A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Filters
Domain Name Encryption Is Not Enough: Privacy Leakage via IP-based Website Fingerprinting
[article]
2021
arXiv
pre-print
Preserved Fulltext
Other Versions
Although the security benefits of domain name encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH) are clear, their positive impact on user privacy ...
In this paper, we show that this instability is not a roadblock (assuming a universal DoT/DoH and ECH deployment), by introducing an IP-based website fingerprinting technique that allows a network-level ...
The opinions in this paper are those of the authors and do not necessarily reflect the opinions of the sponsor. ...
arXiv:2102.08332v2
fatcat:2y5prhskhbdeplm35hrb3xtl6y
Domain name encryption is not enough: privacy leakage via IP-based website fingerprinting
2021
Proceedings on Privacy Enhancing Technologies
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Although the security benefits of domain name encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH) are clear, their positive impact on user privacy ...
We conclude by discussing strategies for website owners and hosting providers towards hindering IP-based website fingerprinting and maximizing the privacy benefits offered by DoT/DoH and ECH. ...
The opinions in this paper are those of the authors and do not necessarily reflect the opinions of the sponsor. ...
doi:10.2478/popets-2021-0078
fatcat:k6f6pkoltzdfdmudcdav2dqoqe
Assessing the Privacy Benefits of Domain Name Encryption
[article]
2019
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
However, even when encryption is enabled, users leak information about the domains they visit via their DNS queries and via the Server Name Indication (SNI) extension of TLS. ...
We find that 20% of the domains studied will not gain any privacy benefit since they have a one-to-one mapping between their hostname and IP address. ...
More specifically, while domain name information is encrypted, the IP address information is still visible to any on-path observers and can be used to infer the websites being visited. ...
arXiv:1911.00563v1
fatcat:yondgiommzeaxgidht6heguv6e
Summary of DNS Over HTTPS Abuse
2022
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Last but not least, we identified several research challenges that we consider important for future security research. ...
The Internet Engineering Task Force adopted the DNS over HTTPS protocol in 2018 to remediate privacy issues regarding the plain text transmission of the DNS protocol. ...
Translating a domain name via DoH is not by itself abuse. ...
doi:10.1109/access.2022.3175497
fatcat:sxehblcsknbkvi5qhlipgbqrja
Expressive privacy control with pseudonyms
2013
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM - SIGCOMM '13
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
In the current Internet, the default assumption is that all behavior can be correlated using a variety of identifying information, not the least of which is a user's IP address. ...
We provide this abstraction by associating each pseudonym with a unique, random address drawn from the IPv6 address space, which is large enough to provide each device with multiple globally-routable addresses ...
The extension allocates/deallocates IPv6 addresses by communicating with the gateway. • Name resolution: Requests for web pages arrive at the gateway with domain names rather than IPs. ...
doi:10.1145/2486001.2486032
dblp:conf/sigcomm/HanLPPAKW13
fatcat:rtr7wbsvq5e7hjomkhoxu2pmhq
Expressive privacy control with pseudonyms
2013
Computer communication review
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
In the current Internet, the default assumption is that all behavior can be correlated using a variety of identifying information, not the least of which is a user's IP address. ...
We provide this abstraction by associating each pseudonym with a unique, random address drawn from the IPv6 address space, which is large enough to provide each device with multiple globally-routable addresses ...
The extension allocates/deallocates IPv6 addresses by communicating with the gateway. • Name resolution: Requests for web pages arrive at the gateway with domain names rather than IPs. ...
doi:10.1145/2534169.2486032
fatcat:yvfeltda2zh5lak3nglwny3tmy
Tracking and Personalization
[chapter]
2021
Modern Socio-Technical Perspectives on Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Privacy implications of personalization via online tracking, highlighted by organizations and researchers, are also illustrated. ...
Lastly, this chapter discusses the ways to balance personalization benefits and privacy concerns. ...
In addition, identifiers such as network names and IP addresses also help in host fingerprinting [75] . ...
doi:10.1007/978-3-030-82786-1_9
fatcat:au7bgwajqzeffb2cvtgn3ytasy
Shopping for privacy: Purchase details leaked to PayPal
2016
Electronic Commerce Research and Applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Leakage to PayPal is commonplace across product categories and includes details of medication or sex toys. We provide recommendations for merchants. ...
More than half of the sites we analysed shared product names and details with PayPal, allowing the payment provider to build up fine-grained and comprehensive consumption profiles about its clients across ...
