2,061 research outputs found
Exploring the protection of private browsing in desktop browsers
Desktop browsers have introduced private browsing mode, a security control which aims to protect users’ data that are generated during a private browsing session, by not storing
them in the file system. As the Internet becomes ubiquitous, the existence of this security control is beneficial to users,since privacy violations are increasing, while users tend to be more concerned about their privacy when browsing the web in a post-Snowden era.
In this context, this work examines the protection that is offered by the private browsing mode of the most popular
desktop browsers in Windows (i.e.,Chrome, Firefox, IE and Opera).Our experiments uncover occasions in which even if
users browse the web with a private session,privacy violations exist contrary to what is documented by the browser.To raise the bar of privacy protection that is offered by web browsers,we propose the use of a virtual filesystem as the storage medium of browsers’ cache data.
We demonstrate with a case study how this countermeasure protects users from the privacy violations, which are previously identified in this work
Evaluating the End-User Experience of Private Browsing Mode
Nowadays, all major web browsers have a private browsing mode. However, the
mode's benefits and limitations are not particularly understood. Through the
use of survey studies, prior work has found that most users are either unaware
of private browsing or do not use it. Further, those who do use private
browsing generally have misconceptions about what protection it provides.
However, prior work has not investigated \emph{why} users misunderstand the
benefits and limitations of private browsing. In this work, we do so by
designing and conducting a three-part study: (1) an analytical approach
combining cognitive walkthrough and heuristic evaluation to inspect the user
interface of private mode in different browsers; (2) a qualitative,
interview-based study to explore users' mental models of private browsing and
its security goals; (3) a participatory design study to investigate why
existing browser disclosures, the in-browser explanations of private browsing
mode, do not communicate the security goals of private browsing to users.
Participants critiqued the browser disclosures of three web browsers: Brave,
Firefox, and Google Chrome, and then designed new ones. We find that the user
interface of private mode in different web browsers violates several
well-established design guidelines and heuristics. Further, most participants
had incorrect mental models of private browsing, influencing their
understanding and usage of private mode. Additionally, we find that existing
browser disclosures are not only vague, but also misleading. None of the three
studied browser disclosures communicates or explains the primary security goal
of private browsing. Drawing from the results of our user study, we extract a
set of design recommendations that we encourage browser designers to validate,
in order to design more effective and informative browser disclosures related
to private mode
Web Tracking: Mechanisms, Implications, and Defenses
This articles surveys the existing literature on the methods currently used
by web services to track the user online as well as their purposes,
implications, and possible user's defenses. A significant majority of reviewed
articles and web resources are from years 2012-2014. Privacy seems to be the
Achilles' heel of today's web. Web services make continuous efforts to obtain
as much information as they can about the things we search, the sites we visit,
the people with who we contact, and the products we buy. Tracking is usually
performed for commercial purposes. We present 5 main groups of methods used for
user tracking, which are based on sessions, client storage, client cache,
fingerprinting, or yet other approaches. A special focus is placed on
mechanisms that use web caches, operational caches, and fingerprinting, as they
are usually very rich in terms of using various creative methodologies. We also
show how the users can be identified on the web and associated with their real
names, e-mail addresses, phone numbers, or even street addresses. We show why
tracking is being used and its possible implications for the users (price
discrimination, assessing financial credibility, determining insurance
coverage, government surveillance, and identity theft). For each of the
tracking methods, we present possible defenses. Apart from describing the
methods and tools used for keeping the personal data away from being tracked,
we also present several tools that were used for research purposes - their main
goal is to discover how and by which entity the users are being tracked on
their desktop computers or smartphones, provide this information to the users,
and visualize it in an accessible and easy to follow way. Finally, we present
the currently proposed future approaches to track the user and show that they
can potentially pose significant threats to the users' privacy.Comment: 29 pages, 212 reference
Security considerations around the usage of client-side storage APIs
Web Storage, Indexed Database API and Web SQL Database are primitives that allow web browsers to store information in the client in a much more advanced way compared to other techniques such as HTTP Cookies. They were originally introduced with the goal of enhancing the capabilities of websites, however, they are often exploited as a way of tracking users across multiple sessions and websites.
This work is divided in two parts. First, it quantifies the usage of these three primitives in the context of user tracking. This is done by performing a large-scale analysis on the usage of these techniques in the wild. The results highlight that code snippets belonging to those primitives can be found in tracking scripts at a surprising high rate, suggesting that user tracking is a major use case of these technologies.
