Add additional references
This commit is contained in:
parent
583c925114
commit
51f79405b1
67
methods.tex
67
methods.tex
@ -89,26 +89,28 @@ web.
|
||||
\subsection{Hidden Form Fields}
|
||||
\label{subsec:hidden form fields}
|
||||
|
||||
The \gls{HTML} provides a specification for form elements, which allows users to
|
||||
submit information (e.g., for authentication) to the server via POST or GET
|
||||
methods. Normally, a user would input data into a form and on clicking
|
||||
\emph{submit} the input would be sent to the server. Sometimes it is necessary
|
||||
to include additional information that the user did not enter. For this reason
|
||||
there exist \emph{hidden} web forms. Hidden web forms do not show on the web site
|
||||
and therefore the user cannot enter any information. Similarly to \gls{URL}
|
||||
parameters, the value parameter in a hidden field contains additional
|
||||
information like the user's preferred language for example. Since almost
|
||||
anything can be sent in a value parameter, hidden form fields present another
|
||||
way to maintain a session. A parameter containing a unique identifier will be
|
||||
sent with the data the user has submitted to the server. The server can then
|
||||
match the action the user took with the identifier. In case the server already
|
||||
knows that specific identifier from a previous interaction with the user, the
|
||||
gained information can now be added to the user's browsing profile. An example
|
||||
of a hidden web form is given in Listing~\ref{lst:hidden web form}, which has
|
||||
been adapted from \cite{InputFormInput}. In Line 15 a hidden web field is
|
||||
created and the \texttt{value} field is set by the server to contain a unique
|
||||
user identifier. Once the \emph{submit} button has been clicked, the identifier
|
||||
is sent to the server along with the data the user has filled in.
|
||||
The \gls{HTML} provides a specification for form elements
|
||||
\cite{whatwgFormsHTMLStandard2020}, which allows users to submit information
|
||||
(e.g., for authentication) to the server via POST or GET methods. Normally, a
|
||||
user would input data into a form and on clicking \emph{submit} the input would
|
||||
be sent to the server. Sometimes it is necessary to include additional
|
||||
information that the user did not enter. For this reason there exist
|
||||
\emph{hidden} web forms \cite{whatwgHiddenStateHTML2020}. Hidden web forms do
|
||||
not show on the web site and therefore the user cannot enter any information.
|
||||
Similarly to \gls{URL} parameters, the value parameter in a hidden field
|
||||
contains additional information like the user's preferred language for example.
|
||||
Since almost anything can be sent in a value parameter, hidden form fields
|
||||
present another way to maintain a session. A parameter containing a unique
|
||||
identifier will be sent with the data the user has submitted to the server. The
|
||||
server can then match the action the user took with the identifier. In case the
|
||||
server already knows that specific identifier from a previous interaction with
|
||||
the user, the gained information can now be added to the user's browsing
|
||||
profile. An example of a hidden web form is given in Listing~\ref{lst:hidden web
|
||||
form}, which has been adapted from \cite{InputFormInput}. In Line 15 a hidden
|
||||
web field is created and the \texttt{value} field is set by the server to
|
||||
contain a unique user identifier. Once the \emph{submit} button has been
|
||||
clicked, the identifier is sent to the server along with the data the user has
|
||||
filled in.
|
||||
|
||||
\begin{listing}
|
||||
\inputminted[frame=lines,framesep=2mm,bgcolor=light-gray,baselinestretch=1.2,fontsize=\scriptsize,linenos]{html}{code/hidden-web-form.html}
|
||||
@ -124,18 +126,19 @@ is sent to the server along with the data the user has filled in.
|
||||
Providers of web services often want to know where visitors to their web site
|
||||
come from to understand more about their users and their browsing habits. The
|
||||
\gls{HTTP} specification accounts for this by introducing the \emph{\gls{HTTP}
|
||||
Referer field} [\emph{sic}] in the header. By checking the referrer, the server
|
||||
can see where the request came from. In practice, a user clicks on a link on a
|
||||
web page and the current web page is sent as a \gls{URL} in the \gls{HTTP}
|
||||
Referer field. The header with the referrer information gets attached to the
|
||||
\gls{HTTP} request which is sent to the server. The server responds with the
|
||||
requested web page and can establish a link from the original web page to the
|
||||
new web page. When applied to a majority of the requests on a site, the
|
||||
resulting data can be analyzed for promotional and statistical purposes.
|
||||
\citet{malandrinoPrivacyAwarenessInformation2013} have shown that the
|
||||
\gls{HTTP} Referer is one of the most critical factors in leaking \gls{PII},
|
||||
because leakage of information relating to user's health has been identified as
|
||||
the most severe in terms of identifiability of users on the web.
