Georgios Kontaxis‡, Michalis Polychronakis‡, Angelos D. Keromytis‡, and Evangelos P.Markatos* ‡Columbia University and *FORTH-ICS USENIX-SEC (August, 2012)

Slides:



Advertisements
Similar presentations
B: STUDENT DRIVE MOVE INSTRUCTIONS. Using Internet Explorer: From your computers desktop, double click on the Internet Explorer icon. (Internet Explorer.
Advertisements

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.
Web Programming 1 Darby Chang Web Programming. Cookie 2 Web Programming.
Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:
Chrome Extentions Vulnerabilities. Introduction Google Chrome Browser Chrome OS Platform Chrome Web Store Applications Open Source Platform.
Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.
On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.
Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Mitigating Malware Collin Jackson CS142 – Winter 2009.
Social Media Remarketing Making the Most of Your Traffic.
Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.
How to Protect Your PC Grayware Adware, Malware, Spyware.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
MANAGING YOUR ONLINE PROFILE WHAT DOES THIS MEAN AND WHY SHOULD YOU CARE? Sarah Morris UT Libraries.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Google Chrome Your Customized Google Buddy April 2012 John Riley and Denise Tate-Kuhler.
With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.
Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?
Data Security.
Ben Miller. Shawn “Jay Z” Carter  Rapper, Producer, Entrepreneur, Investor and Sports Agent  Worth nearly $500 Million  Arguably the most successful.
Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely presents:
COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.
I Do Not Know What You Visited Last Summer: Protecting users from stateful third-party web tracking with TrackingFree browser Xiang Pan §, Yinzhi Cao †,
Ad placed based on my visit to a page on Lulu.com.
July 2014 LCCU Meeting We’ll answers members’ questions: –Demonstrate the basics of using the Firefox browser. –What is a sandbox, how does a PC use one.
Olof Nilsson.  Ex: Facebook, MySpace, LinkedIn ◦ Allows users to create web pages or profiles that provide information about themselves and are available.
Module 5: Configuring Internet Explorer and Supporting Applications.
Presented by: Sanketh Beerabbi University of Central Florida.
U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.
Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?
Inclusive Education Planning Tool IEPT3 Technical Brief Presented by: Kim Brockhoff, Paul Redman & Catherine Walker.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
University of Central Florida The Postman Always Rings Twice: Attacking & Defending postMessage in HTML5 Websites Ankur Verma University of Central Florida,
Protecting Browsers from Extension Vulnerabilities Paper by: Adam Barth, Adrienne Porter Felt, Prateek Saxena at University of California, Berkeley and.
1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011.
Internet Safety and Productivity Tips Presented by ITS Kerri Sorenson and Sean Hernandez December 11, 8:30-9:00 am.
Web Browsing *TAKE NOTES*. Millions of people browse the Web every day for research, shopping, job duties and entertainment. Installing a web browser.
Society & Computers PowerPoint
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Introduction Web analysis includes the study of users’ behavior on the web Traffic analysis – Usage analysis Behavior at particular website or across.
Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.
Part A. Remote Viewing IP Surveillance Camera Application Guide.
Goals Be able to identify the parts of a URL Determine the safeness of a link Know the best places to find the info you need Know how to deal with toolbars.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Remove [Browser Hijackers] For more information regarding [Browser Hijackers] Please Visit:
Windows Vista Configuration MCTS : Internet Explorer 7.0.
Some from Chapter 11.9 – “Web” 4 th edition and SY306 Web and Databases for Cyber Operations Cookies and.
Which is better Avast Free Edition or Avast Pro Version?
Windows Tutorial 5 Protecting Your Computer
IT Security Awareness Day October 19, 2016
Hotspot Shield Protect Your Online Identity
Full Page Watermarking
Practical Censorship Evasion Leveraging Content Delivery Networks
OWASP CONSUMER TOP TEN SAFE WEB HABITS
Shavonne Henry, Nikia Clarke, David Heymann, Brandon Knight
Dynamic Web Page A dynamic web page is a kind of web page that has been prepared with fresh information (content and/or layout), for each individual viewing.
How To Use As Another Account On Gmail
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Web Privacy Chapter 6 – pp 125 – /12/9 Y K Choi.
Privacy and Data Mining
Francesco Giarletta.
Windows Vista Inside Out
Personal Privacy and the Public Internet
Cross Site Request Forgery (CSRF)
Presentation transcript:

