Your search keyword '"browser extension"' showing total 161 results

51. A Browser Extension Vulnerability Detecting Approach Based on Behavior Monitoring and Analysis

Author

Wang, Qin, Li, Xiaohong, Yan, Bobo, Khachidze, Vasil, editor, Wang, Tim, editor, Siddiqui, Sohail, editor, Liu, Vincent, editor, Cappuccio, Sergio, editor, and Lim, Alicia, editor

Published

2012

52. Contextual OTP: Mitigating Emerging Man-in-the-Middle Attacks with Wireless Hardware Tokens

Author

Ben-David, Assaf, Berkman, Omer, Matias, Yossi, Patel, Sarvar, Paya, Cem, Yung, Moti, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Bao, Feng, editor, Samarati, Pierangela, editor, and Zhou, Jianying, editor

Published

2012

53. Client-Based CardSpace-OpenID Interoperation

Author

Al-Sinani, Haitham S., Mitchell, Chris J., Gelenbe, Erol, editor, Lent, Ricardo, editor, and Sakellari, Georgia, editor

Published

2012

54. SudoWeb: Minimizing Information Disclosure to Third Parties in Single Sign-on Platforms

Author

Kontaxis, Georgios, Polychronakis, Michalis, Markatos, Evangelos P., Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Lai, Xuejia, editor, Zhou, Jianying, editor, and Li, Hui, editor

Published

2011

55. CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests

Author

De Ryck, Philippe, Desmet, Lieven, Heyman, Thomas, Piessens, Frank, Joosen, Wouter, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Massacci, Fabio, editor, Wallach, Dan, editor, and Zannone, Nicola, editor

Published

2010

56. Securing Your Mac & Networks

Author

Granneman, Scott, Granneman, Scott, Andres, Clay, editor, Pundick, Douglas, editor, Anglin, Steve, editor, Beckner, Mark, editor, Buckingham, Ewan, editor, Cornell, Gary, editor, Gennick, Jonathan, editor, Hassell, Jonathan, editor, Lowman, Michelle, editor, Moodie, Matthew, editor, Parkes, Duncan, editor, Pepper, Jeffrey, editor, Pohlmann, Frank, editor, Renow-Clarke, Ben, editor, Shakeshaft, Dominic, editor, Wade, Matt, editor, Welsh, Tom, editor, Moritz, Kelly, editor, and Moore, Ralph, editor

Published

2010

57. Accessible images (AIMS): a model to build self-describing images for assisting screen reader users.

Author

Nengroo, Ab Shaqoor and Kuppusamy, K. S.

Subjects

DIGITAL image processing, IMAGE recognition (Computer vision), WEB search engines, ARTIFICIAL intelligence, INTERNET content

Abstract

Non-visual web access depends on the textual description of various non-text elements of web pages. The existing methods of describing images for non-visual access do not provide a strong coupling between described images and their description. If an image is reused multiple times either in a single Web site or across multiple times, it is required to keep the description at all instances. This paper presents a tightly coupled model termed accessible images (AIMS) which utilizes a steganography-based approach to embed the description in the images at the server side and updating alt text of the web pages with the description extracted with the help of a browser extension. The proposed AIMS model has been built, targeting toward a web image description ecosystem in which images evolve into a self-description phase. The primary advantage of the proposed AIMS model is the elimination of the redundant description of an image resource at multiple instances. The experiments conducted on a dataset confirm that the AIMS model is capable of embedding and extracting descriptions with an accuracy level of 99.6%. [ABSTRACT FROM AUTHOR]

Published

2018

58. General-Purpose Computation on GPUs in the Browser Using gpu.js.

Author

Sapuan, Fazli, Saw, Matthew, and Cheah, Eugene

Subjects

GRAPHICS processing units, GPSS (Computer program language), WEB browsers, WEBGL (Computer program language), APPLICATION program interfaces, JAVASCRIPT programming language

Abstract

gpu.js is a client-side general-purpose computing on graphics processing units (GPGPU) library for the browser written entirely in JavaScript. Unlike some of the earlier implementations of client-side GPGPU, gpu.js does not require browser support through an explicit GPGPU API or an installation of a custom native runtime browser extension to enable such support. This allows the library to run on all modern platforms, including on mobile devices such as smartphones. It achieves this by using the already widely adopted Web Graphics Library graphics API in a manner that it is not designed for by making use of JavaScript-to-Open GL Shading Language transpilation. The library abstracts away all the unnecessary implementation details of awkwardly performing GPGPU on a graphics API and, at the same time, provides an API that was designed specifically for GPGPU. [ABSTRACT FROM AUTHOR]

Published

2018

59. Towards a Webpage-Based Bibliographic Manager

Author

Dang, Dinh-Trung, Tan, Yee Fan, Kan, Min-Yen, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Buchanan, George, editor, Masoodian, Masood, editor, and Cunningham, Sally Jo, editor

Published

2008

60. Dynamic Identification of Learning Styles in MOOC Environment Using Ontology Based Browser Extension

Author

Abhinav Agarwal, Sucheta V. Kolekar, and Divyansh Shankar Mishra

Subjects

Computer science, media_common.quotation_subject, browser extension, Big data, Information technology, Ontology (information science), Field (computer science), Education, Learning styles, Deliverable, Human–computer interaction, Perception, ontology, media_common, learners’ behavior, business.industry, General Engineering, intelligent e-learning, T58.5-58.64, Identification (information), fslsm, Information and Communications Technology, moocs, business, learning styles

Abstract

With the advent of the era of big data and Web 3.0 on the horizon, different types of online deliverable resources in the pedagogical field have also become raft. Massive Open Online Courses (MOOCs) are the most important of such learning resources that provide many courses at different levels for the learners on the go. The data generated by these MOOCs, however, is often unorganized and difficult to track or is not used to the extent that allows identification of learner types to facilitate better learning. The proposed approach in this paper aims to detect the learning style of a learner, interacting with the MOOC portal, dynamically and automatically through a novel, indigenous and in-built browser extension. This extension is used to capture the usage parameters of the learner and analyze learning behavior in real-time. The usage parameters are captured and stored as a learner ontology to ease sharing and operating across different platforms. The learning style so deduced is based on the Felder Silverman Learning Style Model (FSLSM), where learner’s behavior under multiple criteria, vis-`a-vis perception, input, understanding, and processing are measured. Based on the generated ontological semantics of learner’s behavior, multiple models can be made to facilitate precise and efficient learning. The result shows that this state-of-the-art approach identifies and detects the learning styles of the learners automatically and dynamically, i.e., changing over time

Published

2021

61. A Novel Approach for User-Centric Privacy Protection on the Web

Author

Oad, Satish Kumar

Subjects

Artificial Intelligence, Computer Engineering, Computer Science, USER-CENTRIC PRIVACY, PROTECTION ON THE WEB, Policy engine, Modify policies, Browser Extension

Abstract

Web-based applications run within web browsers and interact with a wide range of user-provided data. Web applications gain their dynamic nature from web scripts, particularly JavaScript, which accesses this data through browser APIs. Unfortunately, a significant number of web-based attacks compromising user security and privacy have been discovered over the past decade. Attackers can exploit scripting languages and other web attack techniques, such as cross-site scripting, to steal personal information. In addition, many websites utilize third-party JavaScript without thoroughly checking the code or scanning for vulnerabilities. The third-party code can exploit security weaknesses, resulting in unauthorized user information acquisition, such as user cookies and session data.In this thesis, we have developed a framework incorporating various policy categories to address the above mentioned issues. We have implemented a policy engine to enforce these regulations and provided users with a graphical interface to customize these policies according to their needs. Our experiments have demonstrated that this framework empowers end-users to modify rules and regulate the utilization of device resources. Through our policy enforcement engine, we effectively prevent simulated attack scenarios, thus safeguarding device resources and protecting user privacy.

Published

2023

62. WACline: A Software Product Line to harness heterogeneity in Web Annotation

Author

Lenguajes y sistemas informáticos, Hizkuntza eta sistema informatikoak, Medina, Haritz, Díaz García, Oscar, Garmendia Díaz, Xabier, Lenguajes y sistemas informáticos, Hizkuntza eta sistema informatikoak, Medina, Haritz, Díaz García, Oscar, and Garmendia Díaz, Xabier

Abstract

[EN] A significant amount of research project funding is spent creating customized annotation systems, reinventing the wheel once and again, developing the same common features. In this paper, we present WACline, a Software Product Line to facilitate customization of browser extension Web annotation clients. WACline reduces the development effort by reusing common features (e.g., highlighting and commenting) while putting the main focus on customization. To this end, WACline provides already implemented 111 features that can be extended with new ones. In this way, researchers can reduce the development and maintenance costs of annotation clients.

