zenon/bachelorarbeit
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add additional references

Browse Source
This commit is contained in:
Tobias Eidelpes 2020-08-10 18:00:18 +02:00
parent 583c925114
commit 51f79405b1
2 changed files with 72 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
methods.tex
View File

@ -89,26 +89,28 @@ web.
\subsection{Hidden Form Fields} \subsection{Hidden Form Fields}
\label{subsec:hidden form fields} \label{subsec:hidden form fields}
The \gls{HTML} provides a specification for form elements, which allows users to The \gls{HTML} provides a specification for form elements
submit information (e.g., for authentication) to the server via POST or GET \cite{whatwgFormsHTMLStandard2020}, which allows users to submit information
methods. Normally, a user would input data into a form and on clicking (e.g., for authentication) to the server via POST or GET methods. Normally, a
\emph{submit} the input would be sent to the server. Sometimes it is necessary user would input data into a form and on clicking \emph{submit} the input would
to include additional information that the user did not enter. For this reason be sent to the server. Sometimes it is necessary to include additional
there exist \emph{hidden} web forms. Hidden web forms do not show on the web site information that the user did not enter. For this reason there exist
and therefore the user cannot enter any information. Similarly to \gls{URL} \emph{hidden} web forms \cite{whatwgHiddenStateHTML2020}. Hidden web forms do
parameters, the value parameter in a hidden field contains additional not show on the web site and therefore the user cannot enter any information.
information like the user's preferred language for example. Since almost Similarly to \gls{URL} parameters, the value parameter in a hidden field
anything can be sent in a value parameter, hidden form fields present another contains additional information like the user's preferred language for example.
way to maintain a session. A parameter containing a unique identifier will be Since almost anything can be sent in a value parameter, hidden form fields
sent with the data the user has submitted to the server. The server can then present another way to maintain a session. A parameter containing a unique
match the action the user took with the identifier. In case the server already identifier will be sent with the data the user has submitted to the server. The
knows that specific identifier from a previous interaction with the user, the server can then match the action the user took with the identifier. In case the
gained information can now be added to the user's browsing profile. An example server already knows that specific identifier from a previous interaction with
of a hidden web form is given in Listing~\ref{lst:hidden web form}, which has the user, the gained information can now be added to the user's browsing
been adapted from \cite{InputFormInput}. In Line 15 a hidden web field is profile. An example of a hidden web form is given in Listing~\ref{lst:hidden web
created and the \texttt{value} field is set by the server to contain a unique form}, which has been adapted from \cite{InputFormInput}. In Line 15 a hidden
user identifier. Once the \emph{submit} button has been clicked, the identifier web field is created and the \texttt{value} field is set by the server to
is sent to the server along with the data the user has filled in. contain a unique user identifier. Once the \emph{submit} button has been
clicked, the identifier is sent to the server along with the data the user has
filled in.
\begin{listing} \begin{listing}
\inputminted[frame=lines,framesep=2mm,bgcolor=light-gray,baselinestretch=1.2,fontsize=\scriptsize,linenos]{html}{code/hidden-web-form.html} \inputminted[frame=lines,framesep=2mm,bgcolor=light-gray,baselinestretch=1.2,fontsize=\scriptsize,linenos]{html}{code/hidden-web-form.html}
@ -124,18 +126,19 @@ is sent to the server along with the data the user has filled in.
Providers of web services often want to know where visitors to their web site Providers of web services often want to know where visitors to their web site
come from to understand more about their users and their browsing habits. The come from to understand more about their users and their browsing habits. The
\gls{HTTP} specification accounts for this by introducing the \emph{\gls{HTTP} \gls{HTTP} specification accounts for this by introducing the \emph{\gls{HTTP}
Referer field} [\emph{sic}] in the header. By checking the referrer, the server Referer field} [\emph{sic}] \cite{fieldingHTTPSemanticsContent2014} in the
can see where the request came from. In practice, a user clicks on a link on a header. By checking the referrer, the server can see where the request came
web page and the current web page is sent as a \gls{URL} in the \gls{HTTP} from. In practice, a user clicks on a link on a web page and the current web
Referer field. The header with the referrer information gets attached to the page is sent as a \gls{URL} in the \gls{HTTP} Referer field. The header with the
\gls{HTTP} request which is sent to the server. The server responds with the referrer information gets attached to the \gls{HTTP} request which is sent to
requested web page and can establish a link from the original web page to the the server. The server responds with the requested web page and can establish a
new web page. When applied to a majority of the requests on a site, the link from the original web page to the new web page. When applied to a majority
resulting data can be analyzed for promotional and statistical purposes. of the requests on a site, the resulting data can be analyzed for promotional
\citet{malandrinoPrivacyAwarenessInformation2013} have shown that the and statistical purposes. \citet{malandrinoPrivacyAwarenessInformation2013}
\gls{HTTP} Referer is one of the most critical factors in leaking \gls{PII}, have shown that the \gls{HTTP} Referer is one of the most critical factors in
because leakage of information relating to user's health has been identified as leaking \gls{PII}, because leakage of information relating to user's health has
the most severe in terms of identifiability of users on the web. been identified as the most severe in terms of identifiability of users on the
web.
\subsection{Explicit Authentication} \subsection{Explicit Authentication}
\label{subsec:explicit authentication} \label{subsec:explicit authentication}

