| Skip to main content | Skip to navigation |

Register Now!

Protecting Browser State from Web Privacy Attacks

  • Collin Jackson, Stanford University, USA
  • Andrew Bortz, Stanford University, USA
  • Dan Boneh, Stanford University, USA
  • John C Mitchell, Stanford University, USA

Full text:

Presentation Slides:

Track: Security, Privacy, and Ethics

Through a variety of means, including a range of browser cache methods and inspecting the color of a visited hyperlink, client-side browser state can be exploited to track users against their wishes. This tracking is possible because persistent, client-side browser state is not properly partitioned on per-site basis in current browsers. We address this problem by refining the general notion of a "same-origin" policy and implementing two browser extensions that enforce this policy on the browser cache and visited links.

We also analyze various degrees of cooperation between sites to track users, and show that even if long-term browser state is properly partitioned, it is still possible for sites to use modern web features to bounce users between sites and invisibly engage in cross-domain tracking of their visitors. Cooperative privacy attacks are an unavoidable consequence of all persistent browser state that affects the behavior of the browser, and disabling or frequently expiring this state is the only way to achieve true privacy against colluding parties.

Citation

Jackson, C., Bortz, A., Boneh, D., and Mitchell, J. C. 2006. Protecting browser state from web privacy attacks. In Proceedings of the 15th International Conference on World Wide Web (Edinburgh, Scotland, May 23 - 26, 2006). WWW '06. ACM Press, New York, NY, 737-744.
DOI= http://doi.acm.org/10.1145/1135777.1135855

Citation

Jackson, C., Bortz, A., Boneh, D., and Mitchell, J. C. 2006. Protecting browser state from web privacy attacks. In Proceedings of the 15th International Conference on World Wide Web (Edinburgh, Scotland, May 23 - 26, 2006). WWW '06. ACM Press, New York, NY, 737-744.
DOI= http://doi.acm.org/10.1145/1135777.1135884

Organised by

ECS Logo

in association with

BCS Logo ACM Logo

Platinum Sponsors

Sponsor of The CIO Dinner


Become a sponsor or exhibitor
Valid XHTML 1.0! IFIP logo WWW Conference Committee logo Web Consortium logo Valid CSS!