Steven Englehardt
ABSTRACT
We study the ability of a passive eavesdropper to leverage "third-party" HTTP tracking cookies for mass surveillance. If two web pages embed the same tracker which tags the browser with a unique cookie, then the adversary can link visits to those pages from the same user (i.e., browser instance) even if the user's IP address varies. Further, many popular websites leak a logged-in user's identity to an eavesdropper in unencrypted traffic. To evaluate the effectiveness of our attack, we introduce a methodology that combines web measurement and network measurement. Using OpenWPM, our web privacy measurement platform, we simulate users browsing the web and find that the adversary can reconstruct 62-73% of a typical user's browsing history. We then analyze the effect of the physical location of the wiretap as well as legal restrictions such as the NSA's "one-end foreign" rule. Using measurement units in various locations - Asia, Europe, and the United States - we show that foreign users are highly vulnerable to the NSA's dragnet surveillance due to the concentration of third-party trackers in the U.S. Finally, we find that some browser-based privacy tools mitigate the attack while others are largely ineffective.
- ShareMeNot: Protecting against tracking from third-party social media buttons while still allowing you to use them. https://sharemenot.cs.washington.edu.Google Scholar
- TrackingObserver: A Browser-Based Web Tracking Detection Platform. http://trackingobserver.cs.washington.edu.Google Scholar
- Executive Order 12333{United States intelligence activities. http://www.archives.gov/federal-register/codification/executive-order/12333.html, 1981.Google Scholar
- NSA 'planned to discredit radicals over web-porn use'. http://www.bbc.co.uk/news/technology-25118156, November 2013.Google Scholar
- 'Tor Stinks' presentation - read the full document. http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document, October 2013.Google Scholar
- G. Acar, C. Eubank, S. Englehardt, M. Juarez, A. Narayanan, and C. Diaz. The Web never forgets: Persistent tracking mechanisms in the wild. In Conference on Computer and Communications Security (CCS). ACM, 2014. Google ScholarDigital Library
- G. Acar, M. Juarez, N. Nikiforakis, C. Diaz, S. Gurses, F. Piessens, and B. Preneel. FPDetective: dusting the web for fingerprinters. In Conference on Computer and Communications Security (CCS). ACM, 2013. Google ScholarDigital Library
- A. Arnbak and S. Goldberg. Loopholes for circumventing the constitution: Warrantless bulk surveillance on americans by collecting network traffic abroad, 2014.Google Scholar
- M. Ayenson, D. J. Wambach, A. Soltani, N. Good, and C. J. Hoofnagle. Flash cookies and privacy II: Now with HTML5 and ETag respawning. World Wide Web Internet And Web Information Systems, 2011.Google ScholarCross Ref
- M. Balakrishnan, I. Mohomed, and V. Ramasubramanian. Where's that phone?: geolocating IP addresses on 3G networks. In Internet Measurement Conference (IMC). ACM, 2009. Google ScholarDigital Library
- R. Balebako, P. Leon, R. Shay, B. Ur, Y. Wang, and L. Cranor. Measuring the Effectiveness of Privacy Tools for Limiting Behavioral Advertising.Google Scholar
- J. Ball. NSA stores metadata of millions of web users for up to a year, secret files show. http://www.theguardian.com/world/2013/sep/30/nsa-americans-metadata-year-documents, 2013.Google Scholar
- P. E. Black. Ratcliff/Obershelp pattern recognition. http://xlinux.nist.gov/dads/HTML/ratcliffObershelp.html, December 2004.Google Scholar
- E. Bursztein. Tracking users that block cookies with a HTTP redirect. http://www.elie.net/blog/security/tracking-users-that-block-cookies-with-a-http-redirect, 2011.Google Scholar
- S. Chen, R. Wang, X. Wang, and K. Zhang. Side-channel leaks in web applications: A reality today, a challenge tomorrow. In Security and Privacy (S&P). IEEE, 2010. Google ScholarDigital Library