41
references.bib
View File

@ -37,7 +37,8 @@
url = {https://theblog.adobe.com/adobe-flash-update/}, url = {https://theblog.adobe.com/adobe-flash-update/},
urldate = {2020-02-17}, urldate = {2020-02-17},
abstract = {Adobe has long played a leadership role in advancing interactivity and creative content \textendash{} from video, to games and more \textendash{} on the web. Where we've seen a need to pus...}, abstract = {Adobe has long played a leadership role in advancing interactivity and creative content \textendash{} from video, to games and more \textendash{} on the web. Where we've seen a need to pus...},
journal = {Adobe Blog} journal = {Adobe Blog},
note = {Accessed 2020-08-10}
} }
@inproceedings{akkusNontrackingWebAnalytics2012, @inproceedings{akkusNontrackingWebAnalytics2012,
@ -103,10 +104,10 @@
year = {2011}, year = {2011},
month = aug, month = aug,
url = {https://ashkansoltani.org/2011/08/11/respawn-redux-flash-cookies/}, url = {https://ashkansoltani.org/2011/08/11/respawn-redux-flash-cookies/},
urldate = {2019-08-22}, urldate = {2020-08-10},
abstract = {A detailed technical followup to Flash Cookies and Privacy II, describing the mechanisms behind Hulu/KISSmetrics' respawning practices I thought I'd take the time to elaborate a bit fur\ldots}, abstract = {A detailed technical followup to Flash Cookies and Privacy II, describing the mechanisms behind Hulu/KISSmetrics' respawning practices I thought I'd take the time to elaborate a bit fur\ldots},
journal = {Ashkan Soltani}, journal = {Ashkan Soltani},
note = {Accessed 2019-08-22} note = {Accessed 2020-08-10}
} }
@techreport{ayensonFlashCookiesPrivacy2011, @techreport{ayensonFlashCookiesPrivacy2011,
@ -469,6 +470,17 @@ Web cache timing attacks},
series = {{{CCS}} '00} series = {{{CCS}} '00}
} }
@misc{fieldingHTTPSemanticsContent2014,
title = {{{HTTP}}: {{Semantics}} and {{Content}} - {{Referer}}},
shorttitle = {Hypertext {{Transfer Protocol}} ({{HTTP}}/1.1)},
author = {Fielding, Roy and Reschke, Julian},
year = {2014},
month = jun,
url = {https://tools.ietf.org/html/rfc7231\#section-5.5.2},
urldate = {2020-08-10},
note = {Accessed 2020-08-10}
}
@article{frankenExposingCookiePolicy2019, @article{frankenExposingCookiePolicy2019,
title = {Exposing {{Cookie Policy Flaws Through}} an {{Extensive Evaluation}} of {{Browsers}} and {{Their Extensions}}}, title = {Exposing {{Cookie Policy Flaws Through}} an {{Extensive Evaluation}} of {{Browsers}} and {{Their Extensions}}},
author = {Franken, Gertjan and Van Goethem, Tom and Joosen, Wouter}, author = {Franken, Gertjan and Van Goethem, Tom and Joosen, Wouter},
@ -1494,6 +1506,26 @@ The goal of the DOM specification is to define a programmatic interface for XML
note = {Accessed 2020-02-09} note = {Accessed 2020-02-09}
} }
@misc{whatwgFormsHTMLStandard2020,
title = {Forms - {{HTML Standard}}},
author = {WHATWG},
year = {2020},
month = aug,
url = {https://html.spec.whatwg.org/multipage/forms.html},
urldate = {2020-08-10},
note = {Accessed 2020-08-10}
}
@misc{whatwgHiddenStateHTML2020,
title = {Hidden {{State}} - {{HTML Standard}}},
author = {WHATWG},
year = {2020},
month = aug,
url = {https://html.spec.whatwg.org/multipage/input.html\#hidden-state-(type\%3Dhidden)},
urldate = {2020-08-10},
note = {Accessed 2020-08-10}
}
@misc{whatwgHTMLStandard2020, @misc{whatwgHTMLStandard2020,
title = {{{HTML Standard}}}, title = {{{HTML Standard}}},
author = {WHATWG}, author = {WHATWG},
@ -1545,7 +1577,8 @@ The goal of the DOM specification is to define a programmatic interface for XML
url = {https://youtube-eng.googleblog.com/2015/01/youtube-now-defaults-to-html5_27.html}, url = {https://youtube-eng.googleblog.com/2015/01/youtube-now-defaults-to-html5_27.html},
urldate = {2020-02-17}, urldate = {2020-02-17},
abstract = {Four years ago, we wrote about YouTube's early support for the HTML5 {$<$}video{$>$} tag and how it performed compared to Flash. At the time, there...}, abstract = {Four years ago, we wrote about YouTube's early support for the HTML5 {$<$}video{$>$} tag and how it performed compared to Flash. At the time, there...},
journal = {YouTube Engineering and Developers Blog} journal = {YouTube Engineering and Developers Blog},
note = {Accessed 2020-08-10}
} }
@inproceedings{yuTrackingTrackers2016, @inproceedings{yuTrackingTrackers2016,