The second part reviews of the effectiveness of the removal of client-side storage data in modern browsers. A web application, built for specifically for this study, is used to highlight that it is often extremely hard, if not impossible, for users to remove personal data stored using the three primitives considered. This finding has significant implications, because those techniques are often uses as vector for cookie resurrection
I know what you did last summer: New persistent tracking mechanisms in the wild
OAPA As the usage of the web increases, so do the threats an everyday user faces. One of the most pervasive threats a web user faces is tracking, which enables an entity to gain unauthorised access to the user’s personal data. Through the years many client storage technologies, such as cookies, have been used for this purpose and have been extensively studied in the literature. The focus of this work is on three newer client storage mechanisms, namely Web Storage, Web SQL Database and Indexed Database API. Initially, a large-scale analysis of their usage on the web is conducted to appraise their usage in the wild. Then, this work examines the extent they are used for tracking purposes. The results suggest that Web Storage is the most used among the three technologies. More importantly, to the best of our knowledge this work is the first to suggest web tracking as the main use case of these technologies. Motivated by these results, this work examines whether popular desktop and mobile browsers protect their users from tracking mechanisms that use Web Storage, Web SQL Database and Indexed Database. Our results uncover many cases where the relevant security controls are ineffective, thus making it virtually impossible for certain users to avoid tracking
How do different devices impact users' web browsing experience?
The digital world presents many interfaces, among which the desktop and mobile device platforms are dominant. Grasping the differential user experience (UX) on these devices is a critical requirement for developing user focused interfaces that can deliver enhanced satisfaction. This study specifically focuses on the user's web browsing experience while using desktop and mobile.
The thesis adopts quantitative methodology. This amalgamation presents a comprehensive understanding of the influence of device specific variables, such as loading speed, security concerns and interaction techniques, which are critically analyzed. Moreover, various UX facets including usability, user interface (UI) design, accessibility, content organization, and user satisfaction on both devices were also discussed.
Substantial differences are observed in the UX delivered by desktop and mobile devices, dictated by inherent device attributes and user behaviors. Mobile UX is often associated with personal, context sensitive use, while desktop caters more effectively to intensive, extended sessions.
A surprising revelation is the existing discrepancy between the increasing popularity of mobile devices and the persistent inability of many websites and applications to provide a satisfactory mobile UX. This issue primarily arises from the ineffective adaptation of desktop-focused designs to the mobile, underscoring the necessity for distinct, device specific strategies in UI development.
By furnishing pragmatic strategies for designing efficient, user-friendly and inclusive digital interfaces for both devices; the thesis contributes significantly to the existing body of literature. An emphasis is placed on a device-neutral approach in UX design, taking into consideration the unique capabilities and constraints of each device, thereby enriching the expanding discourse on multiservice user experience. As well as this study contributes to digital marketing and targeÂted advertising perspeÂctives
How do different devices impact users' web browsing experience?
The digital world presents many interfaces, among which the desktop and mobile device platforms are dominant. Grasping the differential user experience (UX) on these devices is a critical requirement for developing user focused interfaces that can deliver enhanced satisfaction. This study specifically focuses on the user's web browsing experience while using desktop and mobile.
The thesis adopts quantitative methodology. This amalgamation presents a comprehensive understanding of the influence of device specific variables, such as loading speed, security concerns and interaction techniques, which are critically analyzed. Moreover, various UX facets including usability, user interface (UI) design, accessibility, content organization, and user satisfaction on both devices were also discussed.
Substantial differences are observed in the UX delivered by desktop and mobile devices, dictated by inherent device attributes and user behaviors. Mobile UX is often associated with personal, context sensitive use, while desktop caters more effectively to intensive, extended sessions.
A surprising revelation is the existing discrepancy between the increasing popularity of mobile devices and the persistent inability of many websites and applications to provide a satisfactory mobile UX. This issue primarily arises from the ineffective adaptation of desktop-focused designs to the mobile, underscoring the necessity for distinct, device specific strategies in UI development.
By furnishing pragmatic strategies for designing efficient, user-friendly and inclusive digital interfaces for both devices; the thesis contributes significantly to the existing body of literature. An emphasis is placed on a device-neutral approach in UX design, taking into consideration the unique capabilities and constraints of each device, thereby enriching the expanding discourse on multiservice user experience. As well as this study contributes to digital marketing and targeÂted advertising perspeÂctives
Online advertising: analysis of privacy threats and protection approaches
Online advertising, the pillar of the “free” content on the Web, has revolutionized the marketing business in recent years by creating a myriad of new opportunities for advertisers to reach potential customers. The current advertising model builds upon an intricate infrastructure composed of a variety of intermediary entities and technologies whose main aim is to deliver personalized ads. For this purpose, a wealth of user data is collected, aggregated, processed and traded behind the scenes at an unprecedented rate. Despite the enormous value of online advertising, however, the intrusiveness and ubiquity of these practices prompt serious privacy concerns. This article surveys the online advertising infrastructure and its supporting technologies, and presents a thorough overview of the underlying privacy risks and the solutions that may mitigate them. We first analyze the threats and potential privacy attackers in this scenario of online advertising. In particular, we examine the main components of the advertising infrastructure in terms of tracking capabilities, data collection, aggregation level and privacy risk, and overview the tracking and data-sharing technologies employed by these components. Then, we conduct a comprehensive survey of the most relevant privacy mechanisms, and classify and compare them on the basis of their privacy guarantees and impact on the Web.Peer ReviewedPostprint (author's final draft
- …