privacy analysis for the casual user through bugnosis david martin [email protected] joint work with...
TRANSCRIPT
July 8, 2004 2
What are E-mail and the Web “like”?
Postal mail
Cable TV
Library
Telephone
Newspaper
Video game
They’re found in an office
They’re found in a room at home
July 8, 2004 3
Overarching Goal
Help align user privacy expectations with reality
The obvious tactics: Teach the users what it’s really like out
there, orTransform the wilderness into what it
should be
July 8, 2004 4
Web tracking summary
Request & receive main HTML page
ual.com
doubleclick.net(3rd party)
dm.cs.uml.eduRequest & receive embedded element(such as an image)while reporting referrer information
July 8, 2004 5
Cookie sharingthreat
A 3rd party content provider could track a user across all sites served by it (usually via an identifying cookie) Some indications of interest in doing
this from Internet advertising folks Threat led to fierce opt-in/opt-out
debates and lots of cookie-management software
And P3P, naturally
ual.combuy.comberklee.edu
July 8, 2004 6
Web bugs
A bug is a hidden eavesdropping device
Vague definition: A Web bug is an HTML element that is present for surveillance purposes, and is intended to go unnoticed by users
July 8, 2004 7
Our definition
A Bugnosis Web bug: is an image is too small to see (<= 7 square pixels) is third party to the main page (approx. RFC2965) has a third party cookie only appears once on page
Some other characteristics are used for secondary sorting purposes
July 8, 2004 8
Getting the word out
We knew there were a lot of Web bugs out there (from direct HTML inspection, and a later quantitative study)
Web bugs vs cookie sharing threat: Web bugs harder to thoroughly explain But have an easier take-home message: “This is
evidence that someone is intentionally noting your visit”
Still very hard to identify purpose of tracking
July 8, 2004 9
Bugnosis: the tool
Most important user interface decision: the audience would be journalistsSo we needed: easy install/uninstall reasonable default behavior zero configuration attention-grabbing runtime a bit of gobbledygook is OK
Didn’t need: web bug blocking behavior browser support other than Internet Explorer
July 8, 2004 10
Bugnosis demoAltace for cardiovascular risksMSNBC Cybercrime article use of JavaScript; latitude & longitude
Google search: “best music portsmouth NH” referrer
Mycomputer.com's privacy policy full probe, old junk in cookie, https
NY Times Movies pages thrilling cookie
July 8, 2004 11
Bugnosis details
Proxy model(not used in Bugnosis)
LocalProxy
<h1>United</h1> <img src=“…” width=1 height=1> …
<h1>United</h1> <img src=“…” width=1 height=1> …
www.ual.com
July 8, 2004 12
Bugnosis details
Document Object Model /Browser Helper Object
BHO
<h1>United</h1> <img src=“…”> …
width = document.imgs[0].width…document.imgs[0].src = “bug.gif”…
DocumentComplete…
www.ual.com
July 8, 2004 13
Bugnosis details
Advantages of BHO over proxy: accuracy– no need to reparse HTML image attributes– healthologysensing in spite of SSL encryption
Disadvantages: tightly coded to browser interactive
July 8, 2004 14
Successes and Failures
Success: graphic identity gave it a legitimacy that’s otherwise unobtainableSuccess: sufficiently in-your-faceSuccess: ability to remotely white-list sitesFailure before Success: original “drive-by” ActiveX installationFailure: no P3P integrationFailure: insufficient tech support structureFailure: no HTML email support
July 8, 2004 15
Bugnosis for Email
Web bugs in email – they know who you are! Thoroughly breaks expectations
Trend is clearly away from 3rd party image support in HTML email readers Yet in past 12 months we’ve seen Web bugs in
emails from Pfizer, Proctor & Gamble, Roche, Orthobiotech, RJ Reynolds, GlaxoSmithKline, Experian (for Pernod Ricard)
July 8, 2004 16
Conclusion
Designing for journalists meant designing for the masses
Get Bugnosis from www.bugnosis.org (Windows IE only)
BTW, 3 spots in my car
July 8, 2004 17
Quantifying the amount of tracking
The FTC samples: from 2000 report “Privacy Online”Of 91 “popular” sites, 84 remained in 2001Of 335 “random” (consumer-oriented)
sites, 298 remained
Searched 100 pages on each site for Web bugs <= 4 clicks from home
July 8, 2004 18
Results
Popular sample:84 sites: 58% contained >= 1 bug
29% of sites with bugs did not disclose them7,507 pages: 10% contained >=1 bug
Random sample:298 sites: 36% contained >=1 bug25,263 pages: 10% contained >=1 bug