reverse engineering online tracking
play

Reverse-engineering Online Tracking From niche research field to - PowerPoint PPT Presentation

Jul 12, 2023 •246 likes •752 views

Reverse-engineering Online Tracking From niche research field to easy-to-use tool Steven Englehardt webtap.princeton.edu Source: Mayer & Mitchell; Third-Party Web Tracking: Policy and Technology Evercookies Respawn cookies using

  1. Reverse-engineering Online Tracking From niche research field to easy-to-use tool Steven Englehardt webtap.princeton.edu

  2. Source: Mayer & Mitchell; Third-Party Web Tracking: Policy and Technology

  4. Evercookies Respawn cookies using alternative locations ○ Flash cookies, HTML5 localStorage, ETags, etc.

  5. If you’re going to track me, please use cookies Ed Felten July 7th, 2009 freedom-to-tinker.com https://freedom-to-tinker.com/blog/felten/if-youre-going-track-me-please-use-cookies/

  7. Canvas Fingerprinting

  8. 2009 If you’re going to track me, please use cookies

  9. 2009 If you’re going to track me, please use cookies 2010 If you’re going to track me, please use browser storage

  11. ?

  16. 2009 If you’re going to track me, please use cookies 2010 If you’re going to track me, please use browser storage

  17. 2009 If you’re going to track me, please use cookies 2010 If you’re going to track me, please use browser storage 2015 If you’re going to track me, please limit it to one device

  18. 2015 If you’re going to track me, please limit it to one device 2020 ? If you’re going to track me, please ___________________

  19. Measurement can help!

  21. Web measurement hurdles 1. Engineering Debt

  23. Many Studies, Many Platforms ● Automation: ○ 7 used Selenium (Full browser) ○ 4 used PhantomJS/CapsperJS (Headless webkit) ● Instrumentation ○ 5 used FourthParty ○ 9 used a Proxy

  24. Many Studies, Many Platforms ● Automation: ○ 7 used Selenium (Full browser) ○ 4 used PhantomJS/CapsperJS (Headless webkit) ● Instrumentation ○ 5 used FourthParty ○ 9 used a Proxy FourthParty is the only shared code

  25. Web measurement hurdles 1. Engineering Debt 2. Lasting Impact

  26. Canvas Fingerprinting in May 2014 ● Acar, et.al (2014) ● 5% of Top 100k The Web Never Forgets: Persistent Tracking Mechanisms in the Wild. Acar, et.al.

  27. Canvas Fingerprinting in May 2014 ● Acar, et.al (2014) ● 5% of Top 100k The Web Never Forgets: Persistent Tracking Mechanisms in the Wild. Acar, et.al.

  28. Canvas Fingerprinting in October 2015 Over 100 first-party domains on the Top 100k

  29. Canvas Fingerprinting in October 2015 Over 100 first-party domains on the Top 100k The Web Never Forgets: Persistent Tracking Mechanisms in the Wild. Acar, et.al.

  30. Overcoming these hurdles: 1. A Common Platform 2. A Web Privacy Census

  31. OpenWPM

  32. OpenWPM Web

  33. OpenWPM Web

  34. OpenWPM Web

  35. OpenWPM Browser Instance Web

  37. OpenWPM ● Supports browsing with persistent state ○ Browser keeps profile through crashes and freezes. ● Real Browser ○ Extensions ○ Privacy Features ○ WebRTC, Audio, Video, WebGL ● Stable

  38. A Web Privacy Census Monthly 1 Million Site Crawl

  39. A Web Privacy Census Monthly 1 Million Site Crawl ● Javascript Calls ● All javascript files Collecting: ● HTTP Requests and Responses ● Storage (cookies, Flash, etc)

  40. Targeted Crawls Type Use Stateful ● ID Cookies ● Cookie ● Respawning syncing Stateless ● Ghostery ● AdBlock Plus ● HTTPS Everywhere

  41. A Web Privacy Census 1. Measure how effective tools are 2. Quickly deploy new measurements 3. Release data and analysis monthly