Published

2022

63. Ladok Browser Extension : An Evaluation of Browser Extension API:s

Author

Rahman, Mukti Flora and Rahman, Mukti Flora

Abstract

Syftet med denna studie har varit att undersöka ifall det är möjligt att utveckla ett användargränssnitt i form av ett webbläsartillägg för Ladok som är ett resultatsystem för universitet och högskolor i Sverige. En del av studien har också varit att kunna utvärdera minst ett sätt att skapa webbläsartillägg. Enkätundersökningar samt intervjuer gjordes för att kunna förstå vilka typer av funktioner som skulle kunna vara till nytta för studenter samt lärare i ett sådant användargränssnitt. Det gjordes även GUI prototyper i designverktyget Figma som det gjordes användartester på. Den största utmaningen under arbetet har varit att kunna dra en slutsats om det är möjligt att kunna få tillgång till data från Ladok med hjälp av webbskrapning och API-förfrågningar. Datat på Ladok är sekretessbelagt eftersom Ladok innehåller konfidentiell information. Det har därför varit svårt att få tillgång till data under projektets gång. Olika typer av metoder testades under projektets gång för att se om det skulle kunna gå att få tillgång till data för att kunna utveckla ett användargränssnitt för Ladok. Slutsatsen som kan dras för detta projekt är det krävs mer forskning och tid samt att det inte finns någon lösning på detta än. Framtida arbete som är värt att nämna är kunna implementera användarskript som endast körs när studenter är inloggade på Ladok. Ett exempel på ett verktyg som kan användas för detta ändamål är TamperMonkey som är kompatibelt med Google Chrome. GreaseMonkey är motsvarar TamperMonkey, men är kompatibelt med Mozilla Firefox., The objective of this study has been to examine if it is possible to develop a user interface as a browser extension for Ladok which is a result system that is used by higher education institutions such as colleges and universities in Sweden. A part of the study has also been to be able to evaluate at least one method of developing browser extensions. Interviews and surveys were conducted in order to understand what types of functions that would be beneficial for both students and teachers in such a user interface. GUI mockups were created in the design tool Figma and were later measured through usability tests. The main challenge during the study has been to be able to determine if it is possible to access data from Ladok through web scraping and API requests. As Ladok consists of confidential information about students, the data is private. Due to this it has been very difficult to be able to gather data. Different types of methods and approaches were used in order to determine if it would be possible to develop a user interface for Ladok. The conclusion that can be drawn is that more research and time are needed and that there is no clear solution for this yet. Future work could be to develop user scripts that would only run when Ladok would be used. An example of a tool for user scripts is TamperMonkey, which is compatible with Google Chrome. GreaseMonkey is equivalent to TamperMonkey, but is compatible with Mozilla Firefox.

Published

2022

64. Real-Time Discovery of Currently and Heavily Viewed Web Pages

Author

Maruyama, Kazutaka, Takasuka, Kiyotaka, Yagihara, Yuta, Machida, Satoshi, Shirai, Yuichiro, Terada, Minora, van der Aalst, Wil, editor, Mylopoulus, John, editor, Sadeh, Norman M., editor, Shaw, Michael J., editor, Szyperski, Clemens, editor, Filipe, Joaquim, editor, Cordeiro, José, editor, and Pedrosa, Vitor, editor

Published

2007

65. Using Windows Defender

Author

Hassell, Jonathan and Campbell, Tony

Published

2007

66. Testing browser extensions

Author

Pereira, Juanan and Medina, Haritz

Subjects

browser extension, testing

Abstract

Browser extensions are one of the most popular web technologies. With more than 1.6 billion installations, their users rely on them for their day-to-day tasks. Thus, it is expected that they will be (well) tested. Yet there is no empirical evidence about it

Published

2022

67. Semantic-Based Matching and Personalization in FWEB, a Publish/Subscribe-Based Web Infrastructure

Author

Courtenage, Simon, Williams, Steven, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Meersman, Robert, editor, and Tari, Zahir, editor

Published

2005

68. Collaborative Semantic Web Browsing with Magpie

Author

Domingue, John, Dzbor, Martin, Motta, Enrico, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Bussler, Christoph J., editor, Davies, John, editor, Fensel, Dieter, editor, and Studer, Rudi, editor

Published

2004

69. Consent-O-Matic: Automatically Answering Consent Pop-ups Using Adversarial Interoperability

Author

Nouwens, Midas, Bagge, Rolf, Kristensen, Janus Bager, and Klokmose, Clemens Nylandsted

Subjects

adversarial interoperability, browser extension, ComputingMilieux_LEGALASPECTSOFCOMPUTING, regulatory enforcement, General Data Protection Regulation

Abstract

The majority of consent pop-ups on the web do not meet the requirements for legally valid consent laid out in the General Data Protection Regulation (GDPR). In the face of a lack of enforcement, we present the browser extension Consent-O-Matic which uses adversarial interoperability to automatically answer these pop-ups based on the user's preferences. We document how the current implementation of these pop-ups support and inhibit interoperability, focussing on the difference between static and dynamic HTML, the quality of the semantic markup, and the visibility of the system's state; and we present the implementation of Consent-O-Matic. Lastly, we discuss the possibilities, limitations, and concerns of an adversarial approach.

Published

2022

70. Automatic generation of test cases based on user actions

Subjects

тестирование на основе сессий, browser extension, generation of user steps, браузерное расширение, exploratory testing, Вычислительные машины электронные персональные, исследовательское тестирование, генерация шагов пользователя, session-based testing

Abstract

Тема выпускной квалификационной работы: «Автоматическая генерация тест кейсов на основе действий пользователя». В данной дипломной работе описано создание инструмента, представляющее собой клиент-серверное приложение для проведения тестирования с использованием функции автоматической генерацией тест кейсов на основе действий тестировщика. В Ñ Ð¾Ð´Ðµ работы проведен обзор литературы, выявлены важные части тестовой документации, проанализированы существующие инструменты-аналоги. Также проведен анализ и обоснование выбора Ñ‚ÐµÑ Ð½Ð¾Ð»Ð¾Ð³Ð¸Ð¹ для реализации приложения, и на основе собранной информации разработано приложение., The subject of the graduate qualification work is “Automatic generation of test cases based on user actions”. This thesis describes the development of a client-server software testing application with the function of automatic generation of test cases based on tester actions. In the course of the work a literature review was conducted, important parts of the test documentation were identified, and existing peer tools were analyzed. Also, the analysis and justification of the choice of technologies for the implementation of the application was carried out and based on the collected information the application was developed.

Published

2022

71. In-depth technical and legal analysis of Web tracking on health related websites with Ernie extension

Author

Wesselkamp, Vera, Fouad, Imane, Santos, Cristiana, Boussad, Yanis, Bielova, Nataliia, Legout, Arnaud, Privacy Models, Architectures and Tools for the Information Society (PRIVATICS), Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-CITI Centre of Innovation in Telecommunications and Integration of services (CITI), Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA), Utrecht University [Utrecht], Design, Implementation and Analysis of Networking Architectures (DIANA), Inria Sophia Antipolis - Méditerranée (CRISAM), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Commission nationale de l'informatique des libertés (Cnil), and CNIL

Subjects

explicit consent, online tracking, browser extension, [INFO.INFO-WB]Computer Science [cs]/Web, health data, cookie syncing, GDPR

Abstract

International audience; Searching for doctors online has become an increasingly common practice among Web users. However, when health websites owned by doctors and hospitals integrate third-party trackers, they expose their potential patients' medical secrets to third parties, thereby violating the GDPR which only allows the processing of sensitive health data with the explicit consent of a user. While previous works detected sophisticated forms of cookie syncing at scale, no tool exists as of today that would allow owners of health websites detecting complex tracking practices and ensure legal compliance. In this paper, we develop Ernie-a browser extension that visualises six tracking and complex cookie syncing state of the art techniques. We report on the analysis with Ernie on 176 websites of medical doctors and hospitals that users would visit when searching for doctors in France and Germany. At least one form of tracking or cookie syncing occurs on 64% websites before interacting with the consent banner, and 76% of these websites fail to comply with the GDPR requirements on a valid explicit consent. Furthermore, an in-depth analysis of case study websites allowed us to provide comprehensive general explanations of why tracking is embedded: for example, in all 45 webpages, where doctors include a Google map to help locating their office, tracking occurs due to the Google's cookie already present in the user's browser which is attached to a request that fetched the Google map useful content.

Published

2021

72. A Novel Approach to Detecting and Mitigating Keyloggers

Author

Elelegwu, Damilola Osedumbi

Subjects

Keylogger spyware, Keystrokes, Routes, Mobile security, Browser extension, Keystroke logging, Threat detection, Computer and Systems Architecture, Digital Communications and Networking, Information Security, OS and Networks

Abstract

As the digital world gets increasingly ingrained in our daily lives, cyberattacks—especially those involving malware—are growing more complex and common, which calls for developing innovative safeguards. Keylogger spyware, which combines keylogging and spyware functionalities, is one of the most insidious types of cyberattacks. This malicious software stealthily monitors and records user keystrokes, amassing sensitive data, such as passwords and confidential personal information, which can then be exploited. This research work introduces a novel browser extension designed to thwart keylogger spyware attacks effectively. The extension is underpinned by a cutting-edge algorithm that meticulously analyzes input-related processes, promptly identifying and flagging any malicious activities. Upon detection, the extension empowers users with the immediate choice to terminate the suspicious process or validate its authenticity, thereby placing crucial real-time control in the hands of the end user. The methodology guarantees the extension's mobility and adaptability across various platforms and devices. This paper extensively details the development of the browser extension, from its first conceptual design to its rigorous performance evaluation. The results show that the suggested addition considerably strengthens end-user protection against cyber risks, resulting in a safer web browsing experience. The research substantiates the extension's efficacy and significant potential in reinforcing online security standards, demonstrating its ability to make web surfing safer through extensive analysis and testing.

