Cookies and Web browser design: toward realizing informed consent online
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Automated analysis of P3P-enabled Web sites
ICEC '03 Proceedings of the 5th international conference on Electronic commerce
Privacy and Rationality in Individual Decision Making
IEEE Security and Privacy
Improving understanding of website privacy policies with fine-grained policy anchors
WWW '05 Proceedings of the 14th international conference on World Wide Web
Stopping spyware at the gate: a user study of privacy, notice and spyware
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Undo for operators: building an undoable e-mail store
ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
Dos and don'ts of client authentication on the web
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Detecting web bugs with bugnosis: privacy advocacy through education
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Protecting privacy with protocol stack virtualization
Proceedings of the 7th ACM workshop on Privacy in the electronic society
Alhambra: a system for creating, enforcing, and testing browser security policies
Proceedings of the 19th international conference on World wide web
An automatic HTTP cookie management system
Computer Networks: The International Journal of Computer and Telecommunications Networking
An analysis of private browsing modes in modern browsers
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Fortifying web-based applications automatically
Proceedings of the 18th ACM conference on Computer and communications security
Sherlock holmes' evil twin: on the impact of global inference for online privacy
Proceedings of the 2011 workshop on New security paradigms workshop
Short paper: enhancing users' comprehension of android permissions
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Hi-index | 0.00 |
We introduce Doppelganger, a novel system for creating and enforcing fine-grained, privacy preserving browser cookie policies with low manual effort. Browser cookies pose privacy risks, since they can be used to track users' actions in detail, but some cookies also enable useful functionality, like personalization features. Web browsers currently lack an effective cookie management mechanism. Users must choose between two unpalatable options: a permissive, privacy-compromising policy for every site they visit, or a seemingly endless series of questions to which they must supply underinformed opinions. Doppelganger takes a big step forward: it makes automated determinations of cookies' value to enable a cost-benefit analysis, and offers an automated recovery system when that mechanism---or the user---makes an incorrect judgment. Doppelganger leverages client-side parallelism to automatically and simultaneously explore multiple cookie policies, enabling each user to create her ideal cookie policy. We tackle important and difficult subproblems along the way: mechanisms for recording and replaying web sessions; improved handling of third-party cookies; and enforcing fine-grained, per-site cookie mediation. We implemented Doppelganger as a Firefox extension; we discuss experimental results comparing it to various browser settings, as well as lessons learned from the real-world engineering challenges we faced in our implementation.