Abstract
Many requests that a Web browser makes are not made to the primary site a user is visiting. It is common for websites to instruct browsers to make additional requests to third-party sites for content, advertisements, as well as for purely user-tracking purposes. Current techniques for maintaining user privacy with respect to cross-site requests are limited and inadequate. We propose a client-side whitelist for controlling third-party website requests. We implement this as RequestPolicy, an extension for Mozilla browsers. We look at the usability of RequestPolicy as well its impact on the Web browsing experience. Our extension maintains a high level of usability while safeguarding user privacy against well-known threats in addition to new threats we draw attention to.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Tor: anonymity, http://www.torproject.org/
Abbott, T., Lai, K., Lieberman, M., Price, E.: Browser-Based Attacks on Tor. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 184–199. Springer, Heidelberg (2007)
Felten, E., Schneider, M.: Timing attacks on web privacy. In: Proceedings of the 7th ACM conference on Computer and communications security, pp. 25–32. ACM, New York (2000)
Krishnamurthy, B., Malandrino, D., Wills, C.: Measuring privacy loss and the impact of privacy protection in web browsing. In: Proceedings of the 3rd symposium on Usable privacy and security, pp. 52–63. ACM Press, New York (2007)
RequestPolicy - Firefox addon for privacy and security, http://www.requestpolicy.com/
Privoxy, http://www.privoxy.org/
RefControl, http://www.stardrifter.org/refcontrol/
Extended Cookie Manager, http://www.defector.de/blog/category/firefox-extensions/extended-cookie-manager/
Karma Blocker, http://trac.arantius.com/wiki/Extensions/KarmaBlocker
Adblock Plus, http://adblockplus.org/
BlockSite - Firefox Add-ons, https://addons.mozilla.org/en-US/firefox/addon/3145
Psiphon, http://psiphon.ca/
Jackson, C., Bortz, A., Boneh, D., Mitchell, J.: Protecting browser state from web privacy attacks. In: Proceedings of the 15th international conference on World Wide Web, pp. 737–744. ACM, New York (2006)
Web Security Research - Alex’s Corner: Attacking the SafeCache Firefox Extension, http://kuza55.blogspot.com/2007/02/attacking-safecache-firefox-extension.html
Krishnamurthy, B., Wills, C.: Generating a privacy footprint on the internet. In: Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, pp. 65–70. ACM, New York (2006)
Krishnamurthy, B., Wills, C.E.: Privacy Diffusion on the Web: A Longitudinal Perspective. In: Proceedings of the World Wide Web Conference (2009)
NoScript - Firefox Add-ons, https://addons.mozilla.org/en-US/firefox/addon/722
Firefox Add-ons, https://addons.mozilla.org/
Google Chrome, http://www.google.com/chrome
Firefox 3.1 / DNS Prefetching Security Review, https://wiki.mozilla.org/Firefox3.1/DNS_Prefetching_Security_Review
Private Browsing, https://wiki.mozilla.org/PrivateBrowsing
Google AJAX Libraries API - Google Code, http://code.google.com/apis/ajaxlibs/
The Yahoo! User Interface Library (YUI), http://developer.yahoo.com/yui/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Samuel, J., Zhang, B. (2009). RequestPolicy: Increasing Web Browsing Privacy through Control of Cross-Site Requests. In: Goldberg, I., Atallah, M.J. (eds) Privacy Enhancing Technologies. PETS 2009. Lecture Notes in Computer Science, vol 5672. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03168-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-03168-7_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03167-0
Online ISBN: 978-3-642-03168-7
eBook Packages: Computer ScienceComputer Science (R0)