Published

2023

73. Web prefetching through efficient prediction by partial matching.

Author

Gellert, Arpad and Florea, Adrian

Subjects

*WEBSITES, *MARKOV processes, *WEB browsers, *INTERNET, *WORLD Wide Web

Abstract

In this work we propose a prediction by partial matching technique to anticipate and prefetch web pages and files accessed via browsers. The goal is to reduce the delays necessary to load the web pages and files visited by the users. Since the number of visited web pages can be high, tree-based and table-based implementations can be inefficient from the representation point of view. Therefore, we present an efficient way to implement the prediction by partial matching as simple searches in the observation sequence. Thus, we can use high number of states in long web page access histories and higher order Markov chains at low complexity. The time-evaluations show that the proposed PPM implementation is significantly more efficient than previous implementations. We have enhanced the predictor with a confidence mechanism, implemented as saturating counters, which classifies dynamically web pages as predictable or unpredictable. Predictions are generated selectively only from web pages classified as predictable, improving thus the accuracy. The experiments show that the prediction by partial matching of order 4 with a history of 500 web pages is the optimal. [ABSTRACT FROM AUTHOR]

Published

2016

74. New rule-based phishing detection method.

Author

Moghimi, Mahmood and Varjani, Ali Yazdian

Subjects

*RULE-based programming, *ONLINE banking, *WEBSITES, *FEATURE selection, *UNIFORM Resource Locators

Abstract

In this paper, we present a new rule-based method to detect phishing attacks in internet banking. Our rule-based method used two novel feature sets, which have been proposed to determine the webpage identity. Our proposed feature sets include four features to evaluate the page resources identity, and four features to identify the access protocol of page resource elements. We used approximate string matching algorithms to determine the relationship between the content and the URL of a page in our first proposed feature set. Our proposed features are independent from third-party services such as search engines result and/or web browser history. We employed support vector machine (SVM) algorithm to classify webpages. Our experiments indicate that the proposed model can detect phishing pages in internet banking with accuracy of 99.14% true positive and only 0.86% false negative alarm. Output of sensitivity analysis demonstrates the significant impact of our proposed features over traditional features. We extracted the hidden knowledge from the proposed SVM model by adopting a related method. We embedded the extracted rules into a browser extension named PhishDetector to make our proposed method more functional and easy to use. Evaluating of the implemented browser extension indicates that it can detect phishing attacks in internet banking with high accuracy and reliability. PhishDetector can detect zero-day phishing attacks too. [ABSTRACT FROM AUTHOR]

Published

2016

75. BWDAT: A research tool for analyzing the consumption of VOD content at home

Author

Cordeiro, J.A. (José A.), Castro, D. (Deborah), Nisi, V. (Valentina), Nunes, N.J. (Nuno J.), Cordeiro, J.A. (José A.), Castro, D. (Deborah), Nisi, V. (Valentina), and Nunes, N.J. (Nuno J.)

Abstract

Introduction: New approaches to the study of the binge-watching phenomenon require new technology, leading to the development of a non-intrusive and low-cost analytical research software that facilitates a holistic understanding of binge-watching in an uncontrolled environment remotely (e.g., the home). BWDAT was developed to allow the collection of three types of data: users’ physiological data gathered from a smartwatch, users’ interactions from video-on-demand interfaces, and self-reported data. This tool offers the possibility to generate automatic data analysis reports, facilitating researchers’ data analysis tasks. Methods: Two trial studies and a long-term study were used to evaluate the design and the technical implementation of the BWDAT tool. The metrics used were the BWDAT smartwatch's App data coverage of the viewing sessions, and the data's reliability of the viewer's interactions with the Netflix interface, collected by the BWDAT Chrome Extension. Results: High percentages of data coverage and content coverage were verified in the sessions collecting the smartwatch's data. The reporting system developed proved to be useful in the collection and synchronization of physiological and users’ interaction data with Netflix interface, both generated in uncontrolled environments. Furthermore, the BWDAT tool facilitated the analysis of a large amount of nuanced data. Conclusion: The results obtained confirm the reliability, accuracy, and usability of BWDAT. This tool has the potential to help researchers shed new light on the field of media and audience studies, and in particular on binge-watching.

Published

2021

76. Detection and measurement of web tracking

Author

Fouad, Imane, Privacy Models, Architectures and Tools for the Information Society (PRIVATICS), Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-CITI Centre of Innovation in Telecommunications and Integration of services (CITI), Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Inria Lyon, Institut National de Recherche en Informatique et en Automatique (Inria), Université Côte d'Azur, Nataliia Bielova, Arnaud Legout, Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA), CITI Centre of Innovation in Telecommunications and Integration of services (CITI), Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National des Sciences Appliquées de Lyon (INSA Lyon), and Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Inria Grenoble - Rhône-Alpes

Subjects

Pixels invisibles, [INFO.INFO-WB]Computer Science [cs]/Web, Online tracking, Cookie syncing, Suivi en ligne, RGPD, Recréation de cookie, recreation de cookie, Invisible pixels, Explicit consent, Cookie respawning, Health data, Ad-blocker, Synchronisation des cookies, EPrivacy, Empreintes digitales, Fingerprinting, GDPR, Consentement explicite, Données sur la santé, Browser extension

Abstract

In this thesis, we detected and measured web tracking technologies. We further audited the legal compliance of websites within the EU data Protection legal framework by assessing their compliance with the General Data Protection Regulation (GDPR) and the ePrivacy Directive. First, we proposed a fine-grained behavioral classification of tracking based on the analysis of invisible pixels. We demonstrated that popular methods to detect tracking, based on EasyList&EasyPrivacy and on Disconnect lists respectively miss 25.22% and 30.34% of the trackers that we detect. As a follow up of this first work, we made a qualitative study, and reported on the analysis on 176 websites of medical doctors and hospitals. We found that 76% of these websites fail to comply with the GDPR requirements on a valid explicit consent. Second, we studied the combination of both stateful and stateless web tracking techniques. To the best of our knowledge, our study is the first to detect and measure cookie respawning via browser and machine fingerprint. We found out that this technique can be used to track users across websites even when third-party cookies are deprecated. Finally, we investigate the legal compliance of purposes for 20,218 third-party cookies. We found that purposes declared in cookie policies do not comply with the purpose specification principle in 95% of cases in our automatized audit. Furthermore, we analyzed the authentication practices implemented in third-party tracking services to exercise the access right.; Dans cette thèse, nous avons détecté et mesuré les technologies de suivi web. Nous avons également vérifié la conformité juridique des sites web dans le cadre juridique de la protection des données de l’UE en évaluant leur conformité avec le règlement général sur la protection des données (RGPD) et la directive ePrivacy. Tout d’abord, nous avons proposé une classification comportementale du suivi basée sur l’analyse des pixels invisibles. Nous avons démontré que les méthodes populaires pour détecter le suivi, basées sur EasyList&EasyPrivacy et sur Disconnect respectivement échouent à détecter 25,22% et 30,34% des traqueurs que nous détectons. Suite à ce premier travail, nous avons réalisé une étude sur 176 sites web de médecins et d’hôpitaux. Nous avons constaté que 76% de ces sites web ne respectent pas les exigences du RGPD sur le consentement explicite valide. Deuxièmement, nous avons étudié la combinaison des techniques de suivi web sans état et avec état. Au meilleur de notre connaissance, notre étude est la première à détecter et à mesurer la recréation de cookie via les empreintes digitales de la machine et du navigateur. Nous avons découvert que cette technique peut être utilisée pour suivre les utilisateurs à travers les sites web même lorsque les cookies tiers seront obsolètes. Enfin, nous avons évalué la conformité juridique des finalités pour 20,218 cookies tiers. Nous avons constaté que les finalités déclarées dans les politiques de cookie ne sont pas conformes au principe de spécification de finalité dans 95% des cas dans notre audit automatisé. En outre, nous avons analysé les recommandations des services tiers mises en œuvre pour exercer le droit d’accès.

Published

2021

77. BWDAT

Author

Nuno Jardim Nunes, Valentina Nisi, José A. Cordeiro, Deborah Castro, and Department of Arts and Culture Studies

Subjects

Research paper, business.industry, Computer science, Interface (computing), Physiological data, Usability, Browser Extension, Data type, Netflix, Field (computer science), BF1-990, Smartwatch, Psychiatry and Mental health, Binge-watching, Social pathology. Social and public welfare. Criminology, SDG 3 - Good Health and Well-being, Human–computer interaction, Synchronization (computer science), Psychology, business, HV1-9960, Reliability (statistics), Video-on-demand

Abstract

Highlights • BWDAT is a reliable tool that facilitates the study of viewing experience on VOD platforms. • Collects users’ physiological data and users’ interactions with Netflix interface. • Non-intrusive and easy to use, successfully used in long-term projects with more than 200 users. • Includes a graphical display of the viewing sessions to help researchers visualize the data. • Includes an automatic report generator and data exporter for multiple platforms., Introduction New approaches to the study of the binge-watching phenomenon require new technology, leading to the development of a non-intrusive and low-cost analytical research software that facilitates a holistic understanding of binge-watching in an uncontrolled environment remotely (e.g., the home). BWDAT was developed to allow the collection of three types of data: users’ physiological data gathered from a smartwatch, users’ interactions from video-on-demand interfaces, and self-reported data. This tool offers the possibility to generate automatic data analysis reports, facilitating researchers’ data analysis tasks. Methods Two trial studies and a long-term study were used to evaluate the design and the technical implementation of the BWDAT tool. The metrics used were the BWDAT smartwatch’s App data coverage of the viewing sessions, and the data’s reliability of the viewer’s interactions with the Netflix interface, collected by the BWDAT Chrome Extension. Results High percentages of data coverage and content coverage were verified in the sessions collecting the smartwatch’s data. The reporting system developed proved to be useful in the collection and synchronization of physiological and users’ interaction data with Netflix interface, both generated in uncontrolled environments. Furthermore, the BWDAT tool facilitated the analysis of a large amount of nuanced data. Conclusion The results obtained confirm the reliability, accuracy, and usability of BWDAT. This tool has the potential to help researchers shed new light on the field of media and audience studies, and in particular on binge-watching.

