Third Party Web Tracking Policy and Technology based on the paper of Jonathan R. Mayer and John C. Mitchell Stanford University Stanford, CA

Slides:

Advertisements

Similar presentations

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Assessing Privacy Risks of Flash Cookies Kevin Fuller and Stacy Jordan February.

Advertisements

Hart District Acceptable Use Policy Acceptable Use Policy.

Google Docs is a free, web-based office suite offered by Google within its Google Drive service. It was formerly a storage service as well, but has since.

On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.

Chapter 11 Privacy Policies and Behavioral Marketing.

Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Jared Cinque Section 6.  Internet tracking is the process of following internet activity backwards from recipient to user through a special type of software.

WEB ANALYTICS Prof Sunil Wattal. Business questions How are people finding your website? What pages are the customers most interested in? Is your website.

HTTP: cookies and advertising Concepts to cover:  web page content (including ads) from multiple site: composition at client  cookies  third-party cookies:

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

Computer Concepts 2014 Chapter 7 The Web and .

ITIS 1210 Introduction to Web-Based Information Systems Chapter 48 How Internet Sites Can Invade Your Privacy.

Chapter 16 The World Wide Web Chapter Goals Compare and contrast the Internet and the World Wide Web Describe general Web processing Describe several.

Web Mastering Module Internet Fundamentals. What is the Internet? –Global network of networks –Communicating using same set of rules (protocols/languages)

CP476 Internet Computing Lecture 5 : HTTP, WWW and URL 1 Lecture 5. WWW, HTTP and URL Objective: to review the concepts of WWW to understand how HTTP works.

Adapted from Computer Concepts, New Perspectives, Thompson Course Technology EDW 647: The Internet Dr. Roger Webster & Dr. Nazli Mollah 24 Cookies: What.

INTERNET PRIVACY Marketing companies The cookie leak security hole in the HTML messages The Web Bug Can we trust the privacy.

Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.

CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.

The Internet Industry Week Four. RISE OF THE INTERNET THE INTERNET – a global system of interconnected private, public, academic, business, and government.

Chapter 8 Cookies And Security JavaScript, Third Edition.

Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.

COOKIES. INTERNET COOKIES What are they Where are they found What should you do about them.

CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

Protecting Students on the School Computer Network Enfield High School.

E-Privacy and Cookies: Legal Aspects. E-Privacy Directive 2002/58, amended by 136/2009 Main amendments focus on DBN (security) and confidentiality of.

Lecture 6 Title: Web Planning, Designing, Developing for E-Marketing By: Mr Hashem Alaidaros MKT 445.

U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.

Web Database Programming Week 7 Session Management & Authentication.

Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.

© 2010 Computer Science Faculty, Kabul University HTTP CONTINUED… 4 TH LECTURE 2, May, 2010 Baseer Ahmad Baheer.

Web Technologies Interactive Responsiveness Function Hypertext Web E-Publishing Simple Response Web Fill-in Forms Object Web « Full-Blown » Client/Server.

Internet Architecture and Governance

Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has.

Restoring Privacy, Cleaning Your Computer's Cookies and Beacons.

Cookies / Sessions Week 10 TCNJ Web 2 Jean Chu. Webpages have no memories.

1 PHP HTTP After this lecture, you should be able to know: How to create and process web forms with HTML and PHP. How to create and process web forms with.

COSC 2328 – Web Programming.  PHP is a server scripting language  It’s widely-used and free  It’s an alternative to Microsoft’s ASP and Ruby  PHP.

8-Mar-16 More About Servlets Session Tracking. Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information:

Unit-6 Handling Sessions and Cookies. Concept of Session Session values are store in server side not in user’s machine. A session is available as long.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

STOP. THINK. CONNECT. Online Safety Quiz. Round 1: Safety and Security.

Protecting your search privacy A lesson plan created & presented by Maria Bernhey (MLS) Adjunct Information Literacy Instructor

Top Ten Ways to Protect Privacy Online -Abdul M. Look for privacy policies on Web Sites  Web sites can collect a lot of information about your visit.

Windows Vista Configuration MCTS : Internet Explorer 7.0.

Some from Chapter 11.9 – “Web” 4 th edition and SY306 Web and Databases for Cyber Operations Cookies and.

CS 115: COMPUTING FOR THE SOCIO-TECHNO WEB TECHNOLOGIES FOR PRIVATE (AND NOT-SO-PRIVATE) COMMUNICATIONS.

Facebook privacy policy

CSE 154 Lecture 20: Cookies.

