Team for Research in
Ubiquitous Secure Technology

Doppelganger: Better Browser Privacy Without the Bother
Umesh Shankar, Chris Karlof

Citation
Umesh Shankar, Chris Karlof. "Doppelganger: Better Browser Privacy Without the Bother". Proceedings of the Thirteenth ACM Conference on Computer and Communications Security (CCS 2006), 154-167, November, 2006.

Abstract
We introduce Doppelganger, a novel system for creating and enforcing fine-grained, privacy preserving browser cookie policies with low manual effort. Browser cookies pose privacy risks, since they can be used to track users’ actions in detail, but some cookies also enable useful functionality, like personalization features. Web browsers currently lack an effective cookie management mechanism. Users must choose between two unpalatable options: a permissive, privacy-compromising policy for every site they visit, or a seemingly endless series of questions to which they must supply underinformed opinions. Doppelganger takes a big step forward: it makes automated determinations of cookies’ value to enable a costbenefit analysis, and offers an automated recovery system when that mechanism—or the user—makes an incorrect judgment. Doppelganger leverages client-side parallelism to automatically and simultaneously explore multiple cookie policies, enabling each user to create her ideal cookie policy. We tackle important and difficult subproblems along the way: mechanisms for recording and replaying web sessions; improved handling of third-party cookies; and enforcing fine-grained, per-site cookie mediation. We implemented Doppelganger as a Firefox extension; we discuss experimental results comparing it to various browser settings, as well as lessons learned from the real-world engineering challenges we faced in our implementation.

Electronic downloads

Citation formats  
  • HTML
    Umesh Shankar, Chris Karlof. <a
    href="http://www.truststc.org/pubs/189.html"
    >Doppelganger: Better Browser Privacy Without the
    Bother</a>, Proceedings of the Thirteenth ACM
    Conference on Computer and Communications Security (CCS
    2006), 154-167, November, 2006.
  • Plain text
    Umesh Shankar, Chris Karlof. "Doppelganger: Better
    Browser Privacy Without the Bother". Proceedings of the
    Thirteenth ACM Conference on Computer and Communications
    Security (CCS 2006), 154-167, November, 2006.
  • BibTeX
    @inproceedings{ShankarKarlof06_DoppelgangerBetterBrowserPrivacyWithoutBother,
        author = {Umesh Shankar and Chris Karlof},
        title = {Doppelganger: Better Browser Privacy Without the
                  Bother},
        booktitle = {Proceedings of the Thirteenth ACM Conference on
                  Computer and Communications Security (CCS 2006)},
        pages = {154-167},
        month = {November},
        year = {2006},
        abstract = {We introduce Doppelganger, a novel system for
                  creating and enforcing fine-grained, privacy
                  preserving browser cookie policies with low manual
                  effort. Browser cookies pose privacy risks, since
                  they can be used to track users’ actions in
                  detail, but some cookies also enable useful
                  functionality, like personalization features. Web
                  browsers currently lack an effective cookie
                  management mechanism. Users must choose between
                  two unpalatable options: a permissive,
                  privacy-compromising policy for every site they
                  visit, or a seemingly endless series of questions
                  to which they must supply underinformed opinions.
                  Doppelganger takes a big step forward: it makes
                  automated determinations of cookies’ value to
                  enable a costbenefit analysis, and offers an
                  automated recovery system when that mechanism—or
                  the user—makes an incorrect judgment.
                  Doppelganger leverages client-side parallelism to
                  automatically and simultaneously explore multiple
                  cookie policies, enabling each user to create her
                  ideal cookie policy. We tackle important and
                  difficult subproblems along the way: mechanisms
                  for recording and replaying web sessions; improved
                  handling of third-party cookies; and enforcing
                  fine-grained, per-site cookie mediation. We
                  implemented Doppelganger as a Firefox extension;
                  we discuss experimental results comparing it to
                  various browser settings, as well as lessons
                  learned from the real-world engineering challenges
                  we faced in our implementation.},
        URL = {http://www.truststc.org/pubs/189.html}
    }
    

Posted by Chris Karlof on 5 Mar 2007.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.