Published

2021

78. Latent: A Flexible Data Collection Tool to Research Human Behavior in the Context of Web Navigation

Author

Hugo Silva, Ricardo Tonet, Marcus Cheetham, Cátia Cepeda, Hugo Gamboa, Edouard Battegay, Daniel Faustino de Noronha Osório, University of Zurich, and Cepeda, Catia

Subjects

General Computer Science, Computer science, data acquisition, Digital content, Context (language use), 610 Medicine & health, UFSP13-4 Dynamics of Healthy Aging, Digital media, World Wide Web, User experience design, Web navigation, General Materials Science, 1700 General Computer Science, Browser extension, Data collection, Human–computer interaction, business.industry, General Engineering, Usability, 2500 General Materials Science, web search, 2200 General Engineering, The Internet, lcsh:Electrical engineering. Electronics. Nuclear engineering, 10029 Clinic and Policlinic for Internal Medicine, business, lcsh:TK1-9971

Abstract

Internet usage has grown dramatically since the early years of its inception. The rich field of data provided by internet users in interaction with digital media content can provide insight into web-based navigation behavior and underlying psychological dimensions. Human-computer interaction in the web is an underutilized source of data for understanding human online behavior. While researchers and usability testing services do use these sources to analyze human behavior and user experience, access to the diverse range of other potentially useful data available during web-based interaction for research is limited. In this paper, we propose a novel tool in the form of a web browser extension, referred to as Latent, which can be used to simultaneously capture information from different sources while users interact with digital content. The data acquisition capabilities of Latent makes it suitable for various research purposes, ranging from studies of usability to decision-making and personality. A particular advantage of Latent is that the method and control of data acquisition is completely transparent to the user. We present the architecture of the web browser extension, describe the data that can be acquired, and report on the residual impact of the tool on the user's computer processing resources.

Published

2019

79. Entity Explosion

Author

Hudson, Toby

Subjects

Wikidata, identifiers, browser extension

Abstract

Wikidata is great for asking weird questions like "Who is the most famous child of a librarian?" (the answer will surprise you). But what use are all the external identifiers that make up 90% of the database? I'll show you how to use them to navigate the web. Say you're on a webpage about a particular thing ("entity"). Click on the browser extension Entity Explosion to get information about that entity (from the URL alone!), and an explosion of links to other sites about that same entity. The data provided is sourced live from Wikidata - the Rosetta Stone of the internet - and can be retrieved in any language. We'll browse around some topics of your choice, to see how powerful you can be with a pinch of Wikidata added to your browser.

Published

2021

80. Method of Social Network Service based media contents sharing by Modified URL shortening.

Author

Seokhyun Song, Hyeontaek Oh, Sangmin Park, Seung-Hee Kim, Youngho Jeong, and Junkyun Choi

Abstract

Today, Social Network Services (SNS) has become a part of our life. People can easily publish their own media contents or share ready-made media contents. However, traditional media content sharing is based on the centralized server system. People living in countryside which is far from server farm branch for those services always need to access overseas server to view media contents. To overcome this problem, this paper presents a method for media content sharing on SNS with Modified URL shortening. From HTML5 standard and Web application technologies, we can make web browser work as web server. It has a form of browser extension like Google Chrome Extensions. In addition, friend relationship in SNS means geographical closeness in many cases so it can be used as closer source of media contents than original SNS or media service server. To evaluate this new approach, we simulate the idea with real internet topology and virtual social network structure. From this simulation, we can check the possibility of our suggestion indirectly. [ABSTRACT FROM PUBLISHER]

Published

2012

81. SurfGuard JavaScript instrumentation-based defense against Drive-by downloads.

Author

Sachin, Vijetha and Chiplunkar, Niranjan N

Abstract

Delivering malware via the web is now the cybercriminal's favorite means of attack. Advances in the malware distribution has increased to such an extent that today merely visiting a website causes a script to execute and thus download malicious executables on to your system. Exploits use the very flexible and dynamic natured javascript to employ a wide variety of attacks on the browsers. [ABSTRACT FROM PUBLISHER]

Published

2012

82. Semi-Automatic Online Tagging with K-Medoid Clustering.

Author

Hu, He and Du, Xiaoyong

Subjects

TAGS (Metadata), WEBSITES, COMPUTER algorithms, CLUSTER analysis (Statistics), SCHEME programming language, WEB browsers

Abstract

Online tagging is crucial for the acquisition and organization of web knowledge. We present TYG (Tag-as-You-Go) in this paper, a web browser extension for online tagging of personal knowledge on standard web pages. We investigate an approach to combine a K-Medoid-style clustering algorithm with the user input to achieve semi-automatic web page annotation. The annotation process supports user-defined tagging schema and comprises an automatic mechanism that is built upon clustering techniques, which can automatically group similar HTML DOM nodes into clusters corresponding to the user specification. TYG is a prototype system illustrating the proposed approach. Experiments with TYG show that our approach can achieve both efficiency and effectiveness in real world annotation scenarios. [ABSTRACT FROM AUTHOR]

Published

2014

83. Library Resource Promotion via Browser Extension; The Great Exhibition - A Common Format for Technical Sharing

Subjects

Great Exhibition of 1851, Technology Promotion, Browser Extension

Abstract

There has been, and often remains, a gap between the time when a new technology is initially released, and the time when it is widely accepted by both the general public and applicable industries. Promotion frequently helps to boost these new and unfamiliar technologies into the so-called “public eye.” Both my technical and STS research projects highlight this idea of promotion, with the end goal of broader technological usage and acceptance by the general public. My technical topic revolves around the development of a browser extension that advertises the resources available through UVA’s libraries, working to create broader awareness of the libraries’ offerings. My STS topic centers on the first World’s Fair, The Great Exhibition of the Works of Industry of All Nations. Colloquially referred to as the Great Exhibition of 1851, this event showcased over 100,000 technological exhibits from 32 countries to its over six million public visitors. The two particular cases discussed in my Technical and STS topics, respectively, are separated by over 160 years and are of very different scales. Together they serve to highlight the broad spectrum of technological promotion scenarios present throughout history. Clearly, technological promotion is something that truly transcends time and space. It is an issue whose analysis is not only beneficial to present-day promoters, but for generations to come. My Technical project, as previously mentioned, was the creation of the UVA Library Browser Extension. The rationale for creating the extension was that, should students and faculty be reminded of the resources available from the UVA Library system, they might make more frequent use of them, allowing users to save both money that they may have potentially spent elsewhere on materials and research time. The project was conducted in a 7-person team, which worked in association with numerous stakeholders from the UVA Library to create a Google Chrome browser extension. The team spent both the Fall 2019 and Spring 2020 academic semesters working on the project, producing a complete extension by March of 2020. This completed extension is designed to aid users in their research, automatically displaying more than a dozen library results related to content browsed on Barnes and Noble, Amazon, and Google Scholar. Functionality also allows for the changing of the item search type, search history tracking, and manual search initiation. These additional features allow for further user interaction and help facilitate convenient research. The finalized product is presently slated to be uploaded to the Google Chrome web store, making the extension freely accessible and available. My STS research problem focuses on analyzing the Great Exhibition’s success as compared to its predecessors’ lack thereof. In determining the key features of its success, they might be emulated in future shows, helping to once again effectively promote new and foreign technologies. The respective success and comparative failures of these shows was analyzed by examining both the political powers overseeing them, as well as the makeup and design of each’s exhibitionary governing body. In the case of the Great Exhibition, Prince Albert, a German who was husband to Queen Victoria oversaw the Great Exhibition. As an international man himself, Albert encouraged that all nations be given the spotlight, also aiming to open the expo to all of England’s populous. The predecessors of the Great Exhibition, however, were largely overseen by governments wanting to promote nationalism for their country, making international exhibits sidelined or fully banned. With regard to governing bodies, the Royal Commission formed to oversee the Great Exhibition was designed to account for internal turmoil and a diversity of opinions, while the governing body of the previous French expos was formed almost retroactively, and only had exposition management as a secondary aim. From all of this, it is clear that full internationalism – not nationalism – along with delicately-crafted overseeing bodies are necessary to make such events iconically successful. Overall, I feel that both of these projects were fully successful. The Browser Extension has already been requested by countless UVA students upon its release, and has proved to be very popular among the Library faculty as well. My STS research, too, has achieved its aims, though to less fanfare. Both of these projects have concluded relatively well, leaving little need for continued research or development on either, although expansion upon each’s ideas remains possible. With these developments in the area of technological promotion, further public education and acceptance of new technologies can hopefully become even easier.