"Our vision is to be earth's most customer-centric company; to build a place where people can come to find and discover anything they might want to buy.

The Internet Industry Week Two.

Latest Updates on BlackHawk Mines Music : Privacy Policy

Auditing Etsy The Security of Etsy

What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.

Unit 27 Web Server Scripting Extended Diploma in ICT

CSc 337 Lecture 27: Cookies.

Back end Development CS Programming Languages for Web Applications

Back end Development CS Programming Languages for Web Applications

CSc 337 Lecture 25: Cookies.

Presentation transcript:

Third Party Web Tracking Policy and Technology based on the paper of Jonathan R. Mayer and John C. Mitchell Stanford University Stanford, CA

Overview Website creators were mostly responsible for their content themselves Today content is aggregated from a lot of different sources Third party content seems to come for free but... There's a hidden price tag! But where?

Third party content on SFGate

SFGate's Privacy Policy - the fine print Web Site Usage Information (i) Cookies We may use "cookies" to keep, and sometimes track, information about you. Cookies are small data files that are sent to your browser or related software from a Web server when you visit it and are stored on your computer's hard drive for record keeping purposes. Cookies track where you travel on our Web Site and what you look at and purchase. They may store the information in your shopping cart, and/or your username and password. A cookie may enable us to relate your use of our Web Site to other information about you, including your Personal Information. These purposes serve to improve and personalize your experience on our Web Site. You may occasionally get cookies from our advertisers, which is standard in the internet industry. We do not control these cookies, and these cookies are not subject to our privacy policies. Most Web browsers can be set to inform you when a cookie has been sent to you and provide you with the opportunity to refuse that cookie. Additionally, if you have a Flash player installed on your computer, your Flash player can be set to reject or delete Flash cookies. However, refusing a cookie may, in some cases, preclude you from using, or negatively impact the display or function of, the Web Site or certain areas or features of the Web Site.

How does a third party get the information it is looking for? HTTP Referrer (Use POST Requests!) document.title UserID in URLS (e.g Facebook) Scripts included in body of website can read the whole page! Some first parties deliberately make information available o (Homedepot, Wall Street Journal)

What kind of information is gathered? Location Interests Purchases Employment status Sexual orientation, Financial challenges Medical conditions....and much more.....

Never mind the Cookies - here comes the Supercookies! Roughly 5 billion internet connected devices need a - 32 bit identifier - seems like a lot.... But there's a way! How? Standard HTTP cookies, CSS history scanning, Flash cookies, HTTP etags, IE userData, HTML5 session cookies, HTML5 local storage, HTML5 global storage and HTML5 database storage via SQLite....

And even without cookies! (Stateless tracking) Active fingerprinting o os, cpu, clock skew time zone, display settings, installed fonts, plugins.... Passive fingerprinting o IP address, os, user agent, language, accept headers 2010 sample of 500,000 browsers over 80 percent identified! Over 90% with flash & java installed!

Users don't seem to like it! Survey results indicate a strong dislike of "targeted marketing"... No advertising based on tracking! (2009 Phone Survey Turow et al 87%) Behavioral targeting should be illegal! (2010 Poll USA Today Gallup 67%) "not okay" with behavioral advertising! (2012 Phone Survey Pew Research 68%)

So is this legal - in the US? FTC prevent "unfair" or "deceptive" behaviour - tracking related to "deceptive" behaviour First violation small (if any) payment, subsequent violation gets monetary penalties 2011 three(!) enforcement actions Advertising industry's self-regulatory programs concentrates on use of data

And what about the EU? 2002 ePrivacy directive only "strictly necessary" and "explicitly requested" information, "opt out" (almost no implications) 2009 amendment to "opt in" (no enforced compliance) 2012 consent must be explicit, penalties up to 2% of revenue Notion of "essential" cookies - a lot of room for interpretation....

Opt Out Cookies I Recently on SFGATE..

Opt Out Cookies II

Opt Out cookies III Fight fire with fire? Set Cookies to prevent other cookies from being set Manual updating - useability? Expiration? Clear cookies (and opt-out cookies) Can be undone by third party itself - opt out from behavioral targeting doesn't include the user is not tracked anymore!

Some remedies... Blocking o Use a browser extension to block third parties from setting cookies via blacklists. o Performance varies (Fanboy's list, down to TRUSTe) o Can be effective but Usability issues! Do not Track? o Simply setting an httpheader DNT:1 o presently standardized by W3C, no consensus reached yet o Lacking browser support o And who cares anyway?

But no cure! You can't hide from being Tracked! (Image courtesy of NDR Germany)