Abstract
Since the beginning of the web, users have been worried about usability but not always about security or privacy. Nowadays people are starting to realize that sometimes it is important to protect their privacy not only in real life, but also in the virtual world. This paper analyzes the current privacy debate surrounding online web tracking and explains the most relevant techniques and defenses. It also presents the different companies involved and related standards and regulations.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Stevenson, A.: Oxford Dictionary of English. OUP, Oxford (2010)
Milanovic, M.: Human rights treaties and foreign surveillance: privacy in the digital age. Harvard Int. L. J. (Forthcoming) (2014)
Bernal, P.: Internet Privacy Rights: Rights to Protect Autonomy, vol. 24. Cambridge University Press, Cambridge (2014)
Squicciarini, A.C., Paci, F., Sundareswaran, S.: Prima: a comprehensive approach to privacy protection in social network sites. Annals of telecommunications-annales des télécommunications 69(1–2), 21–36 (2014)
Wang, Y., Nepali, R.K., Nikolai, J.: Social network privacy measurement and simulation. In: International Conference on Computing, Networking and Communications (ICNC), pp. 802–806. IEEE (2014)
Cecere, G., Rochelandet, F.: Privacy intrusiveness and web audiences: empirical evidence. Telecommun. Policy 37(10), 1004–1014 (2013)
Hayes, C.M., Kesan, J.P., Bashir, M., Hoff, K., Jeon, G.: Informed Consent and Privacy Online: A Survey. Available at SSRN 2418830 (2014)
Acar, G., Juarez, M., Nikiforakis, N., Diaz, C., Gürses, S., Piessens, F., Preneel, B.: FPDetective: dusting the web for fingerprinters. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1129–1140. ACM (2013)
Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010)
Fifield, D., Egelman, S.: Fingerprinting web users through font metrics. In: Proceedings of the 19th International Conference on Financial Cryptography and Data Security (2015)
Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS 2014) (2014)
Mowery, K., Shacham, H.: Pixel perfect: fingerprinting canvas in html5. In: Proceedings of W2SP (2012)
Ayenson, M., Wambach, D.J., Soltani, A., Good, N., Hoofnagle, C.J.: Flash cookies and privacy ii: now with html5 and etag respawning. In: Social Science Research Network (2011)
Atterer, R., Wnuk, M., Schmidt, A.: Knowing the user’s every move: user activity tracking for website usability evaluation and implicit interaction. In: Proceedings of the 15th International Conference on World Wide Web, pp. 203–212. ACM (2006)
Keromytis, A.: Darpa, active authentication program. http://www.darpa.mil/our_work/i2o/programs/active_authentication.aspx (2015)
Soltani, A., Canty, S., Mayo, Q., Thomas, L., Hoofnagle, C.J.: Flash cookies and privacy. In: AAAI Spring Symposium: Intelligent Information Privacy Management (2010)
West, W., Pulimood, S.M.: Analysis of privacy and security in html5 web storage. J. Comput. Sci. Coll. 27(3), 80–87 (2012)
Felten, E.W., Schneider, M.A.: Timing attacks on web privacy. In: Proceedings of the 7th ACM Conference on Computer and Communications Security, pp. 25–32. ACM (2000)
Focardi, R., Gorrieri, R., Lanotte, R., Maggiolo-Schettini, A., Martinelli, F., Tini, S., Tronci, E.: Formal models of timing attacks on web privacy. Electron. Notes Theor. Comput. Sci. 62, 229–243 (2002)
Weinberg, Z., Chen, E.Y., Jayaraman, P.R., Jackson, C.: I still know what you visited last summer: leaking browsing history via user interaction and side channel attacks. In: 2011 IEEE Symposium on Security and Privacy (SP), pp. 147–161. IEEE (2011)
Altaweel, I., Cabrera, J., Choi, H.S., Ho, K., Good, N., Hoofnagle, C.: Web Privacy Census: Html5 Storage Takes the Spotlight as Flash Returns (2012)
Roesner, F., Kohno, T., Wetherall, D.: Detecting and defending against third-party tracking on the web. In: Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation, pp. 12–12. NSDI’12, Berkeley, CA, USA, USENIX Association (2012)
Jang, D., Jhala, R., Lerner, S., Shacham, H.: An empirical study of privacy-violating information flows in javascript web applications. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 270–283. ACM (2010)
Narayanan, A., Mayer, J.: Do not track, universal web tracking opt out. http://donottrack.us (2011)