- A. Clement. IXmaps{Tracking your personal data through the NSA's warrantless wiretapping sites. In International Symposium on Technology and Society (ISTAS). IEEE, 2013.Google Scholar
- B. Elgin and V. Silver. The Surveillance Market and Its Victims. http://www.bloomberg.com/data-visualization/wired-for-repression/, 2011.Google Scholar
- S. Englehardt, C. Eubank, P. Zimmerman, D. Reisman, and A. Narayanan. Web Privacy Measurement: Scientific principles, engineering platform, and new results. Manuscript, 2014.Google Scholar
- R. Gallagher. Operation Socialist: The Inside Story of How British Spies Hacked Belgium's Largest Telco. https://firstlook.org/theintercept/2014/12/13/belgacom-hack-gchq-inside-story/, 2014.Google Scholar
- Ghostery. Are we private yet? http://www.areweprivateyet.com/.Google Scholar
- S. Gorman and J. Valentino-Devries. New Details Show Broader NSA Surveillance Reach. http://online.wsj.com/news/articles/SB10001424127887324108204579022874091732470, 2013.Google Scholar
- G. Greenwald and S. Ackerman. How the NSA is still harvesting your online data. http://www.theguardian.com/world/2013/jun/27/nsa-online-metadata-collection, 2013.Google Scholar
- M. Hastak and M. J. Culnan. Persistent and unblockable cookies using HTTP headers. http://www.nikcub.com/posts/persistant-and-unblockable-cookies-using-http-headers, 2011.Google Scholar
- D. Herrmann, R. Wendolsky, and H. Federrath. Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naive-Bayes Classifier. In Workshop on Cloud Computing Security (CCSW). ACM, 2009. Google ScholarDigital Library
- A. Hintz. Fingerprinting Websites Using Traffic Analysis. In Privacy Enhancing Technologies. Springer, 2003. Google ScholarDigital Library
- J. Hoffman-Andrews. Verizon Injecting Perma-Cookies to Track Mobile Customers, Bypassing Privacy Controls. https://www.eff.org/deeplinks/2014/11/verizon-x-uidh, 2014.Google Scholar
- B. Krishnamurthy, K. Naryshkin, and C. Wills. Privacy leakage vs. Protection measures: the growing disconnect. In Web 2.0 Security & Privacy (W2SP). IEEE, 2011.Google Scholar
- B. Krishnamurthy and C. Wills. Privacy diffusion on the Web: a longitudinal perspective. In International Conference on World Wide Web (WWW). ACM, 2009. Google ScholarDigital Library
- B. Krishnamurthy and C. E. Wills. On the Leakage of Personally Identifiable Information Via Online Social Networks. In Workshop on Online Social Networks (WOSN). ACM, 2009. Google ScholarDigital Library
- B. Krishnamurthy and C. E. Wills. Privacy leakage in mobile online social networks. In Conference on Online Social Networks (COSN). USENIX, 2010. Google ScholarDigital Library
- M. Lee. Secret "BADASS" Intelligence Program Spied on Smartphones. https://firstlook.org/theintercept/2015/01/26/secret-badass-spy-program/, 2015.Google Scholar
- B. Liu, A. Sheth, U. Weinsberg, J. Chandrashekar, and R. Govindan. AdReveal: Improving Transparency Into Online Targeted Advertising. In Workshop on Hot Topics in Networks (HotNets). ACM, 2013. Google ScholarDigital Library
- D. Madory, C. Cook, and K. Miao. Who Are the Anycasters? In Proceedings of NANOG59, 10 2013.Google Scholar
- D. Malandrino, A. Petta, V. Scarano, L. Serra, and R. Spinelli. Privacy awareness about information leakage: Who knows what about me? In Workshop on Privacy in the Electronic Society (WPES). ACM, 2013. Google ScholarDigital Library
- J. Mayer. Tracking the Trackers: Self-Help Tools. https://cyberlaw.stanford.edu/blog/2011/09/tracking-trackers-self-help-tools, September 2011.Google Scholar
- J. Mayer and E. W. Felten. The Web is Flat. http://webpolicy.org/2013/10/30/the-web-is-flat/, 2013.Google Scholar
- J. R. Mayer and J. C. Mitchell. Third-party web tracking: Policy and technology. In Security and Privacy (S&P). IEEE, 2012. Google ScholarDigital Library
