Network request Browser website CS 4803 reply Network OS Computer and Network

Browser and Network request Browser website CS 4803 reply Network OS Computer and Network Security Hardware Alexandra (Sasha) Boldyreva Browser sends requests May reveal private information (in forms, cookies) Web security.

517 views • 7 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY Christian Kaestner with slides from Eunsuk Kang Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning

1.95k views • 113 slides
S & P SECURITY & PRIVACY GROUP Security and Privacy for Payment Channel Networks

S & P SECURITY & PRIVACY GROUP Security and Privacy for Payment Channel Networks

FAKULTT FR !NFORMATIK Faculty of Informatics S & P SECURITY & PRIVACY GROUP Security and Privacy for Payment Channel Networks Pedro Moreno-Sanchez Blockchain Summer School BDLT19 Vienna, Sep 2nd 2019 Blockchain Research

1.41k views • 73 slides
Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much easier if there were someone we could all TRUST with our data Be8er data mining -- using MORE data, while respec@ng users PRIVACY

888 views • 35 slides
WEB AND BROWSER SECURITY Ben Livshits, Microsoft Research Web Application Vulnerabilities &

WEB AND BROWSER SECURITY Ben Livshits, Microsoft Research Web Application Vulnerabilities &

WEB AND BROWSER SECURITY Ben Livshits, Microsoft Research Web Application Vulnerabilities & Defenses 2 Server-side woes Browser mechanisms: Same origin SQL injection Cross-domain request XSS overview Content

738 views • 50 slides
Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

CS 563 - Advanced Computer Security: Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI) Administrative Learning Objectives : Consider the difference between security and privacy Discuss work

814 views • 43 slides
Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data Protecting Personal Data Privacy & Security Project HIPAA: What it is Health Insurance Portability and Accountability Act of 1996 Also known as

445 views • 26 slides
Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned

Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned

Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned Did you know... 77 percent of all Americans feel their personal health information privacy is very important, and 84 percent said they

769 views • 50 slides
Modeling Video Traffic Sources for RMCAT Evalua9ons Our experience with the Mozilla web browser

Modeling Video Traffic Sources for RMCAT Evalua9ons Our experience with the Mozilla web browser

Modeling Video Traffic Sources for RMCAT Evalua9ons Our experience with the Mozilla web browser dra:-ie<-rmcat-video-traffic-model Xiaoqing Zhu, Sergio Mena, and Zaheduzzaman Sarker 1 Mozilla for transient behavior Outline Why we did it

470 views • 22 slides
Samsung Internet for GearVR Laszlo Gombos, Web Platform, Samsung @laszlogombos Samsung GearVR

Samsung Internet for GearVR Laszlo Gombos, Web Platform, Samsung @laszlogombos Samsung GearVR

Samsung Internet for GearVR Laszlo Gombos, Web Platform, Samsung @laszlogombos Samsung GearVR Controls GearVR Large field of view Improved tracking due to additional IMU (inertial measurement unit) - When docked, system does not use

215 views • 19 slides
ASTEROID APPROACH Kerry Snyder 12/10/14 Motivation 2 Credit: NASA Asteroid Approach - Kerry

ASTEROID APPROACH Kerry Snyder 12/10/14 Motivation 2 Credit: NASA Asteroid Approach - Kerry

Asteroid Approach - Kerry Snyder 1 ASTEROID APPROACH Kerry Snyder 12/10/14 Motivation 2 Credit: NASA Asteroid Approach - Kerry Snyder 12/10/14 Motivation 3 Credit: NASA Asteroid Approach - Kerry Snyder 12/10/14 Credit: NASA Prior

407 views • 11 slides
Computer Generation of Efficient Software Viterbi Decoders Frdric de Mesmay, Srinivas

Computer Generation of Efficient Software Viterbi Decoders Frdric de Mesmay, Srinivas

Carnegie Mellon Computer Generation of Efficient Software Viterbi Decoders Frdric de Mesmay, Srinivas Chellappa, Franz Franchetti, Markus Pschel Electrical and Computer Engineering Carnegie Mellon University Co-Founder SpiralGen, Inc.

475 views • 26 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Introduction Meta-notes These notes are intended for

CS/COE 1520 pitt.edu/~ach54/cs1520 Introduction Meta-notes These notes are intended for

CS/COE 1520 pitt.edu/~ach54/cs1520 Introduction Meta-notes These notes are intended for use by students in CS1520 at the University of Pittsburgh. They are provided free of charge and may not be sold in any shape or form. These

539 views • 19 slides
Uses and Abuses of Server-Side Requests Giancarlo Pellegrino 1 , Onur Catakoglu 2 , Davide

Uses and Abuses of Server-Side Requests Giancarlo Pellegrino 1 , Onur Catakoglu 2 , Davide

Uses and Abuses of Server-Side Requests Giancarlo Pellegrino 1 , Onur Catakoglu 2 , Davide Balzarotti 2 , and Christian Rossow 1 giancarlo.pellegrino@cispa.saarland 19th International Symposium on Research in Attacks, Intrusions and Defenses

564 views • 38 slides
IT350: Web & Internet Programming JavaScript Dynamic HTML CGI / PHP Set 12: CGI

IT350: Web & Internet Programming JavaScript Dynamic HTML CGI / PHP Set 12: CGI

Things well learn and do HTML5 basics, tables, forms Cascading Style Sheets IT350: Web & Internet Programming JavaScript Dynamic HTML CGI / PHP Set 12: CGI and PHP 1 Outline The Three-Tier Architecture

362 views • 18 slides
Announcements Class cancelled on Wednesday Web Security CS642:

Announcements Class cancelled on Wednesday Web Security CS642:

Announcements Class cancelled on Wednesday Web Security CS642: Computer Security Professor Ristenpart h=p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot

516 views • 36 slides

More recommend