Unfortunately, PayPal's privacy policy is not as explicit about fingerprinting as it is for Flash cookies. ...
doi:10.1016/j.elerap.2015.11.004
fatcat:wmakmoosbfa7no2mnlg6swo6wy
A Case Study of Intra-library Privacy Issues on Android GPS Navigation Apps
[chapter]
2019
Communications in Computer and Information Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2021 pre-print arXiv:2109.03664v1 fatcat:amv3wtebqrbyff4apxjixyhmva
Our results show that GPS navigation apps have access to several types of device data, while they may allow for personal data leakage towards third parties such as library providers or tracking services ...
In this respect, this paper focuses on the geolocation data and analyses five GPS applications to identify the privacy risks if no appropriate safeguards are present. ...
The difficulty in dealing with fingerprinting rests with the fact that fingerprints are not based on any client-based storage (such as the case of cookies) and thus sophisticated data protection by design ...
doi:10.1007/978-3-030-37545-4_3
fatcat:7ntomzzqbrfxtcoqq6ooe5zzae
Eavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network Traffic
2016
Workshop on Offensive Technologies
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Despite the widespread use of fully encrypted communication, our technique, called NetScope, is based on the intuition that the highly specific implementation of each app leaves a fingerprint on its traffic ...
Android and iOS devices, based solely on inspecting IP headers. ...
Any opinions, findings, and conclusions in this paper are those of the authors only and do not necessarily reflect the views of our sponsors. ...
dblp:conf/woot/SaltaformaggioC16
fatcat:gkgbvsxhz5bpxj2xdw2zjfrf6a
A Comprehensive Survey of Aadhar and Security Issues
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
To implement this, the Indian government created the authority UIDAI to distribute and generate user identities for every individual based on their demographic and biometric data. ...
Our main aim is to cover all the security aspects related to Aadhaar to avoid possible security attacks. Also, we have included the current updates and news related to Aadhaar. ...
The card generated via UIDAI then got named as Aadhaar card. The word "Aadhaar" is a Hindi word that refers to a 'base' that verifies your identity.
A. ...
arXiv:2007.09409v1
fatcat:wvfuikzjsrerfm445kabru5xli
Mosaic
2013
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM - SIGCOMM '13
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2014; you can also visit the original URL.
The file type is application/pdf.
While prior studies have directly focused on OSN services, we call attention to the privacy leakage in mobile network data. This concern is motivated by two factors. ...
By applying Tessellation on traffic from a cellular service provider (CSP), we show that up to 50% of the traffic can be attributed to the names of users. ...
The information for each class/subclass is Privacy leakage as a function of breach duration and compromised IPs. ...
doi:10.1145/2486001.2486008
dblp:conf/sigcomm/XiaSLINZK13
fatcat:oc4q32agrzcwbjzqvmkq6vr6au
Mosaic
2013
Computer communication review
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2014; you can also visit the original URL.
The file type is application/pdf.
While prior studies have directly focused on OSN services, we call attention to the privacy leakage in mobile network data. This concern is motivated by two factors. ...
By applying Tessellation on traffic from a cellular service provider (CSP), we show that up to 50% of the traffic can be attributed to the names of users. ...
The information for each class/subclass is Privacy leakage as a function of breach duration and compromised IPs. ...
doi:10.1145/2534169.2486008
fatcat:sip5i3jsmvec5dft7c6wb3s3ae
Towards Mining Latent Client Identifiers from Network Traffic
2016
Proceedings on Privacy Enhancing Technologies
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Websites extensively track users via identifiers that uniquely map to client machines or user accounts. ...
Although such tracking has desirable properties like enabling personalization and website analytics, it also raises serious concerns about online user privacy, and can potentially enable illicit surveillance ...
Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsors. ...
doi:10.1515/popets-2016-0007
dblp:journals/popets/JainJP16
fatcat:2osybpcf6za6zhgra73w6yuc6e
Oblivious DNS: Practical Privacy for DNS Queries
2019
Proceedings on Privacy Enhancing Technologies
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Operators of DNS recursive resolvers—the machines that receive a client's query for a domain name and resolve it to a corresponding IP address—can learn significant information about client activity. ...
Virtually every Internet communication typically involves a Domain Name System (DNS) lookup for the destination server that the client wants to communicate with. ...
Recent work has highlighted how onion domain name leakages are a source of privacy leakage as well [40] . ...
doi:10.2478/popets-2019-0028
dblp:journals/popets/SchmittEMF19
fatcat:zwmj24okyvhidmd6k5rstvkxfy
« Previous
Showing results 1 — 15 out of 337 results