Georgios Kontaxis‡, Michalis Polychronakis‡, Angelos D. Keromytis‡, and Evangelos P.Markatos* ‡Columbia University and *FORTH-ICS USENIX-SEC (August, 2012) Reporter: 鍾怡傑 2013/05/06

 Introduction  Privacy Risks of Social Plug-ins  Preventing Privacy Leaks  Implementation  Experimental Evaluation  Discussion  Summary

 Social plug-ins today pose a serious privacy risk that most users don’t know about  Privacy risk remains even if one doesn’t use social plug-ins  We propose and implement a novel design for privacy preserving social plug-ins without sacrifices in functionality  Our design could be adopted by social networks as service

 Provided by online social networking services (SNS)  Included in third-party Web sites  Enable users to interact with the page content through their social identity via a series of actions:  Offer personalized information based on social data

 Facebook has 955 million users (Facebook Newsroom 2012)  33% of the Top 10K Web sites have integrated the Like button  Google Mail has 425 million users (Google I/O 2012)  22% of the Top 10K Web sites have integrated the +1 button

 The ubiquity of social plug-ins enables cross-site tracking  Social networking services know the user’s real name  Don’t have to interact with a plug-in  Cannot know beforehand whether a page carries social plug-ins 您的帳號已經被凍結,原因是我們發現您在 Facebook 上未使用您的真實身份 …… 無論理由為何,我們都無法重新啟用您的帳號 …… 此為最終決定,無法更改

 Logging Out of the Social Networking Service? ◦ In 2011 at least 3 FB cookies persisted after logout One of them was the user’s unique ID!  Facebook classified this as a bug and fixed it ◦ Today (2012) at least 2 cookies persist  uniquely identify “public computers”, “suspicious activity” (a)Never logged in Facebook (b)Logged in, then logged out (c)While logged in

 Disabling Third-party Cookies? ◦ Social plug-ins will render as if the user is not a member of the social networking service ◦ However, doesn’t always protect from third-party tracking

 Enabling the Do Not Track HTTP Header?Do Not Track HTTP Header ◦ Policy technique, no technical enforcement ◦ The definition of tracking is still up for discussion ◦ Very few sites support it at the moment

IE9 IE10  Click here to add an empty Tracking Protection list Click here to add an empty Tracking Protection list  When prompted, click the "Add List" button:  This preference is set by default for you in IE10 javascript:window.external.msAddTrackingProtectionList('list.txt', 'Turn on Do Not Track preference');

FirefoxSafari  On the Options dialog, click the "Privacy" button

 Removing third parties from Web pages? ◦ Commonly used to filter out advertisements ◦ Social plug-ins will not appear in the page at all ◦ Users lose the option of viewing and/or interacting  with some of the social plug-ins if they want to Facebook BlockerShareMeNotDoNotTrackMe

 Users are asked to choose between: ◦ Privacy but also loss of personalization or social plug-ins altogether OR ◦ Functionality but also sharing Web activity with social networks

 For Chrome and Firefox  Disables the original social plug-ins  SafeButton DOM replacements preserve the same (personalized) content  Upon interaction, the original plug-in is loaded to enable write functionality

BeforeAfter

 Web browser extensions are not good enough ◦ Users unaware of privacy risks of social plug-ins ◦ Users unwilling or unable to install extensions ◦ Adoption of AdBlock 3.1%, NoScript 0.4% in FirefoxAdBlockNoScript  Ideally we want a design offered by social networking services themselves  Implemented with Web technologies that enable an in-browser solution without additional software

 Keeping social data locally in the client may introduce security risks (malware, snooping friends, stolen disk) ◦ Is it really that different from keeping the data in the cloud but running untrusted software in the user’s computer? ◦ It’s equally easy for tech-savvy friends to install key-logging software or inspect SafeButton’s data store ◦ An encrypted SafeButton data store will provide the same protection against disk theft as will the user’s practice of logging out (or not) from social networking services.

 Identified privacy issues of current social plug-ins that most users aren’t aware of  Pointed out the dilemma between privacy and functionality  Presented our proposal for privacy-preserving social plug-ins which eliminates that dilemma  Suggested a novel design for privacy-preserving social plug-ins as a service

Q & A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.