Skip to main content
SpringerLink
Log in

RequestPolicy: Increasing Web Browsing Privacy through Control of Cross-Site Requests

  • Conference paper
Privacy Enhancing Technologies (PETS 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5672))

Included in the following conference series:

Abstract

Many requests that a Web browser makes are not made to the primary site a user is visiting. It is common for websites to instruct browsers to make additional requests to third-party sites for content, advertisements, as well as for purely user-tracking purposes. Current techniques for maintaining user privacy with respect to cross-site requests are limited and inadequate. We propose a client-side whitelist for controlling third-party website requests. We implement this as RequestPolicy, an extension for Mozilla browsers. We look at the usability of RequestPolicy as well its impact on the Web browsing experience. Our extension maintains a high level of usability while safeguarding user privacy against well-known threats in addition to new threats we draw attention to.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Tor: anonymity, http://www.torproject.org/

  2. Abbott, T., Lai, K., Lieberman, M., Price, E.: Browser-Based Attacks on Tor. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 184–199. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  3. Felten, E., Schneider, M.: Timing attacks on web privacy. In: Proceedings of the 7th ACM conference on Computer and communications security, pp. 25–32. ACM, New York (2000)

    Chapter  Google Scholar 

  4. Krishnamurthy, B., Malandrino, D., Wills, C.: Measuring privacy loss and the impact of privacy protection in web browsing. In: Proceedings of the 3rd symposium on Usable privacy and security, pp. 52–63. ACM Press, New York (2007)

    Chapter  Google Scholar 

  5. RequestPolicy - Firefox addon for privacy and security, http://www.requestpolicy.com/

  6. Privoxy, http://www.privoxy.org/

  7. RefControl, http://www.stardrifter.org/refcontrol/

  8. Extended Cookie Manager, http://www.defector.de/blog/category/firefox-extensions/extended-cookie-manager/

  9. Karma Blocker, http://trac.arantius.com/wiki/Extensions/KarmaBlocker

  10. Adblock Plus, http://adblockplus.org/

  11. BlockSite - Firefox Add-ons, https://addons.mozilla.org/en-US/firefox/addon/3145

  12. Psiphon, http://psiphon.ca/

  13. Jackson, C., Bortz, A., Boneh, D., Mitchell, J.: Protecting browser state from web privacy attacks. In: Proceedings of the 15th international conference on World Wide Web, pp. 737–744. ACM, New York (2006)

    Google Scholar 

  14. Web Security Research - Alex’s Corner: Attacking the SafeCache Firefox Extension, http://kuza55.blogspot.com/2007/02/attacking-safecache-firefox-extension.html

  15. Krishnamurthy, B., Wills, C.: Generating a privacy footprint on the internet. In: Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, pp. 65–70. ACM, New York (2006)

    Google Scholar 

  16. Krishnamurthy, B., Wills, C.E.: Privacy Diffusion on the Web: A Longitudinal Perspective. In: Proceedings of the World Wide Web Conference (2009)

    Google Scholar 

  17. NoScript - Firefox Add-ons, https://addons.mozilla.org/en-US/firefox/addon/722

  18. Firefox Add-ons, https://addons.mozilla.org/

  19. XPCOM, http://www.mozilla.org/projects/xpcom/

  20. Google Chrome, http://www.google.com/chrome

  21. Firefox 3.1 / DNS Prefetching Security Review, https://wiki.mozilla.org/Firefox3.1/DNS_Prefetching_Security_Review

  22. Private Browsing, https://wiki.mozilla.org/PrivateBrowsing

  23. Google AJAX Libraries API - Google Code, http://code.google.com/apis/ajaxlibs/

  24. The Yahoo! User Interface Library (YUI), http://developer.yahoo.com/yui/

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Arizona,  

    Justin Samuel & Beichuan Zhang

Authors
  1. Justin Samuel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Beichuan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. David R. Cheriton School of Computer Science, University of Waterloo, University Avenue West, N2L 3G1, Waterloo, ON, Canada

    Ian Goldberg

  2. Department of Computer Science, Purdue University, 305 North University Street, IN 47907-2107, West Lafayete, USA

    Mikhail J. Atallah

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Samuel, J., Zhang, B. (2009). RequestPolicy: Increasing Web Browsing Privacy through Control of Cross-Site Requests. In: Goldberg, I., Atallah, M.J. (eds) Privacy Enhancing Technologies. PETS 2009. Lecture Notes in Computer Science, vol 5672. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03168-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03168-7_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03167-0

  • Online ISBN: 978-3-642-03168-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation