Use current template provided by the institute

Makefile

@@ -0,0 +1,63 @@
+BASENAME=thesis
+DISTNAME=thesis_latex
+DISTFOLDER?=$(shell pwd)
+CLASS=vutinfth
+VIEWER=zathura
+
+.PHONY: default all
+default: clean compile
+all: clean compile doc
+
+doc:
+	pdflatex -shell-escape ${CLASS}.dtx
+	pdflatex -shell-escape ${CLASS}.dtx
+	makeindex -s gglo.ist -o ${CLASS}.gls ${CLASS}.glo
+	makeindex -s gind.ist -o ${CLASS}.ind ${CLASS}.idx
+	pdflatex -shell-escape ${CLASS}.dtx
+	pdflatex -shell-escape ${CLASS}.dtx
+
+document-class: ${CLASS}.cls
+${CLASS}.cls:
+	pdflatex ${CLASS}.ins
+
+compile: document-class
+	pdflatex -shell-escape $(BASENAME)
+#	makeglossaries $(BASENAME)
+	pdflatex -shell-escape $(BASENAME)
+#	makeglossaries $(BASENAME)
+	bibtex $(BASENAME)
+	pdflatex -shell-escape $(BASENAME)
+	pdflatex -shell-escape $(BASENAME)
+
+view:
+	$(VIEWER) $(VIEWER_OPTIONS) $(BASENAME).pdf
+
+zip: clean compile doc
+	zip -9 -r --exclude=*.git* $(BASENAME).zip \
+		build-all.bat \
+		build-all.sh \
+		build-thesis.bat \
+		build-thesis.sh \
+		graphics \
+		intro.bib \
+		intro.tex \
+		lppl.txt \
+		Makefile \
+		README.txt \
+		README-vutinfth.txt \
+		thesis.tex \
+		thesis.pdf \
+		vutinfth.dtx \
+		vutinfth.ins
+
+dist: zip
+	cp $(BASENAME).zip $(DISTFOLDER)/$(DISTNAME).zip
+
+.PHONY: clean
+clean:
+	find . -type f  -not \( -name "${BASENAME}.tex" -o -name "*.backup" \) -name "${BASENAME}*" -delete -print
+	rm -f vutinfth.cls vutinfth.pdf
+	rm -f vutinfth.hd vutinfth.ind
+	find . -type f -name '*.aux' -delete -print
+	find . -type f -name '*.log' -delete -print
+	rm -f vutinfth.glo vutinfth.gls vutinfth.idx vutinfth.ilg vutinfth.out vutinfth.toc

