This work was supported by the TRUST Center (NSF award number CCF-0424422) Methods Data Collection: 1. Start Sever on the host OS: This creates a sanitized.

Slides:



Advertisements
Similar presentations
The Internet and the Web
Advertisements

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Assessing Privacy Risks of Flash Cookies Kevin Fuller and Stacy Jordan February.
This work was supported by the TRUST Center (NSF award number CCF ) Background In order to subsidize free services to consumers, web sites often.
This work was supported by the TRUST Center (NSF award number CCF ) 1 Introduction Within the last few years, online advertisement companies have.
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
This work was supported by the TRUST Center (NSF award number CCF ) 1. Setting up experiment on DETER testbed a)Created twelve pc backbone nodes.
WEB BROWSER SECURITY By Robert Sellers Brian Bauer.
On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.
This work was supported by the TRUST Center (NSF award number CCF ) Introduction With recent advances in technology comes an increase in the quantity.
Lauren Thomas 1,3 Chris Hoofnagle, JD 2 Ashkan Soltani, MIMS 2 Louisiana State University 1 University of California, Berkeley 2 SUPERB-TRUST REU 3 Do.
PGN5: KAING, RISHER AND SCHULTE PERSISTENT COOKIES WITH BROWSER FINGERPRINTING.
How’s My Network (HMN)? A Java approach to Home Network Measurement Alan Ritacco, Craig Wills, and Mark Claypool Computer Science Department Worcester.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Mapping Online Advertising: From Anxiety to Method Fernando Bermejo Fellow, Berkman Center for Internet & Society, Harvard University January 12th, 2010.
Firefox 2 Feature Proposal: Remote User Profiles TeamOne August 3, 2007 TeamOne August 3, 2007.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Introduction 2: Internet, Intranet, and Extranet J394 – Perancangan Situs Web Program Sudi Manajemen Universitas Bina Nusantara.
“InPrivate” Jennifer Bui MIS 304 September 4, 2008 Professor Fang Jennifer Bui MIS 304 September 4, 2008 Professor Fang.
March Intensive: XSS Exploits
FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Web Programming Language Dr. Ken Cosh Week 1 (Introduction)
1 Dr. Michael D. Featherstone Introduction to e-Commerce Revenue Generating Mechanisms.
Security of Cookies In A Public Computer Lab Setting Russell Fech November 30, 2000.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
By: Justin Mauss Privacy vs. Convenience. Agenda Finding the Balance: Privacy vs. Convenience Revisit Privacy vs. Convenience Overview of Online Tracking.
Data Security.
Prevent Cross-Site Scripting (XSS) attack
This work was supported by the TRUST Center (NSF award number CCF ) Introduction In 1995 Mary J. Culnan stated that ‘fair information practices.
This work was supported by the TRUST Center (NSF award number CCF ) Third Party Information Sharing Disclosure Practices Cody Rigney – Youngstown.
Adapted from Computer Concepts, New Perspectives, Thompson Course Technology EDW 647: The Internet Dr. Roger Webster & Dr. Nazli Mollah 24 Cookies: What.
Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.
Project Proposal Interface Design Website Coding Website Testing & Launching Website Maintenance.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
By William Cook.  How the internet works  How companies pay their bills  How to privately browse the internet.
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
How the Web Works Building a Website – Lesson 1. How People Access the Web Browsers People access websites using software called a web browser. To view.
ASP.Net, Web Forms and Web Controls 1 Outline Session Tracking Cookies Session Tracking with HttpSessionState.
Safe browsing - is an ad-blocker extension enough? AIMILIOS TSOUVELEKAKIS IT-DI-CSO IT LIGHTNING TALK – 12/
Search Engine using Web Mining COMS E Web Enhanced Information Mgmt Prof. Gail Kaiser Presented By: Rupal Shah (UNI: rrs2146)
PRIVATE INFORMATION EXPOSURE IN ONLINE SOCIAL NETWORKS WITH IOS, ANDROID AND SYMBIAN MOBILE DEVICES Security and Cooperation in Wireless Networks Laboratory.
1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011.
Web Browsing *TAKE NOTES*. Millions of people browse the Web every day for research, shopping, job duties and entertainment. Installing a web browser.
This work was supported by the TRUST Center (NSF award number CCF ) Many internet users blindly trust websites that actually misuse their information.
ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,
CSRF Attacks Daniel Chen 11/18/15. What is CSRF?  Cross Site Request Forgery (Sea-Surf)  AKA XSRF/ One Click / Sidejacking / Session Riding  Exploits.
1 Trustworthy Browsing Ian Moulster Software + Services Lead Microsoft Ltd.
COM: 111 Introduction to Computer Applications Department of Information & Communication Technology Panayiotis Christodoulou.
Introduction Web analysis includes the study of users’ behavior on the web Traffic analysis – Usage analysis Behavior at particular website or across.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
1 Dr. Michael D. Featherstone Introduction to e-Commerce Revenue Generating Mechanisms.
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.
Fundamentals of Web DevelopmentRandy Connolly and Ricardo HoarFundamentals of Web DevelopmentRandy Connolly and Ricardo Hoar Fundamentals of Web DevelopmentRandy.
Some from Chapter 11.9 – “Web” 4 th edition and SY306 Web and Databases for Cyber Operations Cookies and.
Programming for the Web Cookies & Sessions Dónal Mulligan BSc MA
Internet Basics 10/23/2012. What is the Internet? It’s a world-wide network of computer networks. It grows hourly and involves national governments, communities,
Web Programming Language
CS 115: COMPUTING FOR The Socio-Techno Web
Internet Basics.
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
HTML5 and Local Storage.
Web Programming Language
CSc 337 Lecture 27: Cookies.
Find My Supplier Route to Implementation
Business Zone - Clearing your Cache
Exploring DOM-Based Cross Site Attacks
CSc 337 Lecture 25: Cookies.
Presentation transcript:

This work was supported by the TRUST Center (NSF award number CCF ) Methods Data Collection: 1. Start Sever on the host OS: This creates a sanitized VM guest environment 2. Start Client on the guest OS: This creates a Firefox instance at site 'x' (See Image 1) 3. Browse the web making 10 clicks on the same domain to simulate a user session. 4. Exit the browser: This will automatically do the data collection, and prompt the user to send the data to the server or “punt”(restart at domain 'x') 5. Browse next site. Note: The script will restart the VM at the next website on a new Respawning: Analysis of FLASH,HTTP, and HTML5 DATA Mika Ayenson – Worcester Polytechnic Institute, Dietrich Wambach – University of Wyoming Faculty : Professor Chris Hoofnagle, J.D., Mentors : Nathan Good, Ph.D, Ashkan Soltani Abstract Web tracking is an increasingly demonstrated technique that websites are using to determine private and sensitive information about their users. Companies employ a number of techniques to track users in order to place advertisements and measure usage of websites. It is generally agreed that users can avoid this tracking by deleting or blocking cookies. Here, we investigate techniques employed by website owners to track individuals persistently, even where they take privacy- protective steps. Background Flash and HTTP cookies have been the cranking engine behind user tracking. With the introduction of HTML5 local storage data, it has provided further areas of research. The 2009 Flash study similarly analyzed the top 100 websites in order to determine how Flash and Http cookies were being used. 54 of the sites set 157 LSOs, and 98 of the sites set 3,602 HTTP cookies[1]. Cookies not only have the power to track a user, but also to respawn previously deleted cookies. The study discovered HTTP cookie's respawning on several websites including about.com, hulu.com, aol.com, and mapquest.com. HTML5 data is very analogous to Flash and HTTP cookies in being able to respawn HTTP cookies or Flash cookies, thus it is just as vital to test if HTML5 is respawning user deleted data. Project Goals The overall goal of this project is to expose the potential threat of user tracking devices deployed by websites, while developing an overall survey on the tracking usage per device. These devices include, HTTP Cookies, FLASH Cookies, and HTML5 local storage data. It is also important to determine if these websites are using these devices to respawn user deleted tracking devices. Results/Outcomes HTTP Seen on all 100 websites Detected 5,675 7 websites placed more than 150 (wikia.com, 242; legacy.com, 230; foxnews.com, 185; bizrate.com, 175; drudgereport.com, 168; myspace.com, 151; time.com 151) FLASH Seen on 37 websites (decrease from 2009 at 54) Detected 100 Shared values seen between HTML5 HTML5 Seen on 17 websites Detected 60 key/value pairs Shared values seen between FLASH and HTTP Respawning Hulu.com via HTTP and HTML5 -Kissmetrics is using ETags and an array of different tracking mechanisms to create a unique identifier and set it on first-party sites such as hulu.com -This method tracks the user even if she blocks Flash, HTML5, and HTTP cookies. Foxnews.com via FLASH and HTML5 Photo or graphic caption Conclusions/Future Work Over the last couple years, websites have shifted their tracking techniques in comparison to the 2009 Flash study. Fewer websites are using Flash to respawn cookies. In contrast, more websites are setting more HTTP cookies. Due to the spike in HTTP cookies, and the HTML5 tracking technique addition, there is a significant increase in overall cookies being set. This study is evidence that with HTML5 still gaining exposure and popularity, there is a growing threat of tracking users with this new technique. As future work, further exploration in sites not in the top 100 that are focusing on HTML5 development would provide more information on how the power of HTML5 is used. References [1] Soltani, Ashkan, Canty, Shannon, Mayo, Quentin, Thomas, Lauren and Hoofnagle, Chris Jay, Flash Cookies and Privacy (August 10, 2009). Available at SSRN: Acknowledgments I would like to thank TRUST (Team for Research in Ubiquitous Secure Technology) as well as the National Science Foundation for the support throughout this research experience. A special thank you is to Dr. Gates and my advisors Chris Hoofnagle, Nathan Good, and Ashkan Soltani for working with me on this project. Image 1 Image 3 Image 2

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.