privacy analysis for the casual user through bugnosis david martin [email protected] joint work with...

17
July 8, 2004 2 What are E-mail and the Web “like”? Postal mail Cable TV Library Telephone Newspaper Video game They’re found in an office They’re found in a room at home

Upload: gerard-lester

Post on 17-Dec-2015

215 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 2

What are E-mail and the Web “like”?

Postal mail

Cable TV

Library

Telephone

Newspaper

Video game

They’re found in an office

They’re found in a room at home

Page 2: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 3

Overarching Goal

Help align user privacy expectations with reality

The obvious tactics: Teach the users what it’s really like out

there, orTransform the wilderness into what it

should be

Page 3: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 4

Web tracking summary

Request & receive main HTML page

ual.com

doubleclick.net(3rd party)

dm.cs.uml.eduRequest & receive embedded element(such as an image)while reporting referrer information

Page 4: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 5

Cookie sharingthreat

A 3rd party content provider could track a user across all sites served by it (usually via an identifying cookie) Some indications of interest in doing

this from Internet advertising folks Threat led to fierce opt-in/opt-out

debates and lots of cookie-management software

And P3P, naturally

ual.combuy.comberklee.edu

Page 5: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 6

Web bugs

A bug is a hidden eavesdropping device

Vague definition: A Web bug is an HTML element that is present for surveillance purposes, and is intended to go unnoticed by users

Page 6: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 7

Our definition

A Bugnosis Web bug: is an image is too small to see (<= 7 square pixels) is third party to the main page (approx. RFC2965) has a third party cookie only appears once on page

Some other characteristics are used for secondary sorting purposes

Page 7: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 8

Getting the word out

We knew there were a lot of Web bugs out there (from direct HTML inspection, and a later quantitative study)

Web bugs vs cookie sharing threat: Web bugs harder to thoroughly explain But have an easier take-home message: “This is

evidence that someone is intentionally noting your visit”

Still very hard to identify purpose of tracking

Page 8: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 9

Bugnosis: the tool

Most important user interface decision: the audience would be journalistsSo we needed: easy install/uninstall reasonable default behavior zero configuration attention-grabbing runtime a bit of gobbledygook is OK

Didn’t need: web bug blocking behavior browser support other than Internet Explorer

Page 9: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 10

Bugnosis demoAltace for cardiovascular risksMSNBC Cybercrime article use of JavaScript; latitude & longitude

Google search: “best music portsmouth NH” referrer

Mycomputer.com's privacy policy full probe, old junk in cookie, https

NY Times Movies pages thrilling cookie

Page 10: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 11

Bugnosis details

Proxy model(not used in Bugnosis)

LocalProxy

<h1>United</h1> <img src=“…” width=1 height=1> …

<h1>United</h1> <img src=“…” width=1 height=1> …

www.ual.com

Page 11: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 12

Bugnosis details

Document Object Model /Browser Helper Object

BHO

<h1>United</h1> <img src=“…”> …

width = document.imgs[0].width…document.imgs[0].src = “bug.gif”…

DocumentComplete…

www.ual.com

Page 12: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 13

Bugnosis details

Advantages of BHO over proxy: accuracy– no need to reparse HTML image attributes– healthologysensing in spite of SSL encryption

Disadvantages: tightly coded to browser interactive

Page 13: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 14

Successes and Failures

Success: graphic identity gave it a legitimacy that’s otherwise unobtainableSuccess: sufficiently in-your-faceSuccess: ability to remotely white-list sitesFailure before Success: original “drive-by” ActiveX installationFailure: no P3P integrationFailure: insufficient tech support structureFailure: no HTML email support

Page 14: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 15

Bugnosis for Email

Web bugs in email – they know who you are! Thoroughly breaks expectations

Trend is clearly away from 3rd party image support in HTML email readers Yet in past 12 months we’ve seen Web bugs in

emails from Pfizer, Proctor & Gamble, Roche, Orthobiotech, RJ Reynolds, GlaxoSmithKline, Experian (for Pernod Ricard)

Page 15: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 16

Conclusion

Designing for journalists meant designing for the masses

Get Bugnosis from www.bugnosis.org (Windows IE only)

BTW, 3 spots in my car

Page 16: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 17

Quantifying the amount of tracking

The FTC samples: from 2000 report “Privacy Online”Of 91 “popular” sites, 84 remained in 2001Of 335 “random” (consumer-oriented)

sites, 298 remained

Searched 100 pages on each site for Web bugs <= 4 clicks from home

Page 17: Privacy Analysis for the Casual User through Bugnosis David Martin dm@cs.uml.edu Joint work with Adil Alsaid Funded by Privacy Foundation

July 8, 2004 18

Results

Popular sample:84 sites: 58% contained >= 1 bug

29% of sites with bugs did not disclose them7,507 pages: 10% contained >=1 bug

Random sample:298 sites: 36% contained >=1 bug25,263 pages: 10% contained >=1 bug