Privacy Analysis for the Casual User through Bugnosis - PowerPoint PPT Presentation

About This Presentation
Title:

Privacy Analysis for the Casual User through Bugnosis

Description:

They're found in a room at home. July 8, 2004. 3. Overarching Goal ... United /h1 img src='...' width=1 height=1 ... h1 United /h1 img src='...' width=1 ... – PowerPoint PPT presentation

Number of Views:73
Avg rating:3.0/5.0
Slides: 18
Provided by: davidm45
Category:

less

Transcript and Presenter's Notes

Title: Privacy Analysis for the Casual User through Bugnosis


1
Privacy Analysis for the Casual User through
Bugnosis
  • David Martindm_at_cs.uml.eduJoint work with Adil
    Alsaid Funded by Privacy Foundation

2
What are E-mail and the Web like?
  • Postal mail
  • Cable TV
  • Library
  • Telephone
  • Newspaper
  • Video game
  • Theyre found in an office
  • Theyre found in a room at home

3
Overarching Goal
  • Help align user privacy expectations with reality
  • The obvious tactics
  • Teach the users what its really like out there,
    or
  • Transform the wilderness into what it should be

4
Web tracking summary
ual.com
Request receive main HTML page
Request receive embedded element(such as an
image)while reporting referrer information
dm.cs.uml.edu
doubleclick.net(3rd party)
5
Cookie sharingthreat
ual.com
buy.com
berklee.edu
  • A 3rd party content provider could track a user
    across all sites served by it (usually via an
    identifying cookie)
  • Some indications of interest in doing this from
    Internet advertising folks
  • Threat led to fierce opt-in/opt-out debates and
    lots of cookie-management software
  • And P3P, naturally

6
Web bugs
  • A bug is a hidden eavesdropping device
  • Vague definition A Web bug is an HTML element
    that is
  • present for surveillance purposes,
  • and is intended to go unnoticed by users

7
Our definition
  • A Bugnosis Web bug
  • is an image
  • is too small to see (
  • is third party to the main page (approx. RFC2965)
  • has a third party cookie
  • only appears once on page
  • Some other characteristics are used for secondary
    sorting purposes

8
Getting the word out
  • We knew there were a lot of Web bugs out there
    (from direct HTML inspection, and a later
    quantitative study)
  • Web bugs vs cookie sharing threat
  • Web bugs harder to thoroughly explain
  • But have an easier take-home message This is
    evidence that someone is intentionally noting
    your visit
  • Still very hard to identify purpose of tracking

9
Bugnosis the tool
  • Most important user interface decision the
    audience would be journalists
  • So we needed
  • easy install/uninstall
  • reasonable default behavior
  • zero configuration
  • attention-grabbing runtime
  • a bit of gobbledygook is OK
  • Didnt need
  • web bug blocking behavior
  • browser support other than Internet Explorer

10
Bugnosis demo
  • Altace for cardiovascular risks
  • MSNBC Cybercrime article
  • use of JavaScript latitude longitude
  • Google search best music portsmouth NH
  • referrer
  • Mycomputer.com's privacy policy
  • full probe, old junk in cookie, https
  • NY Times Movies pages
  • thrilling cookie

11
Bugnosis details
  • Proxy model(not used in Bugnosis)

www.ual.com
United
LocalProxy
United
12
Bugnosis details
  • Document Object Model /Browser Helper Object

United
DocumentComplete
www.ual.com
width document.imgs0.widthdocument.imgs0.
src bug.gif
BHO
13
Bugnosis details
  • Advantages of BHO over proxy
  • accuracy no need to reparse HTML
  • image attributes healthology
  • sensing in spite of SSL encryption
  • Disadvantages
  • tightly coded to browser
  • interactive

14
Successes and Failures
  • Success graphic identity gave it a legitimacy
    thats otherwise unobtainable
  • Success sufficiently in-your-face
  • Success ability to remotely white-list sites
  • Failure before Success original drive-by
    ActiveX installation
  • Failure no P3P integration
  • Failure insufficient tech support structure
  • Failure no HTML email support

15
Bugnosis for Email
  • Web bugs in email they know who you are!
  • Thoroughly breaks expectations
  • Trend is clearly away from 3rd party image
    support in HTML email readers
  • Yet in past 12 months weve seen Web bugs in
    emails from Pfizer, Proctor Gamble, Roche,
    Orthobiotech, RJ Reynolds, GlaxoSmithKline,
    Experian (for Pernod Ricard)

16
Conclusion
  • Designing for journalists meant designing for the
    masses
  • Get Bugnosis from www.bugnosis.org (Windows IE
    only)
  • BTW, 3 spots in my car

17
Quantifying the amount of tracking
  • The FTC samples from 2000 report Privacy
    Online
  • Of 91 popular sites, 84 remained in 2001
  • Of 335 random (consumer-oriented) sites, 298
    remained
  • Searched 100 pages on each site for Web bugs clicks from home

18
Results
  • Popular sample
  • 84 sites 58 contained 1 bug
  • 29 of sites with bugs did not disclose them
  • 7,507 pages 10 contained 1 bug
  • Random sample
  • 298 sites 36 contained 1 bug
  • 25,263 pages 10 contained 1 bug
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Privacy Analysis for the Casual User through Bugnosis" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!