The Experts below are selected from a list of 255 Experts worldwide ranked by ideXlab platform
Lukasz Olejnik - One of the best experts on this subject based on the ideXlab platform.
-
On the uniqueness of Web browsing History patterns
annals of telecommunications - annales des télécommunications, 2014Co-Authors: Lukasz Olejnik, Claude Castelluccia, Artur JancAbstract:We present the results of the first large-scale study of the uniqueness of Web browsing histories, gathered from a total of 368,284 Internet users who visited a History detection demonstration website. Our results show that for a majority of users (69 %), the browsing History is unique and that users for whom we could detect at least four visited websites were uniquely identified by their histories in 97 % of cases. We observe a significant rate of stability in Browser History fingerprints: for repeat visitors, 38 % of fingerprints are identical over time, and differing ones were correlated with original History contents, indicating static browsing preferences (for History subvectors of size 50). We report a striking result that it is enough to test for a small number of pages in order to both enumerate users’ interests and perform an efficient and unique behavioral fingerprint; we show that testing 50 Web pages is enough to fingerprint 42 % of users in our database, increasing to 70 % with 500 Web pages.
-
On the uniqueness of Web browsing History patterns
annals of telecommunications - annales des télécommunications, 2013Co-Authors: Lukasz Olejnik, Claude Castelluccia, Artur JancAbstract:International audienceWe present the results of the first large-scale study of the uniqueness of Web browsing histories, gathered from a total of $368,284$ Internet users who visited a History detection demonstration website. Our results show that for a majority of users ($69\%$), the browsing History is unique and that users for whom we could detect at least $4$ visited websites were uniquely identified by their histories in $97\%$ of cases. We observe a significant rate of stability in Browser History fingerprints: for repeat visitors, $38\%$ of fingerprints are identical over time, and differing ones were correlated with original History contents, indicating static browsing preferences (for History subvectors of size $50$). We report a striking result that it is enough to test for a small number of pages in order to both enumerate users' interests and perform an efficient and unique behavioral fingerprint; we show that testing $50$ web pages is enough to fingerprint $42\%$ of users in our database, increasing to $70\%$ with $500$ web pages
-
Towards Web-Based Biometric Systems Using Personal Browsing Interests
2013 International Conference on Availability Reliability and Security, 2013Co-Authors: Lukasz Olejnik, Claude CastellucciaAbstract:We investigate the potential to use browsing habits and Browser History as a new authentication and identification system for the Web with potential applications to anomaly and fraud detection. For the first time, we provide an empirical analysis using data from $4,578$ users. We employ the traditional biometric analysis and show that the False Acceptance Rate can be low ($FAR=1.1%$), though this results in a relatively high False Rejection Rate ($FRR=13.8%$). The scheme may either be utilized by Web service providers (with access to user's Browser History) or any Webmaster, using other specialized techniques such as timing-based Browser cache sniffing or a Browser extension. We construct such a proof-of-concept extension.
-
ARES - Towards Web-Based Biometric Systems Using Personal Browsing Interests
2013 International Conference on Availability Reliability and Security, 2013Co-Authors: Lukasz Olejnik, Claude CastellucciaAbstract:We investigate the potential to use browsing habits and Browser History as a new authentication and identification system for the Web with potential applications to anomaly and fraud detection. For the first time, we provide an empirical analysis using data from $4,578$ users. We employ the traditional biometric analysis and show that the False Acceptance Rate can be low ($FAR=1.1%$), though this results in a relatively high False Rejection Rate ($FRR=13.8%$). The scheme may either be utilized by Web service providers (with access to user's Browser History) or any Webmaster, using other specialized techniques such as timing-based Browser cache sniffing or a Browser extension. We construct such a proof-of-concept extension.
