Libor Polcák, Marek Salon, Giorgio Maone, Radek Hranický, Michael McMahon
{"title":"把我的浏览器还给我","authors":"Libor Polcák, Marek Salon, Giorgio Maone, Radek Hranický, Michael McMahon","doi":"10.48550/arXiv.2204.01392","DOIUrl":null,"url":null,"abstract":"The web is used daily by billions. Even so, users are not protected from many threats by default. This position paper builds on previous web privacy and security research and introduces JShelter, a webextension that fights to return the browser to users. Moreover, we introduce a library helping with common webextension development tasks and fixing loopholes misused by previous research. JShelter focuses on fingerprinting prevention, limitations of rich web APIs, prevention of attacks connected to timing, and learning information about the device, the browser, the user, and surrounding physical environment and location. We discovered a loophole in the sensor timestamps that lets any page observe the device boot time if sensor APIs are enabled in Chromium-based browsers. JShelter provides a fingerprinting report and other feedback that can be used by future security research and data protection authorities. Thousands of users around the world use the webextension every day.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"118 1","pages":"287-294"},"PeriodicalIF":0.0000,"publicationDate":"2022-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"JShelter: Give Me My Browser Back\",\"authors\":\"Libor Polcák, Marek Salon, Giorgio Maone, Radek Hranický, Michael McMahon\",\"doi\":\"10.48550/arXiv.2204.01392\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The web is used daily by billions. Even so, users are not protected from many threats by default. This position paper builds on previous web privacy and security research and introduces JShelter, a webextension that fights to return the browser to users. Moreover, we introduce a library helping with common webextension development tasks and fixing loopholes misused by previous research. JShelter focuses on fingerprinting prevention, limitations of rich web APIs, prevention of attacks connected to timing, and learning information about the device, the browser, the user, and surrounding physical environment and location. We discovered a loophole in the sensor timestamps that lets any page observe the device boot time if sensor APIs are enabled in Chromium-based browsers. JShelter provides a fingerprinting report and other feedback that can be used by future security research and data protection authorities. Thousands of users around the world use the webextension every day.\",\"PeriodicalId\":74779,\"journal\":{\"name\":\"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography\",\"volume\":\"118 1\",\"pages\":\"287-294\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-04-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.48550/arXiv.2204.01392\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.48550/arXiv.2204.01392","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The web is used daily by billions. Even so, users are not protected from many threats by default. This position paper builds on previous web privacy and security research and introduces JShelter, a webextension that fights to return the browser to users. Moreover, we introduce a library helping with common webextension development tasks and fixing loopholes misused by previous research. JShelter focuses on fingerprinting prevention, limitations of rich web APIs, prevention of attacks connected to timing, and learning information about the device, the browser, the user, and surrounding physical environment and location. We discovered a loophole in the sensor timestamps that lets any page observe the device boot time if sensor APIs are enabled in Chromium-based browsers. JShelter provides a fingerprinting report and other feedback that can be used by future security research and data protection authorities. Thousands of users around the world use the webextension every day.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
