Zubair Ahmad, Stefano Calzavara, Samuele Casarin, Ben Stock
{"title":"Information flow control for comparative privacy analyses","authors":"Zubair Ahmad, Stefano Calzavara, Samuele Casarin, Ben Stock","doi":"10.1007/s10207-024-00886-0","DOIUrl":null,"url":null,"abstract":"<p>The prevalence of web tracking and its key characteristics have been extensively investigated by the research community by means of large-scale web measurements. Most such measurements however are limited to the choice of a specific client used for data collection, which is insufficient to characterize the relative privacy guarantees offered by the adoption of different clients to access the Web. Recent work on <i>comparative</i> privacy analyses involving multiple clients is still preliminary and relies on relatively simple heuristics to detect web tracking based on the inspection of HTTP requests, cookies and API usage. In this paper, we propose a more sophisticated methodology based on information flow tracking, which is better suited for the complexity of comparing tracking behavior observed in different clients. After clarifying the key challenges of comparative privacy analyses, we apply our methodology to investigate web tracking practices on the top 10k websites from Tranco as observed by different clients, i.e., Firefox and Brave, under different configuration settings. Our analysis estimates information flow reduction to quantify the privacy benefits offered by the filter lists implemented in Firefox and Brave, as well as the effectiveness of their partitioned storage mechanism against cross-site tracking.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"23 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-07-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00886-0","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
The prevalence of web tracking and its key characteristics have been extensively investigated by the research community by means of large-scale web measurements. Most such measurements however are limited to the choice of a specific client used for data collection, which is insufficient to characterize the relative privacy guarantees offered by the adoption of different clients to access the Web. Recent work on comparative privacy analyses involving multiple clients is still preliminary and relies on relatively simple heuristics to detect web tracking based on the inspection of HTTP requests, cookies and API usage. In this paper, we propose a more sophisticated methodology based on information flow tracking, which is better suited for the complexity of comparing tracking behavior observed in different clients. After clarifying the key challenges of comparative privacy analyses, we apply our methodology to investigate web tracking practices on the top 10k websites from Tranco as observed by different clients, i.e., Firefox and Brave, under different configuration settings. Our analysis estimates information flow reduction to quantify the privacy benefits offered by the filter lists implemented in Firefox and Brave, as well as the effectiveness of their partitioned storage mechanism against cross-site tracking.
期刊介绍:
The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation.
Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.