-
Why Johnny Can't Browse in Peace: On the Uniqueness of Web Browsing History Patterns
2012Co-Authors: Lukasz Olejnik, Claude Castelluccia, Artur JancAbstract:We present the results of the first large-scale study of the uniqueness of Web browsing histories, gathered from a total of 368; 284 Internet users who visited a History detection demonstration website. Our results show that for a majority of users (69%), the browsing History is unique and that users for whom we could detect at least 4 visited websites were uniquely identified by their histories in 97% of cases. We observe a significant rate of stability in Browser History fingerprints: for repeat visitors, 38% of fingerprints are identical over time, and differing ones were correlated with original History contents, indicating static browsing preferences (for History subvectors of size 50). We report a striking result that it is enough to test for a small number of pages in order to both enumerate users' interests and perform an efficient and unique behavioral fingerprint; we show that testing 50 web pages is enough to fingerprint 42% of users in our database, increasing to 70% with 500 web pages. Finally, we show that indirect History data, such as information about categories of visited websites can also be effective in fingerprinting users, and that similar fingerprinting can be performed by common script providers such as Google or Facebook.
Artur Janc - One of the best experts on this subject based on the ideXlab platform.
-
On the uniqueness of Web browsing History patterns
annals of telecommunications - annales des télécommunications, 2014Co-Authors: Lukasz Olejnik, Claude Castelluccia, Artur JancAbstract:We present the results of the first large-scale study of the uniqueness of Web browsing histories, gathered from a total of 368,284 Internet users who visited a History detection demonstration website. Our results show that for a majority of users (69 %), the browsing History is unique and that users for whom we could detect at least four visited websites were uniquely identified by their histories in 97 % of cases. We observe a significant rate of stability in Browser History fingerprints: for repeat visitors, 38 % of fingerprints are identical over time, and differing ones were correlated with original History contents, indicating static browsing preferences (for History subvectors of size 50). We report a striking result that it is enough to test for a small number of pages in order to both enumerate users’ interests and perform an efficient and unique behavioral fingerprint; we show that testing 50 Web pages is enough to fingerprint 42 % of users in our database, increasing to 70 % with 500 Web pages.
-
On the uniqueness of Web browsing History patterns
annals of telecommunications - annales des télécommunications, 2013Co-Authors: Lukasz Olejnik, Claude Castelluccia, Artur JancAbstract:International audienceWe present the results of the first large-scale study of the uniqueness of Web browsing histories, gathered from a total of $368,284$ Internet users who visited a History detection demonstration website. Our results show that for a majority of users ($69\%$), the browsing History is unique and that users for whom we could detect at least $4$ visited websites were uniquely identified by their histories in $97\%$ of cases. We observe a significant rate of stability in Browser History fingerprints: for repeat visitors, $38\%$ of fingerprints are identical over time, and differing ones were correlated with original History contents, indicating static browsing preferences (for History subvectors of size $50$). We report a striking result that it is enough to test for a small number of pages in order to both enumerate users' interests and perform an efficient and unique behavioral fingerprint; we show that testing $50$ web pages is enough to fingerprint $42\%$ of users in our database, increasing to $70\%$ with $500$ web pages
-
Why Johnny Can't Browse in Peace: On the Uniqueness of Web Browsing History Patterns
2012Co-Authors: Lukasz Olejnik, Claude Castelluccia, Artur JancAbstract:We present the results of the first large-scale study of the uniqueness of Web browsing histories, gathered from a total of 368; 284 Internet users who visited a History detection demonstration website. Our results show that for a majority of users (69%), the browsing History is unique and that users for whom we could detect at least 4 visited websites were uniquely identified by their histories in 97% of cases. We observe a significant rate of stability in Browser History fingerprints: for repeat visitors, 38% of fingerprints are identical over time, and differing ones were correlated with original History contents, indicating static browsing preferences (for History subvectors of size 50). We report a striking result that it is enough to test for a small number of pages in order to both enumerate users' interests and perform an efficient and unique behavioral fingerprint; we show that testing 50 web pages is enough to fingerprint 42% of users in our database, increasing to 70% with 500 web pages. Finally, we show that indirect History data, such as information about categories of visited websites can also be effective in fingerprinting users, and that similar fingerprinting can be performed by common script providers such as Google or Facebook.