  42. Detecting WebRTC Local IP Sniffing

  43. 1. I saw a tweet that nytimes.com is IP sniffing

  44. 2. I added code to JS Instrumentation for next crawl // Access to webRTC instrumentPrototype(window.mozRTCPeerConnection.prototype, "mozRTCPeerConnection");

  45. 3. I wrote some analysis code ● Grab all urls that execute ○ mozRTCPeerConnection.onicecandidate ○ mozRTCPeerConnection.createDataChannel ○ mozRTCPeerConnection.createOffer ● Check JS Files to confirm

  46. 4. Results (October 2015) ● 121 first-party sites ○ 29 in the top 10k ● 24 unique scripts ● Only 1 of which is blocked by EasyList/EasyPrivacy

  47. With regular measurement we can: 1. Inform the public 2. Build block lists 3. Change the incentives

  48. 2020 If you’re going to track me, ___________________

  49. 2020 If you’re going to track me, ___________________ I’ll know!

  50. Help us make the web more private! ● Contribute? ○ github.com/citp/OpenWPM ● Collaborate? ○ webtap.princeton.edu Image Assets from the Noun Project: Microphone by Pavel N.; Megaphone by Piero Borgo; Smartphone by Aaron K. Kim; desktop computer and Databas by Creative Stall; link by Hash Basheer; Spider Bot by Siwat Vatatiyaporn; Browser by Dirtyworks; programmer by Hadi Davodpour

Recommend

Reverse Engineering CS 166 Armen Boursalian 30 Apr 2018 Reverse Engineering Take a

Reverse Engineering CS 166 Armen Boursalian 30 Apr 2018 Reverse Engineering Take a

Reverse Engineering CS 166 Armen Boursalian 30 Apr 2018 Reverse Engineering Take a product, understand how it works Usually limited to certain aspects, not full systems Need to know a little bit about a lot of topics to gain

636 views • 11 slides
Tracking by learning Arnold W.M. Smeulders Tracking Online tracking is to determine the location

Tracking by learning Arnold W.M. Smeulders Tracking Online tracking is to determine the location

Tracking by learning Arnold W.M. Smeulders Tracking Online tracking is to determine the location of one target in video starting from a bounding box in the first frame. When conceived as an instant learning problem, the task is to discriminate

651 views • 39 slides
Chava: Reverse Engineering and Tracking of Java Applets Jeffrey Korn Yih-Farn Chen Eleftherios

Chava: Reverse Engineering and Tracking of Java Applets Jeffrey Korn Yih-Farn Chen Eleftherios

Chava: Reverse Engineering and Tracking of Java Applets Jeffrey Korn Yih-Farn Chen Eleftherios Koutsofios Princeton University AT&T Labs - Research AT&T Labs - Research Dept. of Computer Science 180 Park Avenue 180 Park Avenue

568 views • 12 slides
Reverse Engineering TCP/ IP Reverse Engineering TCP/ IP Steven Low EAS, Caltech Joint work

Reverse Engineering TCP/ IP Reverse Engineering TCP/ IP Steven Low EAS, Caltech Joint work

Reverse Engineering TCP/ IP Reverse Engineering TCP/ IP Steven Low EAS, Caltech Joint work with: Li J W Li, J. Wang, Pongsajapan, Tan, Tang, M. Wang P j T T M W Outline Background Layering as optimization decomposition L

932 views • 47 slides
Next-Generation Debuggers For Reverse Engineering For Reverse Engineering The ERESI team

Next-Generation Debuggers For Reverse Engineering For Reverse Engineering The ERESI team

Next-Generation Debuggers For Reverse Engineering For Reverse Engineering The ERESI team eresi@asgardlabs.org This presentation is about .. The Embedded ERESI debugger : e2dbg The Embedded ERESI tracer : etrace The ERESI reverse

849 views • 47 slides
CS 166: Information Security Reverse Engineering & Digital Rights Management Prof. Tom

CS 166: Information Security Reverse Engineering & Digital Rights Management Prof. Tom

CS 166: Information Security Reverse Engineering & Digital Rights Management Prof. Tom Austin San Jos State University SRE Software Reverse Engineering Also known as Reverse Code Engineering (RCE) Or simply reversing

