5 research outputs found
Beyond the Front Page: Measuring Third Party Dynamics in the Field
In the modern Web, service providers often rely heavily on third parties to
run their services. For example, they make use of ad networks to finance their
services, externally hosted libraries to develop features quickly, and
analytics providers to gain insights into visitor behavior.
For security and privacy, website owners need to be aware of the content they
provide their users. However, in reality, they often do not know which third
parties are embedded, for example, when these third parties request additional
content as it is common in real-time ad auctions.
In this paper, we present a large-scale measurement study to analyze the
magnitude of these new challenges. To better reflect the connectedness of third
parties, we measured their relations in a model we call third party trees,
which reflects an approximation of the loading dependencies of all third
parties embedded into a given website. Using this concept, we show that
including a single third party can lead to subsequent requests from up to eight
additional services. Furthermore, our findings indicate that the third parties
embedded on a page load are not always deterministic, as 50% of the branches in
the third party trees change between repeated visits. In addition, we found
that 93% of the analyzed websites embedded third parties that are located in
regions that might not be in line with the current legal framework. Our study
also replicates previous work that mostly focused on landing pages of websites.
We show that this method is only able to measure a lower bound as subsites show
a significant increase of privacy-invasive techniques. For example, our results
show an increase of used cookies by about 36% when crawling websites more
deeply
Safety and efficacy of stenting for aortic arch hypoplasia in patients with coarctation of the aorta
BACKGROUND: Despite a successful repair procedure for coarctation of the aorta (CoA), up to two-thirds of patients remain hypertensive. CoA is often seen in combination with abnormal aortic arch anatomy and morphology. This might be a substrate for persistent hypertension. Therefore, we performed endovascular aortic arch stent placement in patients with CoA and concomitant aortic arch hypoplasia or gothic arch morphology. The goal of this retrospective analysis was to investigate the safety and efficacy of aortic arch stenting. METHODS: A retrospective analysis was performed in patients who underwent stenting of the aortic arch at the University Medical Center Utrecht. Measurements collected included office blood pressure, use of antihypertensive medication, invasive peak-to-peak systolic pressure over the arch, and aortic diameters on three-dimensional angiography. Data on follow-up were obtained at the date of most recent outpatient visit. RESULTS: Twelve patients underwent stenting of the aortic arch. Mean follow-up duration was 14 ± 11 months. Mean peak-to-peak gradient across the arch decreased from 39 ± 13 mm Hg to 7 ± 8 mm Hg directly after stenting (p < 0.001). There were no major procedural complications. Mean systolic blood pressure decreased from 145 ± 16 mm Hg at baseline to 128 ± 9 mm Hg at latest follow-up (p = 0.014). CONCLUSION: This retrospective study shows that stenting of the aortic arch is successful when carried out in a state-of-the-art manner. A direct optimal angiographic and haemodynamic result was shown. No major complications occurred during or after the procedure. At short- to medium-term follow-up a decrease in mean systolic blood pressure was observed
Who left open the cookie jar? A comprehensive evaluation of third-party cookie policies
Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. Although protected by the Same Origin Policy, popular browsers include cookies in all requests, even when these are cross-site. Unfortunately, these third-party cookies enable both cross-site attacks and third-party tracking. As a response to these nefarious consequences, various countermeasures have been developed in the form of browser extensions or even protection mechanisms that are built directly into the browser.
In this paper, we evaluate the effectiveness of these defense mechanisms by leveraging a framework that automatically evaluates the enforcement of the policies imposed to third-party requests. By applying our framework, which generates a comprehensive set of test cases covering various web mechanisms, we identify several flaws in the policy implementations of the 7 browsers and 46 browser extensions that were evaluated. We find that even built-in protection mechanisms can be circumvented by multiple novel techniques we discover. Based on these results, we argue that our proposed framework is a much-needed tool to detect bypasses and evaluate solutions to the exposed leaks. Finally, we analyze the origin of the identified bypass techniques, and find that these are due to a variety of implementation, configuration and design flaws.status: Published onlin