-
web Browser History detection as a real world privacy threat
European Symposium on Research in Computer Security, 2010Co-Authors: Artur Janc, Lukasz OlejnikAbstract:Web Browser History detection using CSS visited styles has long been dismissed as an issue of marginal impact. However, due to recent changes in Web usage patterns, coupled with Browser performance improvements, the long-standing issue has now become a significant threat to the privacy of Internet users. In this paper we analyze the impact of CSS-based History detection and demonstrate the feasibility of conducting practical attacks with minimal resources. We analyze Web Browser behavior and detectability of content loaded via standard protocols and with various HTTP response codes. We develop an algorithm for efficient examination of large link sets and evaluate its performance in modern Browsers. Compared to existing methods our approach is up to 6 times faster, and is able to detect up to 30,000 visited links per second. We present a novel Web application capable of effectively detecting clients' browsing histories and discuss real-world results obtained from 271,576 Internet users. Our results indicate that at least 76% of Internet users are vulnerable to History detection, including over 94% of Google Chrome users; for a test of most popular Internet websites we were able to detect, on average, 62.6 (median 22) visited locations per client. We also demonstrate the potential to profile users based on social news stories they visited, and to detect private data such as zipcodes or search queries typed into online forms.
-
ESORICS - Web Browser History detection as a real-world privacy threat
Computer Security – ESORICS 2010, 2010Co-Authors: Artur Janc, Lukasz OlejnikAbstract:Web Browser History detection using CSS visited styles has long been dismissed as an issue of marginal impact. However, due to recent changes in Web usage patterns, coupled with Browser performance improvements, the long-standing issue has now become a significant threat to the privacy of Internet users. In this paper we analyze the impact of CSS-based History detection and demonstrate the feasibility of conducting practical attacks with minimal resources. We analyze Web Browser behavior and detectability of content loaded via standard protocols and with various HTTP response codes. We develop an algorithm for efficient examination of large link sets and evaluate its performance in modern Browsers. Compared to existing methods our approach is up to 6 times faster, and is able to detect up to 30,000 visited links per second. We present a novel Web application capable of effectively detecting clients' browsing histories and discuss real-world results obtained from 271,576 Internet users. Our results indicate that at least 76% of Internet users are vulnerable to History detection, including over 94% of Google Chrome users; for a test of most popular Internet websites we were able to detect, on average, 62.6 (median 22) visited locations per client. We also demonstrate the potential to profile users based on social news stories they visited, and to detect private data such as zipcodes or search queries typed into online forms.
Claude Castelluccia - One of the best experts on this subject based on the ideXlab platform.
-
On the uniqueness of Web browsing History patterns
annals of telecommunications - annales des télécommunications, 2014Co-Authors: Lukasz Olejnik, Claude Castelluccia, Artur JancAbstract:We present the results of the first large-scale study of the uniqueness of Web browsing histories, gathered from a total of 368,284 Internet users who visited a History detection demonstration website. Our results show that for a majority of users (69 %), the browsing History is unique and that users for whom we could detect at least four visited websites were uniquely identified by their histories in 97 % of cases. We observe a significant rate of stability in Browser History fingerprints: for repeat visitors, 38 % of fingerprints are identical over time, and differing ones were correlated with original History contents, indicating static browsing preferences (for History subvectors of size 50). We report a striking result that it is enough to test for a small number of pages in order to both enumerate users’ interests and perform an efficient and unique behavioral fingerprint; we show that testing 50 Web pages is enough to fingerprint 42 % of users in our database, increasing to 70 % with 500 Web pages.
-
On the uniqueness of Web browsing History patterns
annals of telecommunications - annales des télécommunications, 2013Co-Authors: Lukasz Olejnik, Claude Castelluccia, Artur JancAbstract:International audienceWe present the results of the first large-scale study of the uniqueness of Web browsing histories, gathered from a total of $368,284$ Internet users who visited a History detection demonstration website. Our results show that for a majority of users ($69\%$), the browsing History is unique and that users for whom we could detect at least $4$ visited websites were uniquely identified by their histories in $97\%$ of cases. We observe a significant rate of stability in Browser History fingerprints: for repeat visitors, $38\%$ of fingerprints are identical over time, and differing ones were correlated with original History contents, indicating static browsing preferences (for History subvectors of size $50$). We report a striking result that it is enough to test for a small number of pages in order to both enumerate users' interests and perform an efficient and unique behavioral fingerprint; we show that testing $50$ web pages is enough to fingerprint $42\%$ of users in our database, increasing to $70\%$ with $500$ web pages
-
Towards Web-Based Biometric Systems Using Personal Browsing Interests
2013 International Conference on Availability Reliability and Security, 2013Co-Authors: Lukasz Olejnik, Claude CastellucciaAbstract:We investigate the potential to use browsing habits and Browser History as a new authentication and identification system for the Web with potential applications to anomaly and fraud detection. For the first time, we provide an empirical analysis using data from $4,578$ users. We employ the traditional biometric analysis and show that the False Acceptance Rate can be low ($FAR=1.1%$), though this results in a relatively high False Rejection Rate ($FRR=13.8%$). The scheme may either be utilized by Web service providers (with access to user's Browser History) or any Webmaster, using other specialized techniques such as timing-based Browser cache sniffing or a Browser extension. We construct such a proof-of-concept extension.