1.04k views • 80 slides
Reverse Social Engineering Attacks in Online Social Networks Danesh Irani, Marco Balduzzi Davide

Reverse Social Engineering Attacks in Online Social Networks Danesh Irani, Marco Balduzzi Davide

Reverse Social Engineering Attacks in Online Social Networks Danesh Irani, Marco Balduzzi Davide Balzarotti, Engin Kirda, Calton Pu Motivations Social Networks have experienced a huge surge in popularity Facebook has more than 500

336 views • 20 slides
How Tracking Companies Circumvented Ad Blockers Using WebSockets Muhammad Ahmad Bashir, Sajjad

How Tracking Companies Circumvented Ad Blockers Using WebSockets Muhammad Ahmad Bashir, Sajjad

How Tracking Companies Circumvented Ad Blockers Using WebSockets Muhammad Ahmad Bashir, Sajjad Arshad, Engin Kirda, William Robertson, Christo Wilson Northeastern University Online Tracking 2 Online Tracking Surge in online

1.11k views • 80 slides
Reverse Engineering MAC: A Non-Cooperative Game Model Jianwei Huang Information Engineering The

Reverse Engineering MAC: A Non-Cooperative Game Model Jianwei Huang Information Engineering The

Reverse Engineering MAC: A Non-Cooperative Game Model Jianwei Huang Information Engineering The Chinese University of Hong Kong Joint work with J.-W. Lee, A. Tang, M. Chiang and A. R. Canderbank J. Huang (CUHK) Reverse Engineering MAC Nov.

605 views • 38 slides
VALSE VA ON ONLINE Tr Tracking Mu Multiple Ob Objects in in Im Image Se Sequences

VALSE VA ON ONLINE Tr Tracking Mu Multiple Ob Objects in in Im Image Se Sequences

VALSE VA ON ONLINE Tr Tracking Mu Multiple Ob Objects in in Im Image Se Sequences Xinchao Wang June, 2018 2 MOT Overview Tracking by Definition Challenges Detection Handling Challenges Interactions Occlusions Motions Online

1.22k views • 60 slides
OSN Mood Tracking : Exploring the Use of Online Social Network Activity as an Indicator of Mood

OSN Mood Tracking : Exploring the Use of Online Social Network Activity as an Indicator of Mood

OSN Mood Tracking : Exploring the Use of Online Social Network Activity as an Indicator of Mood Changes James Alexander Lee School of Engineering and Digital Arts Dr Christos Efstratiou University of Kent Dr Lu Bai United Kingdom { jal42 ,

646 views • 26 slides
Reverse Engineering Closed, heterogeneous platforms and the defenders dilemma Looking back at

Reverse Engineering Closed, heterogeneous platforms and the defenders dilemma Looking back at

Reverse Engineering Closed, heterogeneous platforms and the defenders dilemma Looking back at the last 20 years of RE and looking ahead at the next few SSTIC 2018 -- Thomas Dullien (Halvar Flake) Progress in Reverse Engineering 2010

941 views • 64 slides
Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin SnT, University of Luxembourg April 25, 2017 PhD Defence Introduction On S-Box Reverse-Engineering On Lightweight Cryptography Conclusion

1.76k views • 137 slides
How online tracking works Lorrie Faith Cranor Chief Technologist US Federal Trade

How online tracking works Lorrie Faith Cranor Chief Technologist US Federal Trade

The Future of Advertising & Privacy How online tracking works Lorrie Faith Cranor Chief Technologist US Federal Trade Commission 1 Agenda Types of ads Web tracking with cookies Web tracking beyond cookies Tracking

1.43k views • 118 slides
Reverse engineering basics @KirilsSolovjovs on twitter Mg.sc.comp. Kirils Solovjovs

Reverse engineering basics @KirilsSolovjovs on twitter Mg.sc.comp. Kirils Solovjovs

Reverse engineering basics @KirilsSolovjovs on twitter Mg.sc.comp. Kirils Solovjovs http://kirils.org for more Possible Security Reverse engineering? www.indiamart.com Contents Hardware architecture Processors and machine language