Published

2020

84. Library resource promotion via browser extension; Understanding the threats of malicious browser extensions

Subjects

browser extension, Actor-Network Theory (ANT), Malicious browser extension, web users privacy

Abstract

A browser extension is one of the most popular tools that extends the browser’s functionality allowing web users to perform a variety of tasks from the browser. The technical project creates a Google Chrome browser extension for the University of Virginia (U.Va.) Library which informs students and staff about resources that can be obtained free-of-cost, helping users to save some money that might be otherwise used to get resources through online e-commerce websites. The goal of the technical project is to increase the usage of unused resources laying around in the U.Va. Library for students and staffs to use. Loosely coupled with the technical project, the Science, Technology and Society (STS) research paper uses the Actor-Network Theory (ANT) framework to analyze the threats of a malicious browser extension on users’ privacy and how web users can minimize the possibility of an attack. It is important to research this topic because of the huge potential of a malicious browser extension, the rapid increase in the malicious browser extension’s number, and the lack of attention from defense experts. A browser extension is an extremely popular tool, with hundreds of millions of downloads. The main reason for its popularity is because of its ease to use and its enormous potential. Once downloaded and installed, the browser extension does not require much user involvement, and also it does not take up much computer storage, so the user does not have to spend unnecessary time and computer storage. Therefore, instead of creating computer software, which takes much more storage than browser extension and also requires the user to open and close whenever the user wants to use it, the capstone team decided to create browser extension, which is easy to download, install, and use. Since most UVA students and staffs have Google Chrome browser installed in their computer, they can easily obtain the library browser extension within a minute from the browser web store. By creating a Google Chrome browser extension that recommends UVA library resources when a user search from e-commerce sites like Amazon, Google Scholars, and Barnes and Nobles, the problem has been successfully addressed and possibly might solve the problem soon. The browser extension will recommend potential matches to the searched items from the e-commerce sites in less than 10 seconds, by showing the result through a bar at the top of the screen and thorough the browser extension popup icon. The UVA library extension meets all of the requirements for the system, which was gathered from the client throughout the development phase, and also includes some future enhancements like showing library services and user search history. The browser extension also complies with the W3C accessible use standards. Through this technical project, the users will become more aware of the library resources available to them, leading to increased utilization of valuable services that improve academic research and performance at the university. The STS research paper is focused on raising awareness than looking for a potential solution. The research question is “How can the web users protect their privacy given that the popularity of browser extension, as well as the number of a malicious browser extension, is rapidly increasing?” This research question is important because the browser extension attacks are getting more advanced and sophisticated every day. To answer the research question, the STS research paper examines four steps. First the paper identifies the security vulnerability of Google Chrome and Mozilla Firefox. Then, it provides a few privacy laws protecting web users’ privacy and explains why these laws might not be enough for web users to be safe. Next, the paper introduces three malicious browser extensions and one malware to explain how and why cybercriminals are using malicious browser extensions to attack. Finally, the paper provides general countermeasures and defenses that web users and browser developers can apply to minimize the possibility of attacks via browser extensions. The browser provides many capabilities to the browser extensions that can compromise a user’s security and privacy. The browser extension can read, edit, write, and replace any website’s DOM, crash browser, steal location data, check user’s keystrokes, mouse strokes and touch strokes, read, edit and delete cookies, read, write, and delete history, and many more. The browser provides way too much power to the browser extensions, and these powers can be easily utilized by cybercriminals to attack general web users. There are few laws which try to protect web users, but these laws are not easy to execute because it is tough to find the advanced cybercriminals. Therefore, it is up to web users to act defensively and minimize the possibility of getting attacked. In conclusion, the technical project addresses the problem of university students and staffs not using free resources available in the library but instead spending money by buying resources from e-commerce websites such as Amazon, Barnes and Nobles, etc. The STS research paper explains the threats of a malicious browser extension, and the countermeasures to become safe online. Through the technical project, the users will be able to find resources for free and save money, and through STS research paper, the readers will be able to protect their data and money more safely. The browser extension is an amazing tool that can help web users, if used safely, and is extremely dangerous if the web users are not cautious.

Published

2020

85. Enabling interoperation between Shibboleth and Information Card systems.

Author

Al-Sinani, Haitham S. and Mitchell, Chris J.

Subjects

IDENTITY management systems, WEB browsers, CYBERTERRORISM, PROTOTYPES, COMPUTER security, INFORMATION processing

Abstract

ABSTRACT Whilst the growing number of identity management systems have the potential to reduce the threat of identity attacks, major deployment problems remain because of the lack of interoperability between such systems. In this paper, we propose a scheme to provide interoperability between two widely discussed identity systems, namely Shibboleth and Information Card systems such as CardSpace or Higgins. When using this scheme, Information Card users are able to obtain an assertion token from a Shibboleth-enabled identity provider that can be processed by an Information Card-enabled relying party. The scheme is based on a browser extension and operates with both the CardSpace and the Higgins identity selectors without any modification. We specify the operation of the scheme and also describe an implementation of a proof-of-concept prototype. Additionally, security and operational analyses are provided. Copyright © 2012 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2013

86. Interactive Website Filter for Safe Web Browsing.

Author

INSOON JO, EUNJIN (EJ) JUNG, and YEOM, HEON Y.

Subjects

INTERACTIVE websites, WEB browsing, MALWARE, HEURISTIC algorithms, DISTRIBUTION (Probability theory), MACHINE learning, WEB browsers, PHISHING

Abstract

Though popularly used for safe web browsing, blacklist-based filters have fundamental limitation in the "window of vulnerability", the time between malicious website launch and blacklist update. An effective way of seamless protection is to use an add-on filter based on heuristics, but most of prior heuristics have offered the limited scope of protection against new attacks. Moreover, they have either suffered from low detection accuracy or incurred unacceptable slowdown. This paper presents an interactive website filter based on heuristics for detecting malicious websites. As the key feature, our filter considers the disparity between a website's true identity (e.g., host domain) and its observed identity (e.g., frequent terms or source domains of iFrames). A website with significant disparity is considered as malicious. Users are warned against a website identified as malicious, and determine if it is safe to proceed. Incorporating user-interaction into discovering the true identity of the suspect websites lets our filter avoid false positives caused by automatic detection. Our main contribution is that we found a common and efficient characteristic to filter malicious websites. Not only is such disparity inherent in exploit mechanisms of malicious websites whether to aim for phishing or malware distribution, but its measuring by textual relevance incurs negligible overhead. Experimental results demonstrate that our filter is lightweight while delivering considerably high detection accuracy for both malicious websites. [ABSTRACT FROM AUTHOR]

Published

2013

87. Towards real-time web tracking detection with T.EX - The Transparency EXtension

Author

Philip Raschke, Jacob Leon Kröger, Sebastian Zickau, and Axel Küpper

Subjects

Information privacy, data privacy, Computer science, BitTorrent tracker, media_common.quotation_subject, browser extension, machine-learning, Transparency (human–computer interaction), web tracking, browsing behavior, World Wide Web, Real-time web, Data quality, Targeted advertising, 000 Informatik, Informationswissenschaft, allgemeine Werke, data quality, Quality (business), classification algorithm, media_common, Anonymity

Abstract

Targeted advertising is an inherent part of the modern Web as we know it. For this purpose, personal data is collected at large scale to optimize and personalize displayed advertisements to increase the probability that we click them. Anonymity and privacy are also important aspects of the World Wide Web since its beginning. Activists and developers relentlessly release tools that promise to protect us from Web tracking. Besides extensive blacklists to block Web trackers, researchers used machine learning techniques in the past years to automatically detect Web trackers. However, for this purpose often artificial data is used, which lacks in quality. Due to its sensitivity and the manual effort to collect it, real user data is avoided. Therefore, we present T.EX - The Transparency EXtension, which aims to record a browsing session in a secure and privacy-preserving manner. We define requirements and objectives, which are used for the design of the tool. An implementation is presented, which is evaluated for its performance. The evaluation shows that our implementation can be used for the collection of data to feed machine learning algorithms.

Published

2019

88. DOMtegrity: Ensuring Web Page Integrity against Malicious Browser Extensions

Author

Feng Hao, Maryam Mehrnezhad, Ehsan Toreini, and Siamak F. Shahandashti

Subjects

JavaScript, FOS: Computer and information sciences, Web server, Web Crypto API, Computer Science - Cryptography and Security, Computer Networks and Communications, Computer science, Man in the browser, 0211 other engineering and technologies, Cryptography, 02 engineering and technology, WebExtension, Computer security, computer.software_genre, Rendering (computer graphics), Computer Science - Networking and Internet Architecture, Web page, Confidentiality, DOMtegrity, Architecture, Safety, Risk, Reliability and Quality, Browser extension, computer.programming_language, Networking and Internet Architecture (cs.NI), 021110 strategic, defence & security studies, business.industry, Cryptographic protocol, Web page integrity, business, Regular Contribution, computer, Cryptography and Security (cs.CR), Software, Information Systems

Abstract

In this paper, we address an unsolved problem in the real world: how to ensure the integrity of the web content in a browser in the presence of malicious browser extensions? The problem of exposing confidential user credentials to malicious extensions has been widely understood, which has prompted major banks to deploy two-factor authentication. However, the importance of the “integrity” of the web content has received little attention. We implement two attacks on real-world online banking websites and show that ignoring the “integrity” of the web content can fundamentally defeat two-factor solutions. To address this problem, we propose a cryptographic protocol called DOMtegrity to ensure the end-to-end integrity of the DOM structure of a web page from delivering at a web server to the rendering of the page in the user’s browser. DOMtegrity is the first solution that protects DOM integrity without modifying the browser architecture or requiring extra hardware. It works by exploiting subtle yet important differences between browser extensions and in-line JavaScript code. We show how DOMtegrity prevents the earlier attacks and a whole range of man-in-the-browser attacks. We conduct extensive experiments on more than 14,000 real-world extensions to evaluate the effectiveness of DOMtegrity.\ud \ud

Published

2019

89. Desenvolupament d'una solució per a l'anàlisi de la seguretat web

Author

Secall Gasulla, Oriol and Hinarejos Campos, María Francisca

Subjects

extensions de navegador, browser extension, Mozilla Firefox, Seguretat informàtica -- TFM, seguretat informàtica, Computer security -- TFM, seguridad informática, Seguridad informática-- TFM, extensiones del navegador, computer security

Abstract

Desenvolupament d'un add-on (webExtensions) per al navegador Mozilla Firefox per a valorar la qualitat de la seguretat implementada en la comunicació a un servidor web. Desarrollo de un add-on (webExtensions) para el navegador Mozilla Firefox para valorar la calidad de la seguridad implementada en la comunicación a un servidor web. Development of an add-on (webExtensions) for the Mozilla Firefox browser to assess the quality of the security implemented in communication to a web server.

