Web Tracking: Mechanisms, Implications, and Defenses

This articles surveys the existing literature on the methods currently used by web services to track the user online as well as their purposes, implications, and possible user's defenses. A significant majority of reviewed articles and web resources are from years 2012-2014. Privacy seems to be the Achilles' heel of today's web. Web services make continuous efforts to obtain as much information as they can about the things we search, the sites we visit, the people with who we contact, and the products we buy. Tracking is usually performed for commercial purposes. We present 5 main groups of methods used for user tracking, which are based on sessions, client storage, client cache, fingerprinting, or yet other approaches. A special focus is placed on mechanisms that use web caches, operational caches, and fingerprinting, as they are usually very rich in terms of using various creative methodologies. We also show how the users can be identified on the web and associated with their real names, e-mail addresses, phone numbers, or even street addresses. We show why tracking is being used and its possible implications for the users (price discrimination, assessing financial credibility, determining insurance coverage, government surveillance, and identity theft). For each of the tracking methods, we present possible defenses. Apart from describing the methods and tools used for keeping the personal data away from being tracked, we also present several tools that were used for research purposes - their main goal is to discover how and by which entity the users are being tracked on their desktop computers or smartphones, provide this information to the users, and visualize it in an accessible and easy to follow way. Finally, we present the currently proposed future approaches to track the user and show that they can potentially pose significant threats to the users' privacy.Comment: 29 pages, 212 reference

Locational wireless and social media-based surveillance

The number of smartphones and tablets as well as the volume of traffic generated by these devices has been growing constantly over the past decade and this growth is predicted to continue at an increasing rate over the next five years. Numerous native features built into contemporary smart devices enable highly accurate digital fingerprinting techniques. Furthermore, software developers have been taking advantage of locational capabilities of these devices by building applications and social media services that enable convenient sharing of information tied to geographical locations. Mass online sharing resulted in a large volume of locational and personal data being publicly available for extraction. A number of researchers have used this opportunity to design and build tools for a variety of uses – both respectable and nefarious. Furthermore, due to the peculiarities of the IEEE 802.11 specification, wireless-enabled smart devices disclose a number of attributes, which can be observed via passive monitoring. These attributes coupled with the information that can be extracted using social media APIs present an opportunity for research into locational surveillance, device fingerprinting and device user identification techniques. This paper presents an in-progress research study and details the findings to date

Creating a Better Browser Fingerprint

Web browser fingerprinting is used to analyze client behavior through retrieval of browser attributes unique to the user’s browser, network and hardware profile. Third-party trackers are prevalent on the top Alexa sites and use JavaScript to retrieve and store user machine information in a stateless fashion. Stateless fingerprinting is performed through acquisition of client machine specifiers through an embedded JavaScript, which then forwards the information to a server. The client information is purportedly used to provide tailored advertising and enhance the browsing experience. However, the depth of captured client information often extends into the realm of personally identifiable information. The user is often unaware of privacy issues and how their information is disseminated for profit, or the risk of such data being used by hackers to exploit divulged vulnerabilities. We review fingerprinting techniques from previous works that delineate seminal methods and countermeasures, and present a novel fingerprinting JavaScript that measure over 200 Windows and Navigator object properties. The results reveal new parameters that can be used to generate unique user identifiers, and accurately track individual browsing behavior. These findings may be used by developers of anti-tracking software to improve efficacy and preserve individual privacy

An Analysis of various web tracking methods

The accurate tracking of web clients has historically been a difficult problem. Accurate tracking can be used to monitor the activity of attackers which would otherwise be anonymous. Since HTTP is a stateless protocol, there is no built-in method for tracking clients. Many methods have been developed for this purpose; however they primarily rely on the cooperation of the client and are limited to the current session and are not designed to track a client long-term or through different environments. This paper takes an in-depth look at the most popular methods of tracking web users and how well they preserve information when a client attempts to remove them. Each method is evaluated based on the amount of unique information they provide and how easy a client can defeat the method. The tracking methods are then combined using a profiling algorithm to correlate all of the available information into a single profile. The algorithm is designed with different weights for each method, allowing for environmental flexibility. Test results demonstrate that this approach accurately determines the correct profile for a client in situations where the individual methods alone could not

Digital lifecycles and file types: final report

The Rights and Rewards in Blended Institutional Repositories Project is funded by the Joint Information Systems Committee (JISC) under the Digital Repositories Programme. This represents a cooperative venture between the Department of Information Science (DIS), the Engineering Centre for Excellence in Teaching and Learning (engCETL) and the University Library. The two year project aims to establish a single Blended repository to meet the teaching and research needs of this institution. It will address the motivational issues facing depositors of teaching materials with a focus on the associated Rights and Rewards. This digital lifecycles study will identify the most appropriate materials for submission to the project’s demonstrator repository. This takes into account factors like: granularity, persistence and multimedia types that can be supported for both teaching and research materials. It also documents the existing lifecycles of these items and the tools and specifications needed within a repository frameworks to support these lifecycles. For example, it will identify appropriate granularity of teaching resources and appropriate methods for content packaging. The results of the study will help to identify which types of files are currently in use, which formats should be supported by the repository system ultimately selected for the demonstrator repository. This information is likely to be of benefit to other projects and institutions in the process of setting up an Institutional Repository (IR)