- A. M. McDonald and L. F. Cranor. Survey of the use of Adobe Flash local shared objects to respawn HTTP cookies. ISJLP, 7:639, 2011.Google Scholar
- S. J. Murdoch and G. Danezis. Low-cost traffic analysis of Tor. In Security and Privacy (S&P). IEEE, 2005. Google ScholarDigital Library
- S. J. Murdoch and P. Zielinski. Sampled Traffic Analysis by Internet-Exchange-Level Adversaries. In Privacy Enhancing Technologies. Springer, 2007. Google ScholarDigital Library
- N. Nikiforakis, A. Kapravelos, W. Joosen, C. Kruegel, F. Piessens, and G. Vigna. Cookieless monster: Exploring the ecosystem of web-based device fingerprinting. In Security and Privacy (S&P). IEEE, 2013. Google ScholarDigital Library
- L. Olejnik, T. Minh-Dung, C. Castelluccia, et al. Selling Off Privacy at Auction. 2013.Google Scholar
- A. Panchenko, L. Niessen, A. Zinnen, and T. Engel. Website Fingerprinting in Onion Routing Based Anonymization Networks. In Workshop on Privacy in the Electronic Society (WPES). ACM, 2011. Google ScholarDigital Library
- M. Perry, E. Clark, and S. Murdoch. The design and implementation of the Tor browser {DRAFT}. https://www.torproject.org/projects/torbrowser/design, November 2014.Google Scholar
- F. Roesner, T. Kohno, and D. Wetherall. Detecting and Defending Against Third-Party Tracking on the Web. In Networked Systems Design and Implementation (NDSI). USENIX, 2012. Google ScholarDigital Library
- A. Soltani, S. Canty, Q. Mayo, L. Thomas, and C. J. Hoofnagle. Flash Cookies and Privacy. In AAAI Spring Symposium: Intelligent Information Privacy Management, 2010.Google Scholar
- A. Soltani, A. Peterson, and B. Gellman. NSA uses Google cookies to pinpoint targets for hacking. http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/nsa-uses-google-cookies-to-pinpoint-targets-for-hacking, December 2013.Google Scholar
- D. X. Song, D. Wagner, and X. Tian. Timing Analysis of Keystrokes and Timing Attacks on SSH. In Security Symposium. USENIX, 2001. Google ScholarDigital Library
- A. M. White, A. R. Matthews, K. Z. Snow, and F. Monrose. Phonotactic reconstruction of encrypted VoIP conversations: Hookt on fon-iks. In Security and Privacy (S&P). IEEE, 2011. Google ScholarDigital Library
- T.-F. Yen, Y. Xie, F. Yu, R. P. Yu, and M. Abadi. Host fingerprinting and tracking on the web: Privacy and security implications. In Network and Distributed System Security Symposium (NDSS). IEEE, 2012.Google Scholar
- M. Zalewski. Rapid history extraction through non-destructive cache timing (v8). http://lcamtuf.coredump.cx/cachetime/.Google Scholar
Index Terms
- Cookies That Give You Away: The Surveillance Implications of Web Tracking
Recommendations
Cookies and Web browser design: toward realizing informed consent online
CHI '01: Proceedings of the SIGCHI Conference on Human Factors in Computing SystemsWe first provide criteria for assessing informed consent online. Then we examine how cookie technology and Web browser designs have responded to concerns about informed consent. Specifically, we document relevant design changes in Netscape Navigator and ...
Review: A survey on solutions and main free tools for privacy enhancing Web communications
Concern for privacy when users are surfing on the Web has increased recently. Nowadays, many users are aware that when they are accessing Web sites, these Web sites can track them and create profiles on the elements they access, the advertisements they ...
Online Tracking: A 1-million-site Measurement and Analysis
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityWe present the largest and most detailed measurement of online tracking conducted to date, based on a crawl of the top 1 million websites. We make 15 types of measurements on each site, including stateful (cookie-based) and stateless (fingerprinting-...
Comments