World Wide Web Consortium: Platform for privacy preferences (p3p) project. http://www.w3.org/P3P (2002)
Byers, S., Cranor, L.F., Kormann, D., McDaniel, P.: Searching for privacy: design and implementation of a P3P-enabled search engine. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 314–328. Springer, Heidelberg (2005)
Mayer, J.: Tracking the trackers: early results. http://cyberlaw.stanford.edu/blog/2011/07/tracking-trackers-early-results (2011)
Teltzrow, M., Kobsa, A.: Impacts of user privacy preferences on personalized systems. In: Designing Personalized User Experiences in eCommerce, pp. 315–332. Springer, Berlin (2004)
De Groef, W., Devriese, D., Nikiforakis, N., Piessens, F.: Flowfox: a web browser with flexible and precise information flow control. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 748–759. ACM (2012)
Pan, X., Cao, Y., Chen, Y.: I do not know what you visited last summer: protecting users from third-party web tracking with trackingfree browser. In: NDSS: Proceedings of the Network and Distributed System Security Symposium (2015)
Hedin, D., Birgisson, A., Bello, L., Sabelfeld, A.: Jsflow: Tracking information flow in javascript and its APIs. In: Proceedings of 29th ACM Symposium on Applied Computing (2014)
Sen, K., Kalasapur, S., Brutch, T., Gibbs, S.: Jalangi: A selective record-replay and dynamic analysis framework for javascript. In: Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, pp. 488–498. ACM (2013)
Chugh, R., Meister, J.A., Jhala, R., Lerner, S.: Staged information flow for javascript. In: ACM Sigplan Notices, vol. 44, pp. 50–62. ACM (2009)
Aggarwal, G., Bursztein, E., Jackson, C., Boneh, D.: An analysis of private browsing modes in modern browsers. In: USENIX Security Symposium, pp. 79–94 (2010)
Nikiforakis, N., Kapravelos, A., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: Cookieless monster: exploring the ecosystem of web-based device fingerprinting. In: 2013 IEEE Symposium on Security and privacy (SP), pp. 541–555. IEEE (2013)
Mayer, J.R., Mitchell, J.C.: Third-party web tracking: policy and technology. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 413–427. IEEE (2012)
Goldfarb, A., Tucker, C.E.: Privacy regulation and online advertising. Manag. Sci. 57(1), 57–71 (2011)
Federal Trade Commission: Protecting consumer privacy in an era of rapid change: recommendations for businesses and policymakers. https://www.ftc.gov/reports/protecting-consumer-privacy-era-rapid-change-recommendations-businesses-policymakers (2012)
Federal Trade Commission: Protecting consumer privacy in an era of rapid change, a proposed framework for businesses and policymakers. https://www.ftc.gov/reports/preliminary-ftc-staff-report-protecting-consumer-privacy-era-rapid-change-proposed-framework (2010)
European Parliament: Directive 2002/58/ec. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:en:HTML (2002)
Article 29 Data Protection Working Party: Opinion 04/2012 on cookie consent exemption. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf (2012)
Article 29 Data Protection Working Party: Opinion 9/2014 on the application of directive 2002/58/ec to device fingerprinting. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp224_en.pdf (2014)
Digital Advertising Alliance: Self-regulatory principles for online behavioral advertising, behavioral advertising. http://www.aboutads.info/resource/download/seven-principles-07-01-09.pdf (2009)
Digital Advertising Alliance: Self-regulatory principles for multi-site data. http://www.aboutads.info/resource/download/Multi-Site-Data-Principles.pdf (2011)
Acknowledgments
This research was partially supported by the Basque Government under the pre-doctoral grants given to Iskander Sánchez-Rola and Xabier Ugarte-Pedrero.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Sánchez-Rola, I., Ugarte-Pedrero, X., Santos, I., Bringas, P.G. (2015). Tracking Users Like There is No Tomorrow: Privacy on the Current Internet. In: Herrero, Á., Baruque, B., Sedano, J., Quintián, H., Corchado, E. (eds) International Joint Conference. CISIS 2015. Advances in Intelligent Systems and Computing, vol 369. Springer, Cham. https://doi.org/10.1007/978-3-319-19713-5_41
Download citation
DOI: https://doi.org/10.1007/978-3-319-19713-5_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19712-8
Online ISBN: 978-3-319-19713-5
eBook Packages: EngineeringEngineering (R0)