536 views • 25 slides
Inter Internet monitoring net monitoring and web tracking and web tracking Engineering &

Inter Internet monitoring net monitoring and web tracking and web tracking Engineering &

CyLab Inter Internet monitoring net monitoring and web tracking and web tracking Engineering & Public Policy Lorrie Faith Cranor September 30, 2014 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533

440 views • 42 slides
Understanding human speech recognition: Reverse-engineering the engineering solution using

Understanding human speech recognition: Reverse-engineering the engineering solution using

Cai Wingfield CSLB, Department of Psychology Workshop on Neurocomputation: From Brains to Machines University of Cambridge 25 November 2015 Understanding human speech recognition: Reverse-engineering the engineering solution using EMEG

196 views • 18 slides
Thrifty Tracking Online GPS Tracking with Low Data Uplink Usage James Biagioni, A.B.M. Musa and

Thrifty Tracking Online GPS Tracking with Low Data Uplink Usage James Biagioni, A.B.M. Musa and

Thrifty Tracking Online GPS Tracking with Low Data Uplink Usage James Biagioni, A.B.M. Musa and Jakob Eriksson Online GPS Tracking slide 2 slide 3 slide 4 slide 5 slide 6 Our focus is on the uplink slide 7 slide 8 Extrapolation slide

1.05k views • 19 slides
Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software

Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software

Reverse Engineering CAPTCHAs WCRE 2008 Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software Architecture Group David R. Cheriton School of Computer Science University of Waterloo Canada

726 views • 57 slides
Reverse engineering AT32UC3As JTAG Introduction Overview LSE Summer Week 2014 TAP

Reverse engineering AT32UC3As JTAG Introduction Overview LSE Summer Week 2014 TAP

Reverse engineering AT32UC3As JTAG Pierre Surply Reverse engineering AT32UC3As JTAG Introduction Overview LSE Summer Week 2014 TAP Controller Scan Chain Pierre Surply Boundary Scan UC3 JTAG EPITA 2016 Reverse engineering Jul

968 views • 72 slides
Reverse Engineering Dr. Vadim Zaytsev aka @grammarware UvA, MSc SE, 9 November 2015 Roadmap

Reverse Engineering Dr. Vadim Zaytsev aka @grammarware UvA, MSc SE, 9 November 2015 Roadmap

Reverse Engineering Dr. Vadim Zaytsev aka @grammarware UvA, MSc SE, 9 November 2015 Roadmap W44 Introduction V.Zaytsev W45 Metaprogramming J.Vinju W46 Reverse Engineering V.Zaytsev W47 Software Analytics M.Bruntink W48 Clone

751 views • 31 slides
Reverse Engineering DSP Code GameCube DSP Analyzing GCN DSP code Pierre Bourdon Conclusion

Reverse Engineering DSP Code GameCube DSP Analyzing GCN DSP code Pierre Bourdon Conclusion

Reverse Engineering DSP Code Pierre Bourdon Introduction DSP Reverse Engineering DSP Code GameCube DSP Analyzing GCN DSP code Pierre Bourdon Conclusion delroth@lse.epita.fr http://lse.epita.fr February 12, 2013 Context Reverse

856 views • 18 slides
Introduction .NET Reverse Engineering Eric DePree Introduction to .NET Programs written for

Introduction .NET Reverse Engineering Eric DePree Introduction to .NET Programs written for

Introduction .NET Reverse Engineering Eric DePree Introduction to .NET Programs written for .NET are easy to reverse engineer. This is not in any way a fault in the design of .NET; it is simply a reality of modern, intermediate-compiled

132 views • 10 slides
Explaining the Boom-Bust Cycle in the U.S. Housing Market: A Reverse-Engineering Approach

Explaining the Boom-Bust Cycle in the U.S. Housing Market: A Reverse-Engineering Approach

Overview Evidence Model Calibration Quantitative Results Reverse Engineered Shocks Conclusion Extras Explaining the Boom-Bust Cycle in the U.S. Housing Market: A Reverse-Engineering Approach Paolo Gelain Kevin J. Lansing Gisle J.

717 views • 50 slides

More recommend