Skip to main content

Cookies That Give You Away: The Surveillance Implications of Web Tracking

Author(s): Englehardt, Steven; Reisman, Dillon; Eubank, Christian; Zimmerman, Peter; Mayer, Jonathan R; et al

Download
To refer to this page use: http://arks.princeton.edu/ark:/88435/pr1pr7v
Full metadata record
DC FieldValueLanguage
dc.contributor.authorEnglehardt, Steven-
dc.contributor.authorReisman, Dillon-
dc.contributor.authorEubank, Christian-
dc.contributor.authorZimmerman, Peter-
dc.contributor.authorMayer, Jonathan R-
dc.contributor.authorNarayanan, Arvind-
dc.contributor.authorFelten, Edward W-
dc.date.accessioned2021-10-08T19:44:32Z-
dc.date.available2021-10-08T19:44:32Z-
dc.date.issued2015-05en_US
dc.identifier.citationEnglehardt, Steven, Dillon Reisman, Christian Eubank, Peter Zimmerman, Jonathan R. Mayer, Arvind Narayanan, and Edward W. Felten. "Cookies That Give You Away: The Surveillance Implications of Web Tracking." In WWW '15: Proceedings of the 24th International Conference on World Wide Web (2015): pp. 289-299. doi:10.1145/2736277.2741679en_US
dc.identifier.urihttps://www.cs.princeton.edu/~arvindn/publications/cookie-surveillance-v2.pdf-
dc.identifier.urihttp://arks.princeton.edu/ark:/88435/pr1pr7v-
dc.description.abstractWe study the ability of a passive eavesdropper to leverage "third-party" HTTP tracking cookies for mass surveillance. If two web pages embed the same tracker which tags the browser with a unique cookie, then the adversary can link visits to those pages from the same user (i.e., browser instance) even if the user's IP address varies. Further, many popular websites leak a logged-in user's identity to an eavesdropper in unencrypted traffic. To evaluate the effectiveness of our attack, we introduce a methodology that combines web measurement and network measurement. Using OpenWPM, our web privacy measurement platform, we simulate users browsing the web and find that the adversary can reconstruct 62-73% of a typical user's browsing history. We then analyze the effect of the physical location of the wiretap as well as legal restrictions such as the NSA's "one-end foreign" rule. Using measurement units in various locations - Asia, Europe, and the United States - we show that foreign users are highly vulnerable to the NSA's dragnet surveillance due to the concentration of third-party trackers in the U.S. Finally, we find that some browser-based privacy tools mitigate the attack while others are largely ineffective.en_US
dc.format.extent289 - 299en_US
dc.language.isoen_USen_US
dc.relation.ispartofWWW '15: Proceedings of the 24th International Conference on World Wide Weben_US
dc.rightsAuthor's manuscripten_US
dc.titleCookies That Give You Away: The Surveillance Implications of Web Trackingen_US
dc.typeConference Articleen_US
dc.identifier.doidoi:10.1145/2736277.2741679-
pu.type.symplectichttp://www.symplectic.co.uk/publications/atom-terms/1.0/conference-proceedingen_US

Files in This Item:
File Description SizeFormat 
WebTrackingSurveillance.pdf353.31 kBAdobe PDFView/Download


Items in OAR@Princeton are protected by copyright, with all rights reserved, unless otherwise indicated.