abbrev/acronym.tex.aux

@@ -1,158 +0,0 @@
-\relax 
-\providecommand\hyper@newdestlabel[2]{}
-\@setckpt{abbrev/acronym.tex}{
-\setcounter{page}{1}
-\setcounter{equation}{0}
-\setcounter{enumi}{0}
-\setcounter{enumii}{0}
-\setcounter{enumiii}{0}
-\setcounter{enumiv}{0}
-\setcounter{footnote}{0}
-\setcounter{mpfootnote}{0}
-\setcounter{part}{0}
-\setcounter{chapter}{0}
-\setcounter{section}{0}
-\setcounter{subsection}{0}
-\setcounter{subsubsection}{0}
-\setcounter{paragraph}{0}
-\setcounter{subparagraph}{0}
-\setcounter{figure}{0}
-\setcounter{table}{0}
-\setcounter{parentequation}{0}
-\setcounter{su@anzahl}{0}
-\setcounter{LT@tables}{0}
-\setcounter{LT@chunks}{0}
-\setcounter{Item}{0}
-\setcounter{Hfootnote}{0}
-\setcounter{bookmark@seq@number}{0}
-\setcounter{FancyVerbLine}{0}
-\setcounter{linenumber}{1}
-\setcounter{LN@truepage}{0}
-\setcounter{FV@TrueTabGroupLevel}{0}
-\setcounter{FV@TrueTabCounter}{0}
-\setcounter{FV@HighlightLinesStart}{0}
-\setcounter{FV@HighlightLinesStop}{0}
-\setcounter{FancyVerbLineBreakLast}{0}
-\setcounter{float@type}{16}
-\setcounter{minted@FancyVerbLineTemp}{0}
-\setcounter{minted@pygmentizecounter}{0}
-\setcounter{listing}{0}
-\setcounter{lstnumber}{1}
-\setcounter{tabx@nest}{0}
-\setcounter{listtotal}{0}
-\setcounter{listcount}{0}
-\setcounter{liststart}{0}
-\setcounter{liststop}{0}
-\setcounter{citecount}{0}
-\setcounter{citetotal}{0}
-\setcounter{multicitecount}{0}
-\setcounter{multicitetotal}{0}
-\setcounter{instcount}{0}
-\setcounter{maxnames}{3}
-\setcounter{minnames}{3}
-\setcounter{maxitems}{3}
-\setcounter{minitems}{1}
-\setcounter{citecounter}{0}
-\setcounter{maxcitecounter}{0}
-\setcounter{savedcitecounter}{0}
-\setcounter{uniquelist}{0}
-\setcounter{uniquename}{0}
-\setcounter{refsection}{0}
-\setcounter{refsegment}{0}
-\setcounter{maxextratitle}{0}
-\setcounter{maxextratitleyear}{0}
-\setcounter{maxextraname}{2}
-\setcounter{maxextradate}{0}
-\setcounter{maxextraalpha}{0}
-\setcounter{abbrvpenalty}{50}
-\setcounter{highnamepenalty}{50}
-\setcounter{lownamepenalty}{25}
-\setcounter{maxparens}{3}
-\setcounter{parenlevel}{0}
-\setcounter{mincomprange}{10}
-\setcounter{maxcomprange}{100000}
-\setcounter{mincompwidth}{1}
-\setcounter{afterword}{0}
-\setcounter{savedafterword}{0}
-\setcounter{annotator}{0}
-\setcounter{savedannotator}{0}
-\setcounter{author}{0}
-\setcounter{savedauthor}{0}
-\setcounter{bookauthor}{0}
-\setcounter{savedbookauthor}{0}
-\setcounter{commentator}{0}
-\setcounter{savedcommentator}{0}
-\setcounter{editor}{0}
-\setcounter{savededitor}{0}
-\setcounter{editora}{0}
-\setcounter{savededitora}{0}
-\setcounter{editorb}{0}
-\setcounter{savededitorb}{0}
-\setcounter{editorc}{0}
-\setcounter{savededitorc}{0}
-\setcounter{foreword}{0}
-\setcounter{savedforeword}{0}
-\setcounter{holder}{0}
-\setcounter{savedholder}{0}
-\setcounter{introduction}{0}
-\setcounter{savedintroduction}{0}
-\setcounter{namea}{0}
-\setcounter{savednamea}{0}
-\setcounter{nameb}{0}
-\setcounter{savednameb}{0}
-\setcounter{namec}{0}
-\setcounter{savednamec}{0}
-\setcounter{translator}{0}
-\setcounter{savedtranslator}{0}
-\setcounter{shortauthor}{0}
-\setcounter{savedshortauthor}{0}
-\setcounter{shorteditor}{0}
-\setcounter{savedshorteditor}{0}
-\setcounter{labelname}{0}
-\setcounter{savedlabelname}{0}
-\setcounter{institution}{0}
-\setcounter{savedinstitution}{0}
-\setcounter{lista}{0}
-\setcounter{savedlista}{0}
-\setcounter{listb}{0}
-\setcounter{savedlistb}{0}
-\setcounter{listc}{0}
-\setcounter{savedlistc}{0}
-\setcounter{listd}{0}
-\setcounter{savedlistd}{0}
-\setcounter{liste}{0}
-\setcounter{savedliste}{0}
-\setcounter{listf}{0}
-\setcounter{savedlistf}{0}
-\setcounter{location}{0}
-\setcounter{savedlocation}{0}
-\setcounter{organization}{0}
-\setcounter{savedorganization}{0}
-\setcounter{origlocation}{0}
-\setcounter{savedoriglocation}{0}
-\setcounter{origpublisher}{0}
-\setcounter{savedorigpublisher}{0}
-\setcounter{publisher}{0}
-\setcounter{savedpublisher}{0}
-\setcounter{language}{0}
-\setcounter{savedlanguage}{0}
-\setcounter{origlanguage}{0}
-\setcounter{savedoriglanguage}{0}
-\setcounter{pageref}{0}
-\setcounter{savedpageref}{0}
-\setcounter{textcitecount}{0}
-\setcounter{textcitetotal}{0}
-\setcounter{textcitemaxnames}{0}
-\setcounter{biburlbigbreakpenalty}{100}
-\setcounter{biburlbreakpenalty}{200}
-\setcounter{biburlnumpenalty}{0}
-\setcounter{biburlucpenalty}{0}
-\setcounter{biburllcpenalty}{0}
-\setcounter{smartand}{1}
-\setcounter{bbx:relatedcount}{0}
-\setcounter{bbx:relatedtotal}{0}
-\setcounter{cbx@tempcnta}{0}
-\setcounter{cbx@tempcntb}{0}
-\setcounter{section@level}{0}
-\setcounter{lstlisting}{0}
-}

