Professional Documents
Culture Documents
3
Direct Sharing
4
5
• Billions of web users surf the web daily
• Some websites have billions of user accounts
User
CS6290: Privacy Enhancing Technologies 12
Third Party Cookies
Facebook, Google, etc. know much more about you than actual website does
because they can track you across websites.
13
How websites profit?
• Subscription-based paid membership?
• Paywall, e.g., NY Times, Wall Street Journal
• Can be easily bypassed, though
• Substack, Patreon, Linkedin premium
• Limited impact…
• Can also be bypassed by bots
CPM = Cost
Per • Impression: user just
thousand sees the ad.
impressions
Ad Ad
Ad company
can get your
name and
address from
CD order and
link them to
Search Service your search CD Store
CS6290: Privacy Enhancing Technologies 17
CS6290: Privacy Enhancing Technologies
Behavioral Targeting: A Walk-through
Ad network
Advertisers
Publishers
End
3:17pm ElizabethWarren.com
https://www.nytimes.com/interactive/2019/08/23/opinion/data-internet-privacy-tracking.html
“It was not necessary for me to click on the banner ads for information to
be sent to DoubleClick servers.”
– Richard M. Smith
32
“Do Not Track”
(DNT) header
• The companies “promise”
not to use the information
for advertising purposes
• Websites and may
either honor or ignore
DNT requests
• Hard to verify misuse
36
Counter-countermeasure (!)
By Trackers
• Counter-countermeasure: cookie-less tracking
• Browser (device) fingerprinting
Windows OS X
Reveals:
• Operating system family
• Browser family (except
Linux Chrome, Safari on OS X)
• Installed fonts
• Font smoothing
parameters
The process by which two different trackers link the IDs they’ve
given to the same user
After Brexit…
CS6290: Privacy Enhancing Technologies 91
The Game Changer?
• It have positive impacts
• Giant companies have to be careful now, otherwise they will receive huge
fines…
• Comes with browser. Also used for protecting email. It just works, without you having to
configure anything. Protects contents of communication from passive eavesdroppers and
active MITM attacks.
• Tools that provide confidentiality also provide some privacy. You probably don't want
your landlord or coffee shop customers to learn things about you.
94
Encouraging HTTPS Adoption
Early 2018: Mozilla announces that new features will require HTTPS
(HTTPS)
(HTTP)
95
Chrome Page Loads over HTTPS
75%
Today, 92-93% of
messages are encrypted
50%
98
Solution: anonymization
Anonymity (“without name’’) means that a person is not identifiable within a set of
subjects
Unlinkability of action and identity
- For example, sender and his email are no more related after adversary’s observations
than they were before
- Who talks to whom
Unobservability
- Adversary cannot tell whether someone is using a particular system and/or protocol
100
What is Anonymity?
To protect privacy:
- Avoid tracking by advertising companies
- Viewing sensitive content
- Information on medical conditions
- Advice on bankruptcy
Protection from prosecution
- Not every country guarantees free speech
To prevent chilling-effects
- It’s easier to voice unpopular or controversial opinions if you are anonymous
101
What is Anonymity?
102
Anonymity
State of the art technique: Ask someone else to send it for you
103
Naive approach .... VPNs
104
Naive approach .... VPNs
105
• Tor is a successful
privacy enhancing
technology that works
at the transport layer
• Millions of active users.
• Normally, a TCP
connection reveals your
IP address
• Tor allows TCP
connections without
revealing your IP
106
Tor (“The Onion Router”)
Tor operates by tunneling traffic through multiple “onion routers” using
public key cryptography
107
Who Knows What?
Entry node: knows Alice is using Tor, and identity of middle node,
but not destination
Exit node: knows some Tor user is connecting to destination, but
not which user
Destination: knows a Tor user is connecting to it via the exit node
108
Does Tor Provide Anonymity?
• Tor provides for anonymity in TCP connections over the Internet, both unlinkably (long-
term) and linkably (short-term).
109
Tor Challenges
Attack: government can Attack: adversary operates
Performance: message coerce server operates in all of the mixes
bounces around a lot (can one country • Defense: have lots of mix servers
• Defense: use mix servers in (Tor has ~7,000 onion routers
be slow) today). Use diverse set.
different legal jurisdictions
110
Guard Relays
How do you protect against an adversary creating a large number of onion routers
and performing timing observation at entrance and exits?
Limit the servers used for initial connection to a subset of trusted nodes:
- Have long and consistent uptimes…
- Have high bandwidth…
- Are manually vetted by the Tor community
Tor client selects 3 guard relays and uses them for 3 months
111
Exit Nodes
Relays must self-elect to be exit nodes. Why?
- Legal problems
- If someone does something malicious or illegal using Tor and the police trace the
traffic, the trace leads to the exit node
112
Tor Hidden Services
As described, Tor protects the identity of the client, but not the server
113
114
115
116
117
118
119
120
Silk Road Marketplace
121
Who uses anonymity systems?
“If you’re not doing anything wrong, you shouldn’t have anything to
hide.”
122
Internet Censorship
Government censors
Block websites containing “offensive” content
Commonly employ blacklist approach
Observed techniques
IP blocking, DNS blackholes, forged RST packets
Popular countermeasures
Mostly proxy based — Tor, Freenet, Ultrasurf, …
Problem: Cat-and-mouse game
123
Internet Censorship
124
Tor Bridges
Anyone can look up the IP addresses of Tor relays
- Public information in the consensus file
125
Tor Bridges
126
Obfuscating Tor Traffic
Bridges alone may be insufficient to get around all types of censorship
- DPI can be used to locate and drop Tor frames
128
Decoy Routing (Telex)
129
Decoy Routing (Telex)
130
Decoy Routing (Telex)
131
Decoy Routing (Telex)
132
Related References
• New York Times, “The Privacy Project”,
https://www.nytimes.com/interactive/2019/opinion/internet-privacy-project.html
• Vincent Toubiana, et al., “Adnostic: Privacy Preserving Targeted Advertising”, in NDSS’10
• Saikat Guha, Bin Cheng, and Paul Francis, “Privad: Practical Privacy in Online Advertising”, in
NDSS’11
• Michael Backes et al., “ObliviAd: Provably Secure and Practical Online Behavioral Advertising”, in
IEEE S&P’ 12
• Alexey Reznichenko et al., “Private-by-Design Advertising Meets the Real World”, in CCS’14
• Mathias Lecuyer et al., “Sunlight: Fine-grained Targeting Detection at Scale with Statistical
Confidence”, in CCS’15
• Athanasios Andreou et al., “Investigating Ad Transparency Mechanisms in Social Media: A Case
Study of Facebook’s Explanations”, in NDSS’18
• Giridhari Venkatadri et al., “Treads: Transparency-Enhancing Ads”, in HotNets’19