There is no new content.

» Go to the full list

Recent comments

» 2018.02.03. 18:24:02, Note for Firefox @ Preventing misuses and misapprehensions of FireGloves

» 2017.03.12. 20:02:46, Namrata Nayak @ Predicting anonymity with machine learning in social networks

» 2017.01.13. 20:51:19, anonymous @ Preventing misuses and misapprehensions of FireGloves

» 2016.06.12. 13:52:44, Dany_HackerVille @ Preventing misuses and misapprehensions of FireGloves

» 2014.08.29. 17:16:15, [anonymous] @ Preventing misuses and misapprehensions of FireGloves


4 results.

MyTrackingChoices: An attempt to end the AdBlock war

| | 2016.02.11. 05:18:33  Jagdish Achara  
In the last few years, as a result of the proliferation of intrusive and privacy-invading ads, the use of ad-blockers and anti-tracking tools have become widespread. As of the second quarter of this year, 16% of online Americans, about 45 million people, had installed ad-blocking software, according to PageFair 2015 report. Meanwhile, 77 millions Europeans are blocking ads. All this accounts globally for $21,8 billion worth of blocked ads. The Internet economy is in danger since ads fuel the free content and services over Internet.

As opposed to existing ad blockers that take a binary approach (i.e., block everything if you install them or block nothing otherwise), MyTrackingChoices aims to provide users fine-grained choices about tracking and thereby, categories of Web pages where they're ok or not to receive ads. MyTrackingChoices allows users to choose on which sites (more specifically, on which categories of sites) they want to block the trackers. For example, a user can choose to block the trackers and therefore, ads, on sites related to health or religion, but may choose not to block the trackers on sites related to sports or news.

We assume that a significant proportion of users are not against advertisements, but want to keep control over their data. We believe that some sites are more sensitive than others. In fact, most people don’t want to be tracked on “sensitive” websites (for example related to religion, health,…), but don’t see any problem to be tracked on less sensitive ones (such as news, sport,…). This extension allows you to take control and specify which on which categories of sites you don’t want to be tracked on! Furthermore, the extension also gives you the option to block the trackers on specific websites.

This solution is different from other anti-tracking tools in two ways. First, existing anti-tracking tools give users the option to decide by which entity they don't want to be tracked. However, we believe that most users are concerned with other dimension, i.e., where they don't want to be tracked. Also, this is easy for most users to understand and configure the categories of the websites that are sensitive to them instead of choosing what trackers they want to block. Therefore, we provide this option to users. Secondly, unlike other anti-tracking or ad-blocking tools, we don't block the network requests of all trackers right away because this has an effect on Internet economy. We let user choose the categories (health, religion) of Web-pages that are privacy-sensitive to them and block the trackers on those pages only. 

Tags: web bug, transparency-enhancing technologies, web tracking


0 comment(s).

LocationGuard and the anonymity paradox

| | 2015.12.21. 05:50:12  Gulyás Gábor  

Recently I've had the opportunity to meet Marco Stronati, one of the developers of LocationGuard. In case if this is the first time you hear about this plugin, LocationGuard offers remedy for location privacy in browsers. By default, you have two choices when a website asks your position: either you allow and provide your exact location, or deny (also likely to render the given service useless). This plugin allows you to provide answers in between, only revealing your location roughly, and what makes it even more interesting is that this is not just another home-brew PET, but they have some nice work behind the tool. Finally, it comes with nice default configuration, but setting it otherwise is quite simple and probably easy to use even for non-tech users.

You can also set it to report a fixed location – which is also the feature that motivated the current post. This could be quite useful, and as I know it from Marco, there are some people who use it with a custom place of their own choice (*). However, there is an interesting caveat using a fixed location for more privacy. Basically, the problem is that the world is huge, thus it is very likely that most users will set their fixed location differently. This also means that websites who can access this information can also easily track these users, e.g., just by storing the hash of location coordinates in a tracking cookie.

We call this phenomena the anonymity paradox. This unfortunately happens quite often, when someone is trying to use a privacy-enhancing solution in a unique setting. While this person might have anonymity in theory, but the uniqueness also allows linkability of her actions. This is why TOR developers highly discourage altering their browser, and also why some privacy-conscious users were more trackable in the Panopticlick experiment than others. To simply put, this is like visiting a bank office in a dark suit and wearing a ski mask. You will be anonymous for sure, but also easily trackable, as you'll likely find it out.

Bottom line: you should use the default fixed location, or consider using a custom fixed position until there is a fixed variaty of choices in LocationGuard. For example, as IP addresses reveal the country and city, I think country-level choices of fixed positions would be enough for most users. If you feel that is still too much, then you should use TOR Browser (when it gets fixed), and no LocationGuard. (As far as I know TOR Browser disables location requests by default.)

I am thankful to Luca Melis reviewing a draft version of this post.

This post originally appeared in the professional blog of Gábor Gulyás.

(*) Note: as they don't collect data, they don't have statistics on this. This is just from other forms of feedback.

Tags: location privacy, web tracking, tracking, location guard, anonymity paradox


0 comment(s).

Know the price of your privacy!

| | 2014.04.18. 05:48:57  Gulyás Gábor  

We have discussed in our previous posts that companies track their users and the traffic on their website. Also there are companies offering solutions to track visitors. So the question is how much would you charge for a list of all the sites you visited in the past two weeks?  At a first glance, this might seem  a simple question. We have some surprising data for you!

In recent years the majority of websites adopted a business model in which you get a seemingly free service, but in exchange you give up your privacy. The model works simply: while you enjoy surfing freely, you are also being monitored and profiled in order to get advertisements and prices tailored to your interests. For example Orbitz steered Mac users to pricier hotels, this can also happen with you in other contexts, according how the advertisers estimate your affordability.

