Team for Research in
Ubiquitous Secure Technology

Protecting Browser State from Web Privacy Attacks

Citation
"Protecting Browser State from Web Privacy Attacks". C. Jackson, A. Bortz, D. Boneh, and J. Mitchell (eds.), 15th International Conference on World Wide Web, 2006.

Abstract
Through a variety of means, including a range of browser cache methods and inspecting the color of a visited hyper-link, client-side browser state can be exploited to track users against their wishes. This tracking is possible because per- sistent, client-side browser state is not properly partitioned on per-site basis in current browsers. We address this problem by refining the general notion of a same-origin policy and implementing two browser extensions that enforce this policy on the browser cache and visited links. We also analyze various degrees of cooperation between sites to track users, and show that even if long-term browser state is properly partitioned, it is still possible for sites to use modern web features to bounce users between sites and invisibly engage in cross-domain tracking of their visitors. Cooperative privacy attacks are an unavoidable consequence of all persistent browser state that affects the behavior of the browser, and disabling or frequently expiring this state is the only way to achieve true privacy against colluding parties.

Electronic downloads

Citation formats  
  • HTML
     <a
    href="http://www.truststc.org/pubs/599.html"
    ><i>Protecting Browser State from Web Privacy
    Attacks</i></a>,  C. Jackson, A. Bortz, D.
    Boneh, and J. Mitchell (eds.), 15th International Conference
    on World Wide Web, 2006.
  • Plain text
     "Protecting Browser State from Web Privacy
    Attacks".  C. Jackson, A. Bortz, D. Boneh, and J.
    Mitchell (eds.), 15th International Conference on World Wide
    Web, 2006.
  • BibTeX
    @proceedings{JacksonBortzBonehMitchell06_ProtectingBrowserStateFromWebPrivacyAttacks,
        title = {Protecting Browser State from Web Privacy Attacks},
        editor = { C. Jackson, A. Bortz, D. Boneh, and J. Mitchell},
        organization = {15th International Conference on World Wide Web},
        year = {2006},
        abstract = {Through a variety of means, including a range of
                  browser cache methods and inspecting the color of
                  a visited hyper-link, client-side browser state
                  can be exploited to track users against their
                  wishes. This tracking is possible because per-
                  sistent, client-side browser state is not properly
                  partitioned on per-site basis in current browsers.
                  We address this problem by refining the general
                  notion of a same-origin policy and implementing
                  two browser extensions that enforce this policy on
                  the browser cache and visited links. We also
                  analyze various degrees of cooperation between
                  sites to track users, and show that even if
                  long-term browser state is properly partitioned,
                  it is still possible for sites to use modern web
                  features to bounce users between sites and
                  invisibly engage in cross-domain tracking of their
                  visitors. Cooperative privacy attacks are an
                  unavoidable consequence of all persistent browser
                  state that affects the behavior of the browser,
                  and disabling or frequently expiring this state is
                  the only way to achieve true privacy against
                  colluding parties. },
        URL = {http://www.truststc.org/pubs/599.html}
    }
    

Posted by Jessica Gamble on 16 Mar 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.