Cargando…

Web Browser History Detection as a Real-World Privacy Threat

Web browser history detection using CSS $visited$ styles has long been dismissed as an issue of marginal impact. However, due to recent changes in Web usage patterns, coupled with browser performance improvements, the long-standing issue has now become a significant threat to the privacy of Internet...

Descripción completa

Detalles Bibliográficos
Autores principales: Janc, A, Olejnik, L
Lenguaje:eng
Publicado: 2010
Materias:
Acceso en línea:http://cds.cern.ch/record/1293097
_version_ 1780920820213743616
author Janc, A
Olejnik, L
author_facet Janc, A
Olejnik, L
author_sort Janc, A
collection CERN
description Web browser history detection using CSS $visited$ styles has long been dismissed as an issue of marginal impact. However, due to recent changes in Web usage patterns, coupled with browser performance improvements, the long-standing issue has now become a significant threat to the privacy of Internet users. In this paper we analyze the impact of CSS-based history detection and demonstrate the feasibility of conducting practical attacks with minimal resources. We analyze Web browser behavior and detectability of content loaded via standard protocols and with various HTTP response codes. We develop an algorithm for efficient examination of large link sets and evaluate its performance in modern browsers. Compared to existing methods our approach is up to 6 times faster, and is able to detect up to 30,000 visited links per second. We present a novel Web application capable of effectively detecting clients’ browsing histories and discuss real-world results obtained from 271,576 Internet users. Our results indicate that at least 76%of Internet users are vulnerable to history detection, including over 94% of Google Chrome users, for a test of most popular Internet websites we were able to detect, on average, 62.6 (median 22) visited locations per client. We also demonstrate the potential to profile users based on social news stories they visited, and to detect private data such as zip codes or search queries typed into online fo rms.
id cern-1293097
institution Organización Europea para la Investigación Nuclear
language eng
publishDate 2010
record_format invenio
spelling cern-12930972019-09-30T06:29:59Zhttp://cds.cern.ch/record/1293097engJanc, AOlejnik, LWeb Browser History Detection as a Real-World Privacy ThreatComputing and ComputersWeb browser history detection using CSS $visited$ styles has long been dismissed as an issue of marginal impact. However, due to recent changes in Web usage patterns, coupled with browser performance improvements, the long-standing issue has now become a significant threat to the privacy of Internet users. In this paper we analyze the impact of CSS-based history detection and demonstrate the feasibility of conducting practical attacks with minimal resources. We analyze Web browser behavior and detectability of content loaded via standard protocols and with various HTTP response codes. We develop an algorithm for efficient examination of large link sets and evaluate its performance in modern browsers. Compared to existing methods our approach is up to 6 times faster, and is able to detect up to 30,000 visited links per second. We present a novel Web application capable of effectively detecting clients’ browsing histories and discuss real-world results obtained from 271,576 Internet users. Our results indicate that at least 76%of Internet users are vulnerable to history detection, including over 94% of Google Chrome users, for a test of most popular Internet websites we were able to detect, on average, 62.6 (median 22) visited locations per client. We also demonstrate the potential to profile users based on social news stories they visited, and to detect private data such as zip codes or search queries typed into online fo rms.LHCb-PROC-2010-036CERN-LHCb-PROC-2010-036oai:cds.cern.ch:12930972010-09-21
spellingShingle Computing and Computers
Janc, A
Olejnik, L
Web Browser History Detection as a Real-World Privacy Threat
title Web Browser History Detection as a Real-World Privacy Threat
title_full Web Browser History Detection as a Real-World Privacy Threat
title_fullStr Web Browser History Detection as a Real-World Privacy Threat
title_full_unstemmed Web Browser History Detection as a Real-World Privacy Threat
title_short Web Browser History Detection as a Real-World Privacy Threat
title_sort web browser history detection as a real-world privacy threat
topic Computing and Computers
url http://cds.cern.ch/record/1293097
work_keys_str_mv AT janca webbrowserhistorydetectionasarealworldprivacythreat
AT olejnikl webbrowserhistorydetectionasarealworldprivacythreat