Published

2018

90. Automated Privacy Protection for Mobile Device Users and Bystanders in Public Spaces

Author

Darling, David

Subjects

Browser extension, Mobile Systems, Privacy, Risk, Security, Visual eavesdroppers, Graphics and Human Computer Interfaces, Information Security, Software Engineering

Abstract

As smartphones have gained popularity over recent years, they have provided usersconvenient access to services and integrated sensors that were previously only available through larger, stationary computing devices. This trend of ubiquitous, mobile devices provides unparalleled convenience and productivity for users who wish to perform everyday actions such as taking photos, participating in social media, reading emails, or checking online banking transactions. However, the increasing use of mobile devices in public spaces by users has negative implications for their own privacy and, in some cases, that of bystanders around them. Specifically, digital photography trends in public have negative implications for bystanders who can be captured inadvertently in users’ photos. Those who are captured often have no knowledge of being photographed and have no control over how photos of them are distributed. To address this growing issue, a novel system is proposed for protecting the privacy of bystanders captured in public photos. A fully automated approach to accurately distinguish the intended subjects from strangers is explored. A feature-based classification scheme utilizing entire photos is presented. Additionally, the privacy-minded case of only utilizing local face images with no contextual information from the original image is explored with a convolutional neural network-based classifier. Three methods of face anonymization are implemented and compared: black boxing, Gaussian blurring, and pose-tolerant face swapping. To validate these methods, a comprehensive user survey is conducted to understand the difference in viability between them. Beyond photographing, the privacy of mobile device users can sometimes be impacted in public spaces, as visual eavesdropping or “shoulder surfing” attacks on device screens become feasible. Malicious individuals can easily glean personal data from smartphone and mobile device screens while they are accessed visually. In order to protect displayed user content, anovel, sensor-based visual eavesdropping detection scheme using integrated device cameras is proposed. In order to selectively obfuscate private content while an attacker is nearby, a dynamic scheme for detecting and hiding private content is also developed utilizing User-Interface-as-an-Image (UIaaI). A deep, convolutional object detection network is trained and utilized to identify sensitive content under this scheme. To allow users to customize the types ofcontent to hide, dynamic training sample generation is introduced to retrain the content detection network with very few original UI samples. Web applications are also considered with a Chrome browser extension which automates the detection and obfuscation of sensitive web page fields through HTML parsing and CSS injection.

Published

2021

91. Comparison and development of computational intelligence approaches for web platform of the game Travian: Kingdoms

Author

Šantl, Mitja and Zamuda, Aleš

Subjects

udc:004.8:004.775(043.2), multi-objective optimization, računska inteligenca, razširitev spletnega brskalnika, computional intelligence, web bot, browser extension, web browser, spletni brskalnik, spletni agent, Kingdoms [računalniška igra Travian], Kingdoms [computer game Travian], večkriterijska optimizacija

Abstract

V magistrskem delu se ukvarjamo z nalogo spletnih agentov za igro Travian: Kingdoms. V ta namen razvijemo razširitev za brskalnik, ki deluje v brskalniku Google Chrome in ima sposobnost opravljanja osnovnih akcij v igri, na primer: gradnja, napadanje in trgovanje. Posebno pozornost posvetimo gradnji, kjer želimo poiskati optimalen vrstni red gradbenih nalog. Zaradi kompleksnosti naloge izdelave takega agenta preučimo aplikativnost domene računske inteligence za naš primer. Za spletno platformo igre Travian: Kingdoms tako razvijemo in primerjamo pristope s petimi algoritmi: algoritmom mehke logike, algoritmom diferencialne evolucije, naključnim algoritmom, algoritmom izčrpnega iskanje in požrešnim algoritmom. Na podlagi primerjave rezultatov pristopov ugotovimo, da ima vsak algoritem svoje prednosti in slabosti. V okviru naše naloge se najbolje odreže pristop z algoritmom diferencialne evolucije. In this work, the case of web agents for Travian: Kingdoms game are studied. For this purpose, a browser extension is developed that works in web browser Google Chrome and has an ability to preform basic actions in the game Travian: Kingdoms like build, attack, and trade. Special attention is given to action build, to find an optimal order of building tasks. Due to the complexity of the problem to develop such agent, applicability of the domain of computational intelligence to our case is examined. For web platform of the game Travian: Kingdoms approches using five algorithms are developed and compared: fuzzy logic algorithm, differencial evolution algorithm, a randomized angorithm, algorithm exhaustive search, and greedy algorithm. Based on the comparison of the results we come to conclusion that each of these approaches has its own strong and weak points. In our case the overall winner is differencial evolution algorithm.

Published

2018

92. Online Spellchecking of HTML Form Data

Author

Miličić, Nikola and Gledec, Gordan

Subjects

TECHNICAL SCIENCES. Computing, TEHNIČKE ZNANOSTI. Računarstvo, spellchecking, Proširenje preglednika, strojna provjera pravopisa, Browser extension

Abstract

U ovom radu obrađena je tema strojne provjere pravopisa na stranicama weba korištenjem proširenja za preglednike weba. Izrađeno proširenje koristi sustav Hašek za ispravljanje teksta, međutim, opisanu arhitekturu moguće je primijeniti na bilo koji sustav za ispravljanje koji omogućuju razmjenu podataka putem REST API-ja. This thesis deals with the topic of machine spell checking on web pages using the extension for Internet browsers. The built-in extension uses the Hašek system to correct the text, however the architecture described may be applied to any spell checking system that allows data exchange via the REST API.

Published

2018

93. BWDAT: A research tool for analyzing the consumption of VOD content at home.

Author

Cordeiro JA, Castro D, Nisi V, and Nunes NJ

Abstract

Introduction: New approaches to the study of the binge-watching phenomenon require new technology, leading to the development of a non-intrusive and low-cost analytical research software that facilitates a holistic understanding of binge-watching in an uncontrolled environment remotely (e.g., the home). BWDAT was developed to allow the collection of three types of data: users' physiological data gathered from a smartwatch, users' interactions from video-on-demand interfaces, and self-reported data. This tool offers the possibility to generate automatic data analysis reports, facilitating researchers' data analysis tasks., Methods: Two trial studies and a long-term study were used to evaluate the design and the technical implementation of the BWDAT tool. The metrics used were the BWDAT smartwatch's App data coverage of the viewing sessions, and the data's reliability of the viewer's interactions with the Netflix interface, collected by the BWDAT Chrome Extension., Results: High percentages of data coverage and content coverage were verified in the sessions collecting the smartwatch's data. The reporting system developed proved to be useful in the collection and synchronization of physiological and users' interaction data with Netflix interface, both generated in uncontrolled environments. Furthermore, the BWDAT tool facilitated the analysis of a large amount of nuanced data., Conclusion: The results obtained confirm the reliability, accuracy, and usability of BWDAT. This tool has the potential to help researchers shed new light on the field of media and audience studies, and in particular on binge-watching., Competing Interests: The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper., (© 2021 The Authors.)

Published

2020

94. A PAKE – SRP6 BROWSER EXTENSION

Author

Alexandru Gavril Bardas

Subjects

ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Software_OPERATINGSYSTEMS, browser extension, Data_MISCELLANEOUS

Abstract

The username/password paradigm is a well-known authentication mechanism. Probably the most common version in use is the password authentication via an HTML form. The user has to type his/her password directly into a web page from the site to which he/she wishes to authenticate himself/herself. The problem with using this approach is that it relies on the user to determine when it is safe to enter his/her password. If the user authenticates himself/herself to a phishing website by disclosing his/her password, the password is stolen even though the session is fully encrypted. In other words in traditional password authentication, passwords are used only for client-side authentication. Password-authenticated key exchange (PAKE) on the other hand, offers password-based mutual authentication. This mutual authentication is different because its client-side authentication cannot be separated from its server-side authentication part.

