PrivacySafer: Privacy Adaptation for HTML5 Web Applications

  • Georgia M. KapitsakiEmail author
  • Theodoros CharalambousEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10570)


Privacy protection is necessary in many applications in mobile and stationary environments. The advances in web applications with the introduction of HTML5 provide the possibility for cross-platform application support. Access to sensitive information is feasible via various means from such applications in order to provide a personalized user experience. Mechanisms to allow users to control this access are vital for a better web experience. In this work, we present our approach toward a mechanism for privacy protection in HTML5 web environments. User preferences for privacy policies can be specified via an indicated notation that considers contextual parameters. Preferences are taken into account during the execution adapting the application content. Our PrivacySafer approach is supported by implementations of extensions in two popular web browsers, Chrome and Firefox. An evaluation on the efficiency of the approach and the resulting web experience with a small group of users has been performed.


Privacy protection HTML5 Privacy policies 



This work was partially funded by the European Community CEF-TC-2015-1 Safer Internet (grant agreement number INEA/CEF/ICT/A2015/1152069) CYberSafety ( project.


  1. 1.
    Achilleos, A.P., Kapitsaki, G.M.: Enabling cross-platform mobile application development: a context-aware middleware. In: Benatallah, B., Bestavros, A., Manolopoulos, Y., Vakali, A., Zhang, Y. (eds.) WISE 2014. LNCS, vol. 8787, pp. 304–318. Springer, Cham (2014). doi: 10.1007/978-3-319-11746-1_22CrossRefGoogle Scholar
  2. 2.
    Aggarwal, G., Bursztein, E., Jackson, C., Boneh, D.: An analysis of private browsing modes in modern browsers. In: USENIX Security Symposium, pp. 79–94 (2010)Google Scholar
  3. 3.
    Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (EPAL). IBM Research (2003)Google Scholar
  4. 4.
    Cahn, A., Alfeld, S., Barford, P., Muthukrishnan, S.: An empirical study of web cookies. In: Proceedings of the 25th International Conference on World Wide Web, WWW 2016, International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland, pp. 891–901 (2016).
  5. 5.
    Herhut, S., Hudson, R.L., Shpeisman, T., Sreeram, J.: Parallel programming for the web. In: Presented as Part of the 4th USENIX Workshop on Hot Topics in Parallelism (2012)Google Scholar
  6. 6.
    Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. Computer 48(2), 85–88 (2015)CrossRefGoogle Scholar
  7. 7.
    Joinson, A.N., Reips, U.D., Buchanan, T., Schofield, C.B.P.: Privacy, trust, and self-disclosure online. Hum.-Comput. Interact. 25(1), 1–24 (2010)CrossRefGoogle Scholar
  8. 8.
    Kapitsaki, G.M.: Reflecting user privacy preferences in context-aware web services. In: 2013 IEEE 20th International Conference on Web Services (ICWS), pp. 123–130. IEEE (2013)Google Scholar
  9. 9.
    Kapitsaki, G.M., Venieris, I.S.: PCP: privacy-aware context profile towards context-aware application development. In: Proceedings of the 10th International Conference on Information Integration and Web-Based Applications and Services, pp. 104–110. ACM (2008)Google Scholar
  10. 10.
    Leon, P., Ur, B., Shay, R., Wang, Y., Balebako, R., Cranor, L.: Why johnny can’t opt out: a usability evaluation of tools to limit online behavioral advertising. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 589–598. ACM (2012)Google Scholar
  11. 11.
    Lorch, M., Proctor, S., Lepro, R., Kafura, D., Shah, S.: First experiences using XACML for access control in distributed systems. In: Proceedings of the 2003 ACM Workshop on XML Security, pp. 25–37. ACM (2003)Google Scholar
  12. 12.
    Mayer, J.R., Mitchell, J.C.: Third-party web tracking: policy and technology. In: 2012 IEEE Symposium on Security and Privacy, pp. 413–427. IEEE (2012)Google Scholar
  13. 13.
    Melicher, W., Sharif, M., Tan, J., Bauer, L., Christodorescu, M., Leon, P.G.: (Do not) track me sometimes: users contextual preferences for web tracking. Proc. Priv. Enhancing Technol. 2016(2), 135–154 (2016)CrossRefGoogle Scholar
  14. 14.
    Olejnik, Ł., Acar, G., Castelluccia, C., Diaz, C.: The leaking battery. In: Garcia-Alfaro, J., Navarro-Arribas, G., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA -2015. LNCS, vol. 9481, pp. 254–263. Springer, Cham (2016). doi: 10.1007/978-3-319-29883-2_18CrossRefGoogle Scholar
  15. 15.
    Schaub, F., Marella, A., Kalvani, P., Ur, B., Pan, C., Forney, E., Cranor, L.F.: Watching them watching me: browser extensions impact on user privacy awareness and concern (2016)Google Scholar
  16. 16.
    Sivakorn, S., Polakis, I., Keromytis, A.D.: The cracked cookie jar: HTTP cookie hijacking and the exposure of private information. In: IEEE Symposium on Security and Privacy, pp. 724–7420. IEEE (2016)Google Scholar
  17. 17.
    Westin, A.F.: Privacy and freedom. Wash. Lee Law Rev. 25(1), 166 (1968)Google Scholar
  18. 18.
    Yin, R.K.: Case Study Research: Design and Methods. Sage Publications, Thousand Oak (2013)Google Scholar
  19. 19.
    Zachte, E.: Wikimedia traffic analysis report-browsers e.a. Wikimedia Traffic Analysis Report, 2013–03 (2013)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of CyprusNicosiaCyprus

Personalised recommendations