Presentation is loading. Please wait.

Presentation is loading. Please wait.

Georgios Kontaxis‡, Michalis Polychronakis‡, Angelos D. Keromytis‡, and Evangelos P.Markatos* ‡Columbia University and *FORTH-ICS USENIX-SEC (August, 2012)

Published byDaisy Henderson Modified over 8 years ago

Similar presentations

Presentation on theme: "Georgios Kontaxis‡, Michalis Polychronakis‡, Angelos D. Keromytis‡, and Evangelos P.Markatos* ‡Columbia University and *FORTH-ICS USENIX-SEC (August, 2012)"— Presentation transcript:

1 Georgios Kontaxis‡, Michalis Polychronakis‡, Angelos D. Keromytis‡, and Evangelos P.Markatos* ‡Columbia University and *FORTH-ICS USENIX-SEC (August, 2012) Reporter: 鍾怡傑 2013/05/06

2  Introduction  Privacy Risks of Social Plug-ins  Preventing Privacy Leaks  Implementation  Experimental Evaluation  Discussion  Summary

3  Social plug-ins today pose a serious privacy risk that most users don’t know about  Privacy risk remains even if one doesn’t use social plug-ins  We propose and implement a novel design for privacy preserving social plug-ins without sacrifices in functionality  Our design could be adopted by social networks as service

4  Provided by online social networking services (SNS)  Included in third-party Web sites  Enable users to interact with the page content through their social identity via a series of actions:  Offer personalized information based on social data

5  Facebook has 955 million users (Facebook Newsroom 2012)  33% of the Top 10K Web sites have integrated the Like button  Google Mail has 425 million users (Google I/O 2012)  22% of the Top 10K Web sites have integrated the +1 button http://trends.builtwith.com/widgets

6

7

8  The ubiquity of social plug-ins enables cross-site tracking  Social networking services know the user’s real name  Don’t have to interact with a plug-in  Cannot know beforehand whether a page carries social plug-ins 您的帳號已經被凍結,原因是我們發現您在 Facebook 上未使用您的真實身份 …… 無論理由為何,我們都無法重新啟用您的帳號 …… 此為最終決定,無法更改

9

10

11  Logging Out of the Social Networking Service? ◦ In 2011 at least 3 FB cookies persisted after logout One of them was the user’s unique ID!  Facebook classified this as a bug and fixed it ◦ Today (2012) at least 2 cookies persist  uniquely identify “public computers”, “suspicious activity” (a)Never logged in Facebook (b)Logged in, then logged out (c)While logged in

12  Disabling Third-party Cookies? ◦ Social plug-ins will render as if the user is not a member of the social networking service ◦ However, doesn’t always protect from third-party tracking

13  Enabling the Do Not Track HTTP Header?Do Not Track HTTP Header ◦ Policy technique, no technical enforcement ◦ The definition of tracking is still up for discussion ◦ Very few sites support it at the moment

14 IE9 IE10  Click here to add an empty Tracking Protection list Click here to add an empty Tracking Protection list  When prompted, click the "Add List" button:  This preference is set by default for you in IE10 javascript:window.external.msAddTrackingProtectionList('list.txt', 'Turn on Do Not Track preference');

15 FirefoxSafari  On the Options dialog, click the "Privacy" button

16

17  Removing third parties from Web pages? ◦ Commonly used to filter out advertisements ◦ Social plug-ins will not appear in the page at all ◦ Users lose the option of viewing and/or interacting  with some of the social plug-ins if they want to Facebook BlockerShareMeNotDoNotTrackMe

18  Users are asked to choose between: ◦ Privacy but also loss of personalization or social plug-ins altogether OR ◦ Functionality but also sharing Web activity with social networks

19

20  For Chrome and Firefox  Disables the original social plug-ins  SafeButton DOM replacements preserve the same (personalized) content  Upon interaction, the original plug-in is loaded to enable write functionality http://www.cs.columbia.edu/~kontaxis/safebutton/

21 BeforeAfter

22

23

24

25

26

27  Web browser extensions are not good enough ◦ Users unaware of privacy risks of social plug-ins ◦ Users unwilling or unable to install extensions ◦ Adoption of AdBlock 3.1%, NoScript 0.4% in FirefoxAdBlockNoScript  Ideally we want a design offered by social networking services themselves  Implemented with Web technologies that enable an in-browser solution without additional software

28

29

30  Keeping social data locally in the client may introduce security risks (malware, snooping friends, stolen disk) ◦ Is it really that different from keeping the data in the cloud but running untrusted software in the user’s computer? ◦ It’s equally easy for tech-savvy friends to install key-logging software or inspect SafeButton’s data store ◦ An encrypted SafeButton data store will provide the same protection against disk theft as will the user’s practice of logging out (or not) from social networking services.

31  Identified privacy issues of current social plug-ins that most users aren’t aware of  Pointed out the dilemma between privacy and functionality  Presented our proposal for privacy-preserving social plug-ins which eliminates that dilemma  Suggested a novel design for privacy-preserving social plug-ins as a service

32 Q & A

Download ppt "Georgios Kontaxis‡, Michalis Polychronakis‡, Angelos D. Keromytis‡, and Evangelos P.Markatos* ‡Columbia University and *FORTH-ICS USENIX-SEC (August, 2012)"

Similar presentations

B: STUDENT DRIVE MOVE INSTRUCTIONS. Using Internet Explorer: From your computers desktop, double click on the Internet Explorer icon. (Internet Explorer.

B: STUDENT DRIVE MOVE INSTRUCTIONS. Using Internet Explorer: From your computers desktop, double click on the Internet Explorer icon. (Internet Explorer.
®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.
Web Programming 1 Darby Chang Web Programming. Cookie 2 Web Programming.

Web Programming 1 Darby Chang Web Programming. Cookie 2 Web Programming.
Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:
Chrome Extentions Vulnerabilities. Introduction Google Chrome Browser Chrome OS Platform Chrome Web Store Applications Open Source Platform.

Chrome Extentions Vulnerabilities. Introduction Google Chrome Browser Chrome OS Platform Chrome Web Store Applications Open Source Platform.
Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.

Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.
On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.

On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.
Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)

Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Mitigating Malware Collin Jackson CS142 – Winter 2009.

Mitigating Malware Collin Jackson CS142 – Winter 2009.
Social Media Remarketing Making the Most of Your Traffic.

Social Media Remarketing Making the Most of Your Traffic.
Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.
How to Protect Your PC Grayware Adware, Malware, Spyware.

How to Protect Your PC Grayware Adware, Malware, Spyware.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.

Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie(name, value, expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
MANAGING YOUR ONLINE PROFILE WHAT DOES THIS MEAN AND WHY SHOULD YOU CARE? Sarah Morris UT Libraries.

MANAGING YOUR ONLINE PROFILE WHAT DOES THIS MEAN AND WHY SHOULD YOU CARE? Sarah Morris UT Libraries.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

Similar presentations

Ads by Google