nach oben

Annals of Telecommunications

Erschienen in:

01.02.2014

On the uniqueness of Web browsing history patterns

verfasst von: Lukasz Olejnik, Claude Castelluccia, Artur Janc

Erschienen in: Annals of Telecommunications | Ausgabe 1-2/2014

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

We present the results of the first large-scale study of the uniqueness of Web browsing histories, gathered from a total of 368,284 Internet users who visited a history detection demonstration website. Our results show that for a majority of users (69 %), the browsing history is unique and that users for whom we could detect at least four visited websites were uniquely identified by their histories in 97 % of cases. We observe a significant rate of stability in browser history fingerprints: for repeat visitors, 38 % of fingerprints are identical over time, and differing ones were correlated with original history contents, indicating static browsing preferences (for history subvectors of size 50). We report a striking result that it is enough to test for a small number of pages in order to both enumerate users’ interests and perform an efficient and unique behavioral fingerprint; we show that testing 50 Web pages is enough to fingerprint 42 % of users in our database, increasing to 70 % with 500 Web pages.

Vorheriger Artikel A survey on addressing privacy together with quality of context for context management in the Internet of Things

Nächster Artikel Privacy concerns in assisted living technologies

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

A preliminary version of this paper was presented at HotPETS 2012. However, HotPETS does not have proceedings and this work was not published yet. Among the main differences are the inclusion of Fig. 10 and related discussion in Section 5.1.2.

Alexa (2013) Alexa 500. http://alexa.com. Accessed 10 Feb 2009

Baron LD (2010) Preventing attacks on a user’s history through CSS :visited selectors. http://dbaron.org/mozilla/visited-privacy. Accessed 20 March 2010

Bortz A, Boneh D (2007) Exposing private information by timing web applications. In: Proceedings of the 16th international conference on World Wide Web. WWW ’07, pp 621–628. ACM, New York

Bugzilla (2002) Bug 147777 - : visited support allows queries into global history. https://bugzilla.mozilla.org/show_bug.cgi?id=147777

Eckersley P (2010) How unique is your web browser? In: 10th international symposium on privacy enhancing technologies, pp 1–18

Felten EW, Schneider MA (2000) Timing attacks on web privacy. In: CCS ’00: proceedings of the 7th ACM conference on computer and communications security, pp 25–32. ACM, New York

Jackson C, Bortz A, Boneh D, Mitchell JC (2006) Protecting browser state from web privacy attacks. In: Proceedings of the 15th international conference on World Wide Web. WWW ’06, pp 737–744. ACM, New York

Janc A, Olejnik L (2013). What the internet knows about you. http://www.wtikay.com/. Accessed 20 Sept 2011

Janc A, Olejnik L (2010) Web browser history detection as a real-world privacy threat. In: ESORICS, pp 215–231

10.

Jang D, Jhala R, Lerner S, Shacham H (2010) An empirical study of privacy-violating information flows in JavaScript Web applications. In: Keromytis A, Shmatikov V (eds) Proceedings of CCS 2010. ACM, New York, pp 270–83

11.

Krishnamurthy B, Wills C (2009) Privacy diffusion on the web: a longitudinal perspective. In: Proceedings of the 18th international conference on World Wide Web. WWW ’09, pp 541–550. ACM, New York

12.

Krishnan S, Monrose F (2010) DNS prefetching and its privacy implications: when good things go bad. In: Proceedings of the 3rd USENIX conference on large-scale exploits and emergent threats: botnets, spyware, worms, and more. LEET’10, pp 10–10. USENIX Association, Berkeley

13.

Miller B (1994) Vital signs of identity. IEEE Spectr 31:22–30CrossRef

14.

Moskovitch R, Feher C, Messerman A, Kirschnick N, Mustafic T, Camtepe A, Löhlein B, Heister U, Möller S, Rokach L, Elovici Y (2009) Identity theft, computers and behavioral biometrics. In: Proceedings of the 2009 IEEE international conference on intelligence and security informatics. ISI’09, pp 155–160. IEEE, Piscataway

15.

Mowery K, Bogenreif D, Yilek S, Shacham H (2011) Fingerprinting information in JavaScript implementations. In: Proceedings of W2SP 2011. IEEE Computer Society

16.

Olejnik L, Castelluccia C (2013) Towards web-based biometric systems using personal browsing interests. In: 8th international conference on availability, reliability and security. Regensburg, Germany

17.

Quantcast (2013) Quantcast. http://www.quantcast.com/. Accessed 10 Feb 2009

18.

Trendmicro (2013) Trend micro site safety center. http://global.sitesafety.trendmicro.com. Accessed 26 Oct 2011

19.

W3Schools (2013) Browser stats. W3schools online web tutorials [as of 2012]. www.w3schools.com/browsers/browsers_stats.asp. Accessed 01 March 2012

20.

Weinberg Z, Chen EY, Jayaraman PR, Jackson C (2011) I still know what you visited last summer: leaking browsing history via user interaction and side channel attacks. In: Proceedings of the 2011 IEEE symposium on security and privacy. SP ’11, pp 147–161. IEEE Computer Society, Washington

21.

Wills CE, Mikhailov M, Shang H (2003) Inferring relative popularity of internet applications by actively querying DNS caches. In: Proceedings of the 3rd ACM SIGCOMM conference on internet measurement. IMC ’03, pp 78–90. ACM, New York

22.

Wondracek G, Holz T, Kirda E, Kruegel C (2010) A practical attack to de-anonymize social network users. In: IEEE security and privacy. Oakland

23.

Yampolskiy RV, Govindaraju V (2008) Behavioural biometrics: a survey and classification. Int J Biometrics 1:81–113CrossRef

24.

Yen T-F, Huang X, Monrose F, Reiter MK (2009) Browser fingerprinting from coarse traffic summaries: techniques and implications. In: Proceedings of the 6th international conference on detection of intrusions and malware, and vulnerability assessment. DIMVA ’09, pp 157–175. Springer, Berlin

25.

Yen T-F, Xie Y, Yu F, Yu RP, Abadi M (2012) Host fingerprinting and tracking on the web: privacy and security implications. In: 19th annual network and distributed system security symposium (NDSS) 2012, Internet Society

26.

Zalewski M (2009) Browser security handbook, part 2. http://code.google.com/p/browsersec/wiki/Part2. Accessed 17 Sept 2008

Titel: On the uniqueness of Web browsing history patterns
verfasst von: Lukasz Olejnik
Claude Castelluccia
Artur Janc
Publikationsdatum: 01.02.2014
Verlag: Springer Paris
Erschienen in: Annals of Telecommunications / Ausgabe 1-2/2014
Print ISSN: 0003-4347
Elektronische ISSN: 1958-9395
DOI: https://doi.org/10.1007/s12243-013-0392-5

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 1-2/2014

Privacy-aware electronic society

Privacy concerns in assisted living technologies

Human perception-based distributed architecture for scalable video conferencing services: theoretical models and performance

An efficient channelizer tree for portable software defined radios

PriMa: a comprehensive approach to privacy protection in social network sites

Video viewing: do auditory salient events capture visual attention?

Premium Partner