Beyond the Front Page: Measuring Third Party Dynamics in the Field

In the modern Web, service providers often rely heavily on third parties to run their services. For example, they make use of ad networks to finance their services, externally hosted libraries to develop features quickly, and analytics providers to gain insights into visitor behavior. For security and privacy, website owners need to be aware of the content they provide their users. However, in reality, they often do not know which third parties are embedded, for example, when these third parties request additional content as it is common in real-time ad auctions. In this paper, we present a large-scale measurement study to analyze the magnitude of these new challenges. To better reflect the connectedness of third parties, we measured their relations in a model we call third party trees, which reflects an approximation of the loading dependencies of all third parties embedded into a given website. Using this concept, we show that including a single third party can lead to subsequent requests from up to eight additional services. Furthermore, our findings indicate that the third parties embedded on a page load are not always deterministic, as 50% of the branches in the third party trees change between repeated visits. In addition, we found that 93% of the analyzed websites embedded third parties that are located in regions that might not be in line with the current legal framework. Our study also replicates previous work that mostly focused on landing pages of websites. We show that this method is only able to measure a lower bound as subsites show a significant increase of privacy-invasive techniques. For example, our results show an increase of used cookies by about 36% when crawling websites more deeply

Safety and efficacy of stenting for aortic arch hypoplasia in patients with coarctation of the aorta

BACKGROUND: Despite a successful repair procedure for coarctation of the aorta (CoA), up to two-thirds of patients remain hypertensive. CoA is often seen in combination with abnormal aortic arch anatomy and morphology. This might be a substrate for persistent hypertension. Therefore, we performed endovascular aortic arch stent placement in patients with CoA and concomitant aortic arch hypoplasia or gothic arch morphology. The goal of this retrospective analysis was to investigate the safety and efficacy of aortic arch stenting. METHODS: A retrospective analysis was performed in patients who underwent stenting of the aortic arch at the University Medical Center Utrecht. Measurements collected included office blood pressure, use of antihypertensive medication, invasive peak-to-peak systolic pressure over the arch, and aortic diameters on three-dimensional angiography. Data on follow-up were obtained at the date of most recent outpatient visit. RESULTS: Twelve patients underwent stenting of the aortic arch. Mean follow-up duration was 14 ± 11 months. Mean peak-to-peak gradient across the arch decreased from 39 ± 13 mm Hg to 7 ± 8 mm Hg directly after stenting (p < 0.001). There were no major procedural complications. Mean systolic blood pressure decreased from 145 ± 16 mm Hg at baseline to 128 ± 9 mm Hg at latest follow-up (p = 0.014). CONCLUSION: This retrospective study shows that stenting of the aortic arch is successful when carried out in a state-of-the-art manner. A direct optimal angiographic and haemodynamic result was shown. No major complications occurred during or after the procedure. At short- to medium-term follow-up a decrease in mean systolic blood pressure was observed

Who left open the cookie jar? A comprehensive evaluation of third-party cookie policies

Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. Although protected by the Same Origin Policy, popular browsers include cookies in all requests, even when these are cross-site. Unfortunately, these third-party cookies enable both cross-site attacks and third-party tracking. As a response to these nefarious consequences, various countermeasures have been developed in the form of browser extensions or even protection mechanisms that are built directly into the browser. In this paper, we evaluate the effectiveness of these defense mechanisms by leveraging a framework that automatically evaluates the enforcement of the policies imposed to third-party requests. By applying our framework, which generates a comprehensive set of test cases covering various web mechanisms, we identify several flaws in the policy implementations of the 7 browsers and 46 browser extensions that were evaluated. We find that even built-in protection mechanisms can be circumvented by multiple novel techniques we discover. Based on these results, we argue that our proposed framework is a much-needed tool to detect bypasses and evaluate solutions to the exposed leaks. Finally, we analyze the origin of the identified bypass techniques, and find that these are due to a variety of implementation, configuration and design flaws.status: Published onlin

Reading between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading Systems

status: publishe