-
ARES - Towards Web-Based Biometric Systems Using Personal Browsing Interests
2013 International Conference on Availability Reliability and Security, 2013Co-Authors: Lukasz Olejnik, Claude CastellucciaAbstract:We investigate the potential to use browsing habits and Browser History as a new authentication and identification system for the Web with potential applications to anomaly and fraud detection. For the first time, we provide an empirical analysis using data from $4,578$ users. We employ the traditional biometric analysis and show that the False Acceptance Rate can be low ($FAR=1.1%$), though this results in a relatively high False Rejection Rate ($FRR=13.8%$). The scheme may either be utilized by Web service providers (with access to user's Browser History) or any Webmaster, using other specialized techniques such as timing-based Browser cache sniffing or a Browser extension. We construct such a proof-of-concept extension.
-
Why Johnny Can't Browse in Peace: On the Uniqueness of Web Browsing History Patterns
2012Co-Authors: Lukasz Olejnik, Claude Castelluccia, Artur JancAbstract:We present the results of the first large-scale study of the uniqueness of Web browsing histories, gathered from a total of 368; 284 Internet users who visited a History detection demonstration website. Our results show that for a majority of users (69%), the browsing History is unique and that users for whom we could detect at least 4 visited websites were uniquely identified by their histories in 97% of cases. We observe a significant rate of stability in Browser History fingerprints: for repeat visitors, 38% of fingerprints are identical over time, and differing ones were correlated with original History contents, indicating static browsing preferences (for History subvectors of size 50). We report a striking result that it is enough to test for a small number of pages in order to both enumerate users' interests and perform an efficient and unique behavioral fingerprint; we show that testing 50 web pages is enough to fingerprint 42% of users in our database, increasing to 70% with 500 web pages. Finally, we show that indirect History data, such as information about categories of visited websites can also be effective in fingerprinting users, and that similar fingerprinting can be performed by common script providers such as Google or Facebook.
Trilce Navarrete - One of the best experts on this subject based on the ideXlab platform.
-
classifying web genres in context a case study documenting the web genres used by a software engineer
Information Processing and Management, 2008Co-Authors: Michela Montesi, Trilce NavarreteAbstract:This case study analyzes the Internet-based resources that a software engineer uses in his daily work. Methodologically, we studied the web Browser History of the participant, classifying all the web pages he had seen over a period of 12 days into web genres. We interviewed him before and after the analysis of the web Browser History. In the first interview, he spoke about his general information behavior; in the second, he commented on each web genre, explaining why and how he used them. As a result, three approaches allow us to describe the set of 23 web genres obtained: (a) the purposes they serve for the participant; (b) the role they play in the various work and search phases; (c) and the way they are used in combination with each other. Further observations concern the way the participant assesses quality of web-based resources, and his information behavior as a software engineer.
Michela Montesi - One of the best experts on this subject based on the ideXlab platform.
-
classifying web genres in context a case study documenting the web genres used by a software engineer
Information Processing and Management, 2008Co-Authors: Michela Montesi, Trilce NavarreteAbstract:This case study analyzes the Internet-based resources that a software engineer uses in his daily work. Methodologically, we studied the web Browser History of the participant, classifying all the web pages he had seen over a period of 12 days into web genres. We interviewed him before and after the analysis of the web Browser History. In the first interview, he spoke about his general information behavior; in the second, he commented on each web genre, explaining why and how he used them. As a result, three approaches allow us to describe the set of 23 web genres obtained: (a) the purposes they serve for the participant; (b) the role they play in the various work and search phases; (c) and the way they are used in combination with each other. Further observations concern the way the participant assesses quality of web-based resources, and his information behavior as a software engineer.