Published

2012

95. Browser add-on for online spellchecker

Author

Srdić, Ivan and Gledec, Gordan

Subjects

preglednički dodatak, TECHNICAL SCIENCES. Computing, browser extension, TEHNIČKE ZNANOSTI. Računarstvo, ispravljanje pravopisa, spellchecking, hašek

Abstract

Razvoj pregledničkog dodatka za Hašek uključuje korištenje nekoliko različitih web tehnologija: JavaScript, HTML, CSS i JSON. Rezultat ovog rada je dodatak koji omogućuje relativno brzo ispravljanje teksta na većini web stranica. Preglednički dodatak je potrebno testirati od strane većeg broja korisnika kako bi se pronašle i otklonile greške. Prije stavljanja dodatka na web trgovine potrebno je značajno unaprijediti sustav Hašek kako bi ispravljanje grešaka u kratkim tekstovima bilo gotovo trenutno. The development of the browser extension for Hašek includes the use of several different web technologies: JavaScript, HTML, CSS and JSON. The end result of this thesis is an extension which enables relatively quick spellchecking on most websites. Further testing of this browser extension by a larger number of users is needed to find and resolve bugs. Before releasing this extension on web stores the core Hašek system has to be significantly improved to the point where finding errors in short texts is almost instantaneous.

Published

2015

96. Monkey-in-the-browser

Author

Steven Van Acker, Nick Nikiforakis, Wouter Joosen, Lieven Desmet, Frank Piessens, Moriai, Shiho, Jaeger, Trent, and Sakurai, Kouichi

Subjects

vulnerabilities, large-scale analysis, Exploit, malware, business.industry, Computer science, Augmented browsing, browser extension, computer.software_genre, Internet security, Computer security, World Wide Web, Constant (computer programming), Scripting language, Greasemonkey, Malware, Web application, script market, DOM-based XSS, business, computer, userscripts.org

Abstract

With the constant migration of applications from the desktop to the web, power users have found ways of enhancing web applications, at the client-side, according to their needs. In this paper, we investigate this phenomenon by focusing on the popular Greasemonkey extension which enables users to write scripts that arbitrarily change the content of any page, allowing them to remove unwanted features from web applications, or add additional, desired features to them. The creation of script markets, on which these scripts are often shared, extends the standard web security model with two new actors, introducing novel vulnerabilities. We describe the architecture of Greasemonkey and perform a large-scale analysis of the most popular, community-driven, script market for Greasemonkey. Through our analysis, we discover not only dozens of malicious scripts waiting to be installed by users, but thousands of benign scripts with vulnerabilities that could be abused by attackers. In 58 cases, the vulnerabilities are so severe, that they can be used to bypass the Same-Origin Policy of the user's browser and steal sensitive user-data from all sites. We verify the practicality of our attacks, by developing a proof-of-concept exploit against a vulnerable user script with an installation base of 1.2 million users, equivalent to a ``Man-in-the-browser'' attack. online only ispartof: pages:525-530 ispartof: ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security pages:525-530 ispartof: ASIACCS location:Kyoto, Japan date:2 Jun - 4 Jun 2014 status: published

Published

2014

97. Sustav za prikupljanje podataka o ponašanju Web preglednika i njihovu analizu strojnim učenjem

Author

Jukić, Filip and Groš, Stjepan

Subjects

data collection, napadi na Internetu, prikupljanje podataka, TECHNICAL SCIENCES. Computing, Google Chrome, ekstenzija za preglednik, XSS, DOM, browser extension, TEHNIČKE ZNANOSTI. Računarstvo, Internet threats

Abstract

Opisane su najčešće prijetnje i napadi s kojima se susreću korisnici na Internetu. Opisana je programska struktura ekstenzije za Google Chrome preglednik i neki od dostupnih API-ja. Razvijen je i dokumentiran softver za prikupljanje podataka o ponašanju web preglednika koji se sastoji od ekstenzije za Chrome preglednik i web aplikacije na poslužitelju gdje se prikupljaju podaci. Most common threats and attacks that Internet users encounter were described. The structure of a Google Chrome extension and some of the available APIs were described. A system for collecting data on web browser behaviour was developed and documented, containing the Chrome extension and a server side web application where the data is collected.

Published

2014

98. Rancang Bangun Ekstensi Browser untuk Mengembangkan Personalisasi Web Berbasis Adaptive Hypermedia System

Author

Pramadharma, Harestu and Hendry

Subjects

browser extension, adaptive hypermedia system, personalisasi web, HTML5 web storage

Abstract

Tidak diijinkan karya tersebut diunggah ke dalam aplikasi Repositori Perpustakaan Universitas dikarenakan masih ada kekurangan administrasi. Setiap pengunjung website memiliki karakteristik yang berbeda. Pengembangan Personalisasi Web berbasis Adaptive Hypermedia System merupakan salah satu cara untuk membuat website bersifat lebih personal. Teknologi ini kemudian diterapkan pada sebuah browser extension yang disebut W-Changer extension. W-Changer extension bekerja dengan menyisipkan fungsi pada halaman website dan memungkinkan pengguna untuk memanipulasi image dan link sesuai dengan keiinginan pengguna. Hasil manipulasi tersebut kemudian disimpan dengan penerapan teknologi HTML5 web storage. W-Changer extension dapat diimplementasikan pada website yang tidak menggunakan DOMContentLoaded event. Each website users have different characteristics. The development of Website Personalization Based on Adaptive Hypermedia System is one of the ways to make website more personalized. This technology is then applied to a browser extension called W-Changer extension. W-Changer extension works by injecting its functions into a website page and allows the user to manipulate images and links according to their needs. The results of the manipulation can be saved by applying HTML5 web storage technology. It can be implemented for website which is not use DOMContentLoaded event.

Published

2014

99. Implementació d'una extensió de Firefox per a la mesura del risc de privacitat de l'usuari en la cerca web

Author

Estrada Jiménez, José Antonio, Rodríguez Hoyos, Ana Fernanda, Universitat Politècnica de Catalunya. Departament d'Enginyeria Telemàtica, Forné Muñoz, Jorge, and Parra Arnau, Javier

Subjects

Internet--Security measures, Kullback-Leibler’s divergence, browser add-on, browser extension, perfil de usuario, Seguretat informàtica, add-on de navegador, Internet -- Mesures de seguretat, extensión de navegador, Shannon’s entropy, Informàtica::Seguretat informàtica [Àrees temàtiques de la UPC], Computer security, privacy metrics, entropía de Shannon, user profile, métricas de privacidad, divergencia de Kullback-Leibler

Abstract

[ANGLÈS] At the present time, user activities on Internet are permanently monitored, and the information obtained from this process is pretty useful for big advertising companies and especially for governments. The user information that external agents collect could be: search queries, clicks, text from visited web sites and even the time that users spend on browsing some sites. These data are processed in order to build user profiles that are later used to customize services. Additionally, this large amount of data susceptible of being collected (by personalized information systems) represents a serious risk for the users’ privacy on Internet. Perhaps, even more critical is the fact that many users are not aware of this risk, since it is not as evident as it is in the physical world. The risk gets worse when a few companies are capable of collecting much of the user data because their services are so popular to the point where they become vital for users interaction with the Internet, as is the case with search engines. Even when users do not reveal strictly personal information such as addresses, locations or names, current technology allows to infer much of this information from each user interaction with Internet. We present in this work a first effort towards the development of an extension for the Firefox web browser that estimates the privacy risk of the privacy of a user who, due to its navigation habits, is exposed to profiling mechanisms on Internet. The risk level is shown in a comprehensible and accessible fashion in the browser graphical interface and is calculated based on different adversary models. The privacy measuring mechanism that we integrate in the browser uses metrics that were appropriately justified and that rely on information theoretic concepts. For ease of use, this tool, that we called PrivMeter, provides a privacy informative bar that is directly integrated in the browser’s main graphical interface, and therefore it is permanently visible while the web browser is used. Furthermore, by means of windows PrivMeter displays more detailed information about the privacy levels of the user, both individually considered and also comparing it with other population privacy data. [CASTELLÀ] Actualmente, la monitorización de los usuarios en Internet es permanente, y la información obtenida en este proceso es de enorme interés para grandes compañías de publicidad y especialmente para gobiernos. Entre la información de usuario que agentes externos recopilan está fundamentalmente: las consultas de búsqueda, los clics, la información de páginas visitadas y hasta el tiempo de visita de sitios web. Estos datos son procesados con el fin de obtener perfiles de usuario en base a los cuales ahora una gran cantidad de sistemas web personalizan los servicios que ofrecen. Además, la gran cantidad de datos susceptibles de recopilarse por los sistemas de información personalizados representa un grave riesgo para la privacidad del usuario en Internet. Quizá aún más crítico es que muchos usuarios no son conscientes de este riesgo, ya que éste no es tan manifiesto como en el mundo físico. Este riesgo se agrava cuando pocas empresas pueden concentrar gran parte de los datos de usuario ya que sus servicios son muy populares y llegan a ser imprescindibles para la interacción con Internet, como es el caso de los motores de búsqueda. Aunque los usuarios no revelaran información estrictamente personal, como direcciones, ubicaciones o nombres, la tecnología actual permite inferir gran parte de esa información a partir de cada interacción del usuario con Internet. En este trabajo presentamos una aproximación para el desarrollo de una extensión del navegador Firefox que estima el riesgo de privacidad del perfil de un usuario, quien, por sus hábitos de navegación, está expuesto a mecanismos de profiling en Internet. El nivel de riesgo se muestra, de manera comprensible y accesible en la interfaz gráfica del navegador y se calcula tomando en cuenta diferentes modelos de adversario. El mecanismo de medición de privacidad que integramos en el navegador utiliza métricas adecuadamente justificadas y basadas en conceptos de teoría de la información. Para facilidad de uso, esta herramienta dispone de una barra informativa de privacidad directamente integrada en el navegador, y por lo tanto es permanentemente visible mientras el navegador es utilizado. Adicionalmente mediante ventanas se despliega información más detallada respecto de los niveles de privacidad del usuario, tanto individualmente como en comparación con otros modelos de perfiles de población. [CATALÀ] Actualment, la monitorització dels usuaris a Internet és permanent, i la informació obtinguda en aquest procés és d'enorme interès per a grans companyies de publicitat i especialment per governs. Entre la informació d'usuari que agents externs recopilen està fonamentalment: les consultes de cerca, els clics, la informació de pàgines visitades i fins el temps de visita de llocs web. Aquestes dades són processades amb la finalitat d'obtenir perfils d'usuari en base als quals ara una gran quantitat de sistemes web personalitzen els serveis que ofereixen. A més, la gran quantitat de dades susceptibles de recopilar pels sistemes d'informació personalitzats representa un greu risc per a la privacitat de l'usuari a Internet. Potser encara més crític és que molts usuaris no són conscients d'aquest risc, ja que aquest no és tan manifest com en el món físic. Aquest risc s'agreuja quan poques empreses poden concentrar gran part de les dades d'usuari ja que els seus serveis són molt populars i arriben a ser imprescindibles per a la interacció amb Internet, com és el cas dels motors de cerca. Tot i que els usuaris no revelessin informació estrictament personal, com adreces, ubicacions o noms, la tecnologia actual permet inferir gran part d'aquesta informació a partir de cada interacció de l'usuari amb Internet. En aquest treball presentem una aproximació per al desenvolupament d'una extensió del navegador Firefox que estima el risc de privacitat del perfil d'una persona, que, pels seus hàbits de navegació, està exposat a mecanismes de profiling a Internet. El nivell de risc es mostra, de manera entenedora i accessible a la interfície gràfica del navegador i es calcula tenint en compte diferents models d'adversari. El mecanisme de mesurament de privacitat que integrem al navegador utilitza mètriques adequadament justificades i basades en conceptes de teoria de la informació. Per facilitat d'ús, aquesta eina disposa d'una barra informativa de privacitat directament integrada en el navegador, i per tant és permanentment visible mentre el navegador és utilitzat. Addicionalment mitjançant finestres es desplega informació més detallada respecte dels nivells de privacitat de l'usuari, tant individualment com en comparació amb altres models de perfils de població.

