what are e mail and the web like n.
Skip this Video
Loading SlideShow in 5 Seconds..
What are E-mail and the Web “like”? PowerPoint Presentation
Download Presentation
What are E-mail and the Web “like”?

Loading in 2 Seconds...

play fullscreen
1 / 17

What are E-mail and the Web “like”? - PowerPoint PPT Presentation

  • Uploaded on

What are E-mail and the Web “like”?. Postal mail Cable TV Library Telephone Newspaper Video game They’re found in an office They’re found in a room at home. Overarching Goal. Help align user privacy expectations with reality The obvious tactics:

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'What are E-mail and the Web “like”?' - robbin

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
what are e mail and the web like
What are E-mail and the Web “like”?
  • Postal mail
  • Cable TV
  • Library
  • Telephone
  • Newspaper
  • Video game
  • They’re found in an office
  • They’re found in a room at home
overarching goal
Overarching Goal
  • Help align user privacy expectations with reality
  • The obvious tactics:
    • Teach the users what it’s really like out there, or
    • Transform the wilderness into what it should be
web tracking summary
Web tracking summary


Request & receive main HTML page

Request & receive embedded element(such as an image)while reporting referrer information


doubleclick.net(3rd party)

cookie sharing threat




Cookie sharingthreat
  • A 3rd party content provider could track a user across all sites served by it (usually via an identifying cookie)
    • Some indications of interest in doing this from Internet advertising folks
    • Threat led to fierce opt-in/opt-out debates and lots of cookie-management software
    • And P3P, naturally
web bugs
Web bugs
  • A bug is a hidden eavesdropping device
  • Vague definition: A Web bug is an HTML element that is
    • present for surveillance purposes,
    • and is intended to go unnoticed by users
our definition
Our definition
  • A Bugnosis Web bug:
    • is an image
    • is too small to see (<= 7 square pixels)
    • is third party to the main page (approx. RFC2965)
    • has a third party cookie
    • only appears once on page
  • Some other characteristics are used for secondary sorting purposes
getting the word out
Getting the word out
  • We knew there were a lot of Web bugs out there (from direct HTML inspection, and a later quantitative study)
  • Web bugs vs cookie sharing threat:
    • Web bugs harder to thoroughly explain
    • But have an easier take-home message: “This is evidence that someone is intentionally noting your visit”
    • Still very hard to identify purpose of tracking
bugnosis the tool
Bugnosis: the tool
  • Most important user interface decision: the audience would be journalists
  • So we needed:
    • easy install/uninstall
    • reasonable default behavior
    • zero configuration
    • attention-grabbing runtime
    • a bit of gobbledygook is OK
  • Didn’t need:
    • web bug blocking behavior
    • browser support other than Internet Explorer
bugnosis demo
Bugnosis demo
  • Altace for cardiovascular risks
  • MSNBC Cybercrime article
    • use of JavaScript; latitude & longitude
  • Google search: “best music portsmouth NH”
    • referrer
  • Mycomputer.com's privacy policy
    • full probe, old junk in cookie, https
  • NY Times Movies pages
    • thrilling cookie
bugnosis details
Bugnosis details
  • Proxy model(not used in Bugnosis)


<h1>United</h1> <img src=“…” width=1 height=1> …


<h1>United</h1> <img src=“…” width=1 height=1> …

bugnosis details1
Bugnosis details
  • Document Object Model /Browser Helper Object

<h1>United</h1> <img src=“…”> …



width = document.imgs[0].width…document.imgs[0].src = “bug.gif”…


bugnosis details2
Bugnosis details
  • Advantages of BHO over proxy:
    • accuracy– no need to reparse HTML
    • image attributes– healthology
    • sensing in spite of SSL encryption
  • Disadvantages:
    • tightly coded to browser
    • interactive
successes and failures
Successes and Failures
  • Success: graphic identity gave it a legitimacy that’s otherwise unobtainable
  • Success: sufficiently in-your-face
  • Success: ability to remotely white-list sites
  • Failure before Success: original “drive-by” ActiveX installation
  • Failure: no P3P integration
  • Failure: insufficient tech support structure
  • Failure: no HTML email support
bugnosis for email
Bugnosis for Email
  • Web bugs in email – they know who you are!
    • Thoroughly breaks expectations
  • Trend is clearly away from 3rd party image support in HTML email readers
    • Yet in past 12 months we’ve seen Web bugs in emails from Pfizer, Proctor & Gamble, Roche, Orthobiotech, RJ Reynolds, GlaxoSmithKline, Experian (for Pernod Ricard)
  • Designing for journalists meant designing for the masses
  • Get Bugnosis from www.bugnosis.org (Windows IE only)
  • BTW, 3 spots in my car
quantifying the amount of tracking
Quantifying the amount of tracking
  • The FTC samples: from 2000 report “Privacy Online”
    • Of 91 “popular” sites, 84 remained in 2001
    • Of 335 “random” (consumer-oriented) sites, 298 remained
  • Searched 100 pages on each site for Web bugs <= 4 clicks from home
  • Popular sample:
    • 84 sites: 58% contained >= 1 bug
      • 29% of sites with bugs did not disclose them
    • 7,507 pages: 10% contained >=1 bug
  • Random sample:
    • 298 sites: 36% contained >=1 bug
    • 25,263 pages: 10% contained >=1 bug