build-all.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+# Copyright (C) 2014-2020 by Thomas Auzinger <thomas@auzinger.name>
+
+CLASS=vutinfth
+SOURCE=thesis
+
+# Build vutinfth documentation
+pdflatex -shell-escape $CLASS.dtx
+pdflatex -shell-escape $CLASS.dtx
+makeindex -s gglo.ist -o $CLASS.gls $CLASS.glo
+makeindex -s gind.ist -o $CLASS.ind $CLASS.idx
+pdflatex -shell-escape $CLASS.dtx
+pdflatex -shell-escape $CLASS.dtx
+
+# Build the vutinfth class file
+pdflatex -shell-escape $CLASS.ins
+
+# Build the vutinfth example document
+pdflatex -shell-escape $SOURCE
+bibtex   $SOURCE
+pdflatex -shell-escape $SOURCE
+pdflatex -shell-escape $SOURCE
+makeindex -t $SOURCE.glg -s $SOURCE.ist -o $SOURCE.gls $SOURCE.glo
+makeindex -t $SOURCE.alg -s $SOURCE.ist -o $SOURCE.acr $SOURCE.acn
+makeindex -t $SOURCE.ilg -o $SOURCE.ind $SOURCE.idx
+pdflatex -shell-escape $SOURCE
+pdflatex -shell-escape $SOURCE
+
+echo
+echo
+echo Class file and example document compiled.

build-thesis.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+# Copyright (C) 2014-2020 by Thomas Auzinger <thomas@auzinger.name>
+
+# Replace the 'x' in the next line with the name of the thesis' main LaTeX document without the '.tex' extension
+SOURCE=thesis
+
+# Build the thesis document
+pdflatex -shell-escape $SOURCE
+bibtex   $SOURCE
+pdflatex -shell-escape $SOURCE
+pdflatex -shell-escape $SOURCE
+makeindex -t $SOURCE.glg -s $SOURCE.ist -o $SOURCE.gls $SOURCE.glo
+makeindex -t $SOURCE.alg -s $SOURCE.ist -o $SOURCE.acr $SOURCE.acn
+makeindex -t $SOURCE.ilg -o $SOURCE.ind $SOURCE.idx
+pdflatex -shell-escape $SOURCE
+pdflatex -shell-escape $SOURCE
+
+echo
+echo
+echo Thesis document compiled.