|
||||
Referer field} [\emph{sic}] \cite{fieldingHTTPSemanticsContent2014} in the
|
||||
header. By checking the referrer, the server can see where the request came
|
||||
from. In practice, a user clicks on a link on a web page and the current web
|
||||
page is sent as a \gls{URL} in the \gls{HTTP} Referer field. The header with the
|
||||
referrer information gets attached to the \gls{HTTP} request which is sent to
|
||||
the server. The server responds with the requested web page and can establish a
|
||||
link from the original web page to the new web page. When applied to a majority
|
||||
of the requests on a site, the resulting data can be analyzed for promotional
|
||||
and statistical purposes. \citet{malandrinoPrivacyAwarenessInformation2013}
|
||||
have shown that the \gls{HTTP} Referer is one of the most critical factors in
|
||||
leaking \gls{PII}, because leakage of information relating to user's health has
|
||||
been identified as the most severe in terms of identifiability of users on the
|
||||
web.
|
||||
|
||||
\subsection{Explicit Authentication}
|
||||
\label{subsec:explicit authentication}
|
||||
|
||||
@ -37,7 +37,8 @@
|
||||
url = {https://theblog.adobe.com/adobe-flash-update/},
|
||||
urldate = {2020-02-17},
|
||||
abstract = {Adobe has long played a leadership role in advancing interactivity and creative content \textendash{} from video, to games and more \textendash{} on the web. Where we've seen a need to pus...},
|
||||
journal = {Adobe Blog}
|
||||
journal = {Adobe Blog},
|
||||
note = {Accessed 2020-08-10}
|
||||
}
|
||||
|
||||
@inproceedings{akkusNontrackingWebAnalytics2012,
|
||||
@ -103,10 +104,10 @@
|
||||
year = {2011},
|
||||
month = aug,
|
||||
url = {https://ashkansoltani.org/2011/08/11/respawn-redux-flash-cookies/},
|
||||
urldate = {2019-08-22},
|
||||
urldate = {2020-08-10},
|
||||
abstract = {A detailed technical followup to Flash Cookies and Privacy II, describing the mechanisms behind Hulu/KISSmetrics' respawning practices I thought I'd take the time to elaborate a bit fur\ldots},
|
||||
journal = {Ashkan Soltani},
|
||||
note = {Accessed 2019-08-22}
|
||||
note = {Accessed 2020-08-10}
|
||||
}
|
||||
|
||||
@techreport{ayensonFlashCookiesPrivacy2011,
|
||||
@ -469,6 +470,17 @@ Web cache timing attacks},
|
||||
series = {{{CCS}} '00}
|
||||
}
|
||||
|
||||
@misc{fieldingHTTPSemanticsContent2014,
|
||||
title = {{{HTTP}}: {{Semantics}} and {{Content}} - {{Referer}}},
|
||||
shorttitle = {Hypertext {{Transfer Protocol}} ({{HTTP}}/1.1)},
|
||||
author = {Fielding, Roy and Reschke, Julian},
|
||||
year = {2014},
|
||||
month = jun,
|
||||
url = {https://tools.ietf.org/html/rfc7231\#section-5.5.2},
|
||||
urldate = {2020-08-10},
|
||||
note = {Accessed 2020-08-10}
|
||||
}
|
||||
|
||||
@article{frankenExposingCookiePolicy2019,
|
||||
title = {Exposing {{Cookie Policy Flaws Through}} an {{Extensive Evaluation}} of {{Browsers}} and {{Their Extensions}}},
|
||||
author = {Franken, Gertjan and Van Goethem, Tom and Joosen, Wouter},
|
||||
@ -1494,6 +1506,26 @@ The goal of the DOM specification is to define a programmatic interface for XML
|
||||
note = {Accessed 2020-02-09}
|
||||
}
|
||||
|
||||
@misc{whatwgFormsHTMLStandard2020,
|
||||
title = {Forms - {{HTML Standard}}},
|
||||
author = {WHATWG},
|
||||
year = {2020},
|
||||
month = aug,
|
||||
url = {https://html.spec.whatwg.org/multipage/forms.html},
|
||||
urldate = {2020-08-10},
|
||||
note = {Accessed 2020-08-10}
|
||||
}
|
||||
|
||||
@misc{whatwgHiddenStateHTML2020,
|
||||
title = {Hidden {{State}} - {{HTML Standard}}},
|
||||
author = {WHATWG},
|
||||
year = {2020},
|
||||
month = aug,
|
||||
url = {https://html.spec.whatwg.org/multipage/input.html\#hidden-state-(type\%3Dhidden)},
|
||||
urldate = {2020-08-10},
|
||||
note = {Accessed 2020-08-10}
|
||||
}
|
||||
|
||||
@misc{whatwgHTMLStandard2020,
|
||||
title = {{{HTML Standard}}},
|
||||
author = {WHATWG},
|
||||
@ -1545,7 +1577,8 @@ The goal of the DOM specification is to define a programmatic interface for XML
|
||||
url = {https://youtube-eng.googleblog.com/2015/01/youtube-now-defaults-to-html5_27.html},
|
||||
urldate = {2020-02-17},
|
||||
abstract = {Four years ago, we wrote about YouTube's early support for the HTML5 {$<$}video{$>$} tag and how it performed compared to Flash. At the time, there...},
|
||||
journal = {YouTube Engineering and Developers Blog}
|
||||
journal = {YouTube Engineering and Developers Blog},
|
||||
note = {Accessed 2020-08-10}
|
||||
}
|
||||
|
||||
@inproceedings{yuTrackingTrackers2016,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user