Auctions, where you are the product

When you open a website which has advertisements slots, there is the chance that your browsing history will be sold at an auction for advertisers, and your device will be involved in a real-time bidding (RTB) procedure. Do you remember our question in the previous section?

Have you considered your price?

Well, just to help positioning yourself, it is estimated that most of us would trade our privacy only in exchange of 7 EURs on average. Sounds nice, right? Unfortunately, this is just an unreal dream: our browsing history is being sold typicallyfor less than 0.0005 USD, as French researchers revealed in their recent study.

Who is making business  and how?

When you open a website that has its incomes from advertisements (for instance, a slot on their site can invoke an auction. Next, an ad exchange (e.g., DoubleClick or Facebook) will offer bidders to propose a price for placing their advertisements. The ad exchange identifies you with a tracking cookie (on, and distributes your browsing history among bidders, who will then have a chance to merge it with what they already know about you (tracked with another cookie). Thereafter, bidders have all the information to consider a price tag for you, and the bidder offering the highest price gets the chance to display the actual advertisement. This is a well-designed system, right? Also note that even loosing parties get a copy of your browsing history.

Price-tag sensitivity

Olejnik created tools with his collaborators to detect RTB and analyze winner prices. It may be impossible to get a global overview, as in many cases the winner prices are encrypted. Their analysis is based on the rest. It turns out that different visitor properties steer prices significantly. Location is one of the strongest factors, e.g., a profile located in the US had a price of 0.00069 USD, much higher than others located in France (0.00036 USD) or in Japan (0.00024 USD). They also discovered, that profiles are worth more in the morning. For instance, in their investigation a US profile was worth 0.00075 USD in the morning  and 0.00062 USD in the evening. Not surprisingly, browsing history also altered prices significantly. New profiles with no records are worth the least, while others with interesting history of visiting webshops (e.g., jewelry site) are worth more.

What can I do about this?

Using ad-blocks is only a partial solution. Use web bug killer instead. Web bugs are small programs advertisers use to detect user presence and to monitor activities. If you are a Firefox or a Ghostery user, you could use for instance Ghostery.

This post originally appeared in the Tresorit Blog.

Tags: privacy, web tracking, price


0 comment(s).

Tracking users on the web – reaching your devices and beyond

| | 2013.09.30. 05:41:17  Gulyás Gábor  

What are cookies, and why do marketers need them?

In the last ten years online advertising has grown tremendously, especially personalized advertisements concerning user behavior, called behavioral advertising. According to the estimation of the Interactive Adtvertising Bureau just in the United States internet advertising revenues reached $36.6 billion in 2012. In parallel, a myriad of techniques emerged allowing to detect the identity of surfing webizens in order to profile their preferences and interests. The simplest and yet most widespread identification method uses web bugs and tracking cookies, when a tracker service places unnoticeable small detectors on several websites allowing him to store and read identifiers from the computers of the visitors. Application of cookies allows servers to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one visit to the website to the next.

Owing to the large scale deployment of web bugs, user consciousness has also risen: many users set their browsers to reject cookies or quickly extinguish them. Other trends like the expansion of smart phones phones, which are taking an increasing part of the Web usage, also caused problem for marketers, since smart phones do not use cookies.

Digital fingerprints – emergence of technology in tracking

These changes are forcing trackers to develop novel techniques, such as fingerprinting, i.e. when characteristic attributes are used for identification rather than storing identifiers on user-side. In the academic era, the Panopticlick project was the first in 2010 to show that by using Flash or Java plugins browsers can be precisely fingerprinted. Later in 2011, Hungarian researchers pointed out that plugins are not even necessary for tracking, as font list can be detected from the browser directly, and the list is browser-independent for both Windows and Mac OSes (you can test the underlying principles on your own computers).

The tracking market also went along a similar direction quite rapidly. In the beginning of 2012, one of the leading fingerprint-based trackers advertised itself for the European market with device fingerprinting, emphasizing that their method is compatible with local law making the use of tracking cookies difficult (as it doesn’t need cookies at all). Today, leading fingerprinting companies offer services that go even beyond device fingerprinting: they recognize and connect devices that are likely to belong the same person, such as smart phones, tablets and laptops.

A recent paper that appeared at the IEEE Symposium on Security & Privacy reveals more details on the penetration and functionality of these companies. One of the most interesting finding is a rather low utilization rate on top sites, namely 0.4% in the Alexa top 10,000. However, the authors still found thousands of less relevant sites utilizing fingerprinting techniques, from which most were categorized as malicious, or spam (though one could expect regular business sites to do so).

Regarding their functionality, they found that tracker services use Flash and JavaScript for font detection, plus use Flash for additional tasks, such as obtaining system information, multi-screen resolution, or even for circumventing proxy protection in order to reveal the real IP address of the visitor. Some trackers go even further, using custom DLLs to gather more information from the registry (being a bit spyware-like), while others encrypt client identifiers to put themselves into a central, unavoidable position.

Future of fingerprinting

While fingerprinting is not widely adopted yet, and serious development is missing for protective technologies, the cat-and-mouse game seems to have begun in the area: tracking companies will likely outrun protective technologies as they get to the current level of the state-of-the-art fingerprinting techniques. Researchers predict that in the near future a shift is expected from the tech-based fingerprinting to biometric fingerprinting, opening new challenges for the privacy-enhancing research community.

This post originally appeared in the Tresorit Blog.

Tags: fingerprint, web tracking, tracking cookie


0 comment(s).

© International PET Portal, 2010 | Imprint | Terms of Use | Privacy Policy