52 research outputs found
Investigation of formation variation of portal vein with multidetector computed tomography
Background: To determine the types, frequency and clinical implications of formation of variations of portal vein with routine abdominal multi detector CT.Methods: MDCT images of 265 patients without any pathology were evaluated. Types and frequencies of formation variations of portal vein were determined.Results: Portail vein formation variations were observed in 186 (70.15%) of our study population. Normal portal vein was detected in 79 (29.8%) images. These variations were classified according to frequency. Normal anatomic structure was determined as type 1. Type 1 was observed in 79 (29.8%) images. As type 2 variation, left gastric vein flows into splenic vein instead of portal vein (60.75%). The type 3 of portal vein variation as uniting of superior mesenteric vein, inferior mesenteric vein and splenic vein at the same trunk to form portal vein was determined 9.43%.Conclusions: This study, which was performed to determine the anatomical variations of portail vein, makes the type 2 variation rate higher than the other studies. This information is different from the classical anatomy information. In addition, we are able to make the radiologists and surgeons highly capable of both recognition and functionality of the results
Privacy Policies over Time: Curation and Analysis of a Million-Document Dataset
Automated analysis of privacy policies has proved a fruitful research
direction, with developments such as automated policy summarization, question
answering systems, and compliance detection. Prior research has been limited to
analysis of privacy policies from a single point in time or from short spans of
time, as researchers did not have access to a large-scale, longitudinal,
curated dataset. To address this gap, we developed a crawler that discovers,
downloads, and extracts archived privacy policies from the Internet Archive's
Wayback Machine. Using the crawler and following a series of validation and
quality control steps, we curated a dataset of 1,071,488 English language
privacy policies, spanning over two decades and over 130,000 distinct websites.
Our analyses of the data paint a troubling picture of the transparency and
accessibility of privacy policies. By comparing the occurrence of
tracking-related terminology in our dataset to prior web privacy measurements,
we find that privacy policies have consistently failed to disclose the presence
of common tracking technologies and third parties. We also find that over the
last twenty years privacy policies have become even more difficult to read,
doubling in length and increasing a full grade in the median reading level. Our
data indicate that self-regulation for first-party websites has stagnated,
while self-regulation for third parties has increased but is dominated by
online advertising trade associations. Finally, we contribute to the literature
on privacy regulation by demonstrating the historic impact of the GDPR on
privacy policies.Comment: 16 pages, 13 figures, public datase
The leaking battery: A privacy analysis of the HTML5 Battery Status API
We highlight the privacy risks associated with the HTML5 Battery Status API. We put special focus on its implementation in the Firefox browser. Our study shows that websites can discover the capacity of users’ batteries by exploiting the high precision readouts provided by Firefox on Linux. The capacity of the battery, as well as its level, expose a fingerprintable surface that can be used to track web users in short time intervals. Our analysis shows that the risk is much higher for old or used batteries with reduced capacities, as the battery capacity may potentially serve as a tracking identifier. The fingerprintable surface of the API could be drastically reduced without any loss in the API’s functionality by reducing the precision of the readings. We propose minor modifications to Battery Status API and its implementation in the Firefox browser to address the privacy issues presented in the study. Our bug report for Firefox was accepted and a fix is deployed
Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites
Dark patterns are user interface design choices that benefit an online
service by coercing, steering, or deceiving users into making unintended and
potentially harmful decisions. We present automated techniques that enable
experts to identify dark patterns on a large set of websites. Using these
techniques, we study shopping websites, which often use dark patterns to
influence users into making more purchases or disclosing more information than
they would otherwise. Analyzing ~53K product pages from ~11K shopping websites,
we discover 1,818 dark pattern instances, together representing 15 types and 7
broader categories. We examine these dark patterns for deceptive practices, and
find 183 websites that engage in such practices. We also uncover 22 third-party
entities that offer dark patterns as a turnkey solution. Finally, we develop a
taxonomy of dark pattern characteristics that describes the underlying
influence of the dark patterns and their potential harm on user
decision-making. Based on our findings, we make recommendations for
stakeholders including researchers and regulators to study, mitigate, and
minimize the use of these patterns.Comment: 32 pages, 11 figures, ACM Conference on Computer-Supported
Cooperative Work and Social Computing (CSCW 2019
No boundaries: data exfiltration by third parties embedded on web pages
We investigate data exfiltration by third-party scripts directly embedded on web pages. Specifically, we study three attacks: misuse of browsers’ internal login managers, social data exfiltration, and whole-DOM exfiltration. Although the possibility of these attacks was well known, we provide the first empirical evidence based on measurements of 300,000 distinct web pages from 50,000 sites. We extend OpenWPM’s instrumentation to detect and precisely attribute these attacks to specific third-party scripts. Our analysis reveals invasive practices such as inserting invisible login forms to trigger autofilling of the saved user credentials, and reading and exfiltrating social network data when the user logs in via Facebook login. Further, we uncovered password, credit card, and health data leaks to third parties due to wholesale collection of the DOM. We discuss the lessons learned from the responses to the initial disclosure of our findings and fixes that were deployed by the websites, browser vendors, third-party libraries and privacy protection tools
Leaky Birds: Exploiting Mobile Application Traffic for Surveillance
© International Financial Cryptography Association 2017. Over the last decade, mobile devices and mobile applications have become pervasive in their usage. Although many privacy risks associated with mobile applications have been investigated, prior work mainly focuses on the collection of user information by application developers and advertisers. Inspired by the Snowden revelations, we study the ways mobile applications enable mass surveillance by sending unique identifiers over unencrypted connections. Applying passive network fingerprinting, we show how a passive network adversary can improve his ability to target mobile users’ traffic. Our results are based on a large-scale automated study of mobile application network traffic. The framework we developed for this study downloads and runs mobile applications, captures their network traffic and automatically detects identifiers that are sent in the clear. Our findings show that a global adversary can link 57% of a user’s unencrypted mobile traffic. Evaluating two countermeasures available to privacy aware mobile users, we find their effectiveness to be very limited against identifier leakage.status: publishe
- …