Published

2013

100. Avaluació del risc de privacitat per a recerca en línia i sistemes d'etiquetatge social

Author

Rodríguez Hoyos, Ana Fernanda, Estrada Jiménez, José Antonio, Forné Muñoz, Jorge, Parra Arnau, Javier, and Universitat Politècnica de Catalunya. Departament d'Enginyeria Telemàtica

Subjects

ofuscación de consultas, privacidad de usuario, Internet -- Security measures, browser extension, query obfuscation, Seguretat informàtica, Internet -- Mesures de seguretat, extensión de navegador, etiquetado social, obtención de perfiles, Informàtica::Seguretat informàtica [Àrees temàtiques de la UPC], Computer security, privacy metrics, profiling, social tagging, user’s privacy, métricas de privacidad

Abstract

[ANGLÈS] The lack of privacy is nowadays a serious security issue for users on the Internet, since personalized information systems are in fact collecting an incredible amount of information, to the point where it appears they know us better than ourselves. Every single step we take on the Web can be detected by the same companies that are providing the most popular services, such as search engines and social networks. Search queries, tags, clicks, e-mails, tweets can be used to get an accurate profile of our activity. Even when the profiling of this information is a huge privacy risk, only a few tools propose a protection mechanism taking this into consideration. TrackMeNot is one of these tools, which implements perturbation of a user’s queries, by generating fake ones, to obfuscate the user’s profile , although, similarly to other tools, it is not immediate to evaluate to what extent it is protecting users privacy. We have firstly contributed to the another work, where the user’s privacy is measured, interpreted and showed for the user in the Firefox web browser. Privacy is computed based on the search queries of the user. But, since social tags are an important component of users’ data, we have developed some modules to take these into consideration in the process of measuring privacy, and not only the search queries. Additionally, we also evaluated the obfuscation mechanism offered by TrackMeNot to protect user’s privacy. By implementing justified privacy metrics we measured the efficiency of TrackMeNot to enhance the user’s privacy. We found that for identifying attacks TrackMeNot importantly improved the user’s privacy. However, for more sophisticated attacks, such as classification attacks, the obfuscation mechanism was not successful enough. The way of generating fake queries is crucial to efficiently obfuscate the user’s profile against classification attacks. Finally, TrackMeNot was integrated with PrivMeter in such a way that the privacy metrics are showed both for the real and obfuscated user’s profiles. [CASTELLÀ] La falta de privacidad es actualmente un grave problema de seguridad para los usuarios de Internet, ya que los servicios de información personalizados recolectan tal cantidad de información que parecería que éstos nos conocen mejor de lo que nos conocemos nosotros mismos. Cada paso que damos en la Web puede ser detectado por las compañías que proveen los servicios más populares como motores de búsqueda y redes sociales. Las consultas de búsqueda, las etiquetas, los clics, los mensajes de correo electrónico, los twits pueden ser utilizados para obtener un perfil preciso de nuestra actividad. Aunque la obtención de perfiles en base a esta información es una fuente gigantesca de riesgo de privacidad, solamente unas pocas herramientas ofrecen un mecaniso de protección que tome en cuenta estos datos de usuario. TrackMeNot es una de esas herramientas, que implementa perturbación de las consultas de búsqueda de usuario, mediante la generación de consultas falsas, con el fin de ofuscar el perfil de usuario. Sin embargo, así como sucede con otras aplicaciones, no hay certeza de la eficiencia de esta herramienta en la protección de la privacidad. En este trabajo se mide la privacidad del usuario, interpretada y mostrada para el usuario en el navegador web Firefox mediante una extensión denominada PrivMeter. La privacidad en esa propuesta se calcula en base a perfil generado a partir de las consultas que realiza el usuario en los principales motores de búsqueda. Pero, al ser las etiquetas sociales piezas importantes de información de usuario, desarrollamos algunos módulos que consideran estas etiquetas en el proceso de medición de privacidad. Además, evaluamos también el mecanismo de ofuscación ofrecido por TrackMeNot en su afán de proteger la privacidad del usuario. Medimos la eficiencia de TrackMeNot en el mejoramiento de la privacidad del usuario. Encontramos que, frente a ataques de identificación, esa herramienta mejora de manera importante la privacidad del usuario. Sin embargo, frente a ataques más sofisticados, como los de clasificación, el mecanismo de ofuscación no es suficientemente exitoso. La forma de generar las consultas, en este caso, es crucial para ofuscar el perfil de usuario de manera eficiente frente a ataques de clasificación. [CATALÀ] La manca de privacitat és actualment un greu problema de seguretat per als usuaris d'Internet, ja que els serveis d'informació personalitzats recol·lecten tal quantitat d'informació que semblaria que aquests ens coneixen millor del que ens coneixem nosaltres mateixos. Cada pas que donem a la web pot ser detectat per les companyies que proveeixen els serveis més populars com a motors de cerca i xarxes socials. Les consultes de cerca, les etiquetes, els clics, els missatges de correu electrònic, els twits poden ser utilitzats per obtenir un perfil precís de la nostra activitat. Encara que l'obtenció de perfils en base a aquesta informació és una font gegantina de risc de privacitat, només unes poques eines ofereixen un mecaniso de protecció que prengui en compte aquestes dades d'usuari. TrackMeNot és una d'aquestes eines, que implementa pertorbació de les consultes de cerca d'usuari, mitjançant la generació de consultes falses, per tal de ofuscar el perfil d'usuari. No obstant això, així com succeeix amb altres aplicacions, no hi ha certesa de l'eficiència d'aquesta eina en la protecció de la privacitat. En aquest treball, es mesura la privacitat de l'usuari, interpretada i mostrada per l'usuari en el navegador web Firefox mitjançant una extensió anomenada PrivMeter. La privacitat en aquesta proposta es calcula basant-perfil generat a partir de les consultes que realitza l'usuari en els principals motors de cerca. Però, en ser les etiquetes socials peces importants d'informació d'usuari, desenvolupem alguns mòduls que consideren aquestes etiquetes en el procés de mesurament de privacitat. A més, avaluem també el mecanisme d'ofuscació ofert per TrackMeNot en el seu afany de protegir la privadesa dels usuaris. Mesurem l'eficiència de TrackMeNot en la millora de la privacitat de l'usuari. Trobem que, davant d'atacs d'identificació, aquesta eina millora de manera important la privacitat de l'usuari. No obstant això, davant d'atacs més sofisticats, com els de classificació, el mecanisme d'ofuscació no és prou reeixit. La forma de generar les consultes, en aquest cas, és crucial per ofuscar el perfil d'usuari de manera eficient davant d'atacs de classificació. Finalment, s'integra TrackMeNot amb l'eina PrivMeter de manera que les mètriques de privacitat corresponents tant al perfil real com aparent de l'usuari es mostrin a la interfície.

Published

2013