chapters/abstract-de.tex

@@ -1,35 +0,0 @@
-\documentclass[../main.tex]{subfiles}
-
-\begin{document}
-
-\chapter*{Kurzfassung}
-
-\emph{Über diese Vorlage:}
-Dieses Template dient als Vorlage für die Erstellung einer wissenschaftlichen
-Arbeit am INSO. Individuelle Erweiterungen, Strukturanpassungen und
-Layout-Veränderungen können und sollen selbstverständlich nach persönlichem
-Ermessen und in Rücksprache mit Ihrem Betreuer vorgenommen werden.
-
-\emph{Aufbau}:
-In der Kurzfassung werden auf einer 3/4 bis maximal einer Seite die Kernaussagen
-der Diplomarbeit zusammengefasst. Dabei sollte zunächst die Motivation/der
-Kontext der vorliegenden Arbeit dargestellt werden, und dann kurz die
-Frage-/Problemstellung erläutert werden, max. 1 Absatz! Im nächsten Absatz auf
-die Methode/Verfahrensweise/das konkrete Fallbeispiel eingehen, mit deren Hilfe
-die Ergebnisse erzielt wurden. Im Zentrum der Kurzfassung stehen die zentralen
-eigenen Ergebnisse der Arbeit, die den Wert der vorliegenden wissenschaftlichen
-Arbeit ausmachen. Hier auch, wenn vorhanden, eigene Publikationen erwähnen.
-
-\emph{Wichtig: Verständlichkeit!}
-Die Kurzfassung soll für Leser verständlich sein, denen das Gebiet der
-Arbeit fremd ist. Deshalb Abkürzungen immer zuerst ausschreiben, in Klammer
-dazu die Erklärung: z.B: \enquote{Im Rahmen der vorliegenden Arbeit werden
-Non Governmental-Organisationen (NGOs) behandelt, \ldots}. In \LaTeX wird
-diese bereits automatisch durch verwenden des Befehls \verb|\ac| erreicht.
-Für Details siehe Paket \texttt{glossaries}.
-
-\bigskip
-
-\section*{Schlüsselwörter}
-
-\end{document}

chapters/abstract-en.tex

@@ -1,29 +0,0 @@
-\documentclass[../main.tex]{subfiles}
-
-\begin{document}
-
-\chapter*{Abstract}
-
-\emph{About this template}:
-This template helps writing a scientific document at INSO. Users of this
-template are welcome to make individual modifications, extensions, and changes
-to layout and typography in accordance with their advisor.
-
-\emph{Writing an abstract}: The abstract summarizes the most important
-information within less than one page. Within the first paragraph, present the
-motivation and context for your work, followed by the specific aims. In the next
-paragraph, describe your methodology / approach, and / or the specific case you
-are working on. The third paragraph describes the results and the contribution
-of your work.
-
-\emph{Comprehensibility}: People with different backgrounds who are novel to
-your area of work should be able to understand the abstract. Therefore, acronyms
-should only be used after their full definition has given. E.g., ``This work
-relates to non-governmental organizations (NGOs), \ldots''.
-
-\bigskip
-
-\section*{Keywords}
-%Keyword, important, SubjectOfMyPaper, FieldOfWork.
-
-\end{document}

chapters/conclusion.tex

@@ -1,7 +0,0 @@
-\documentclass[../main.tex]{subfiles}
-
-\begin{document}
-
-\chapter{Conclusion}
-
-\end{document}

chapters/defences.tex

@@ -1,8 +0,0 @@
-\documentclass[../main.tex]{subfiles}
-
-\begin{document}
-
-\chapter{Defences against Tracking}
-\label{chap:defences against tracking}
-
-\end{document}

chapters/developments.tex

@@ -1,7 +0,0 @@
-\documentclass[../main.tex]{subfiles}
-
-\begin{document}
-
-\chapter{Future Tracking Ecosystem Developments}
-
-\end{document}

chapters/erklaerung.tex

@@ -1,29 +0,0 @@
-\documentclass[../main.tex]{subfiles}
-
-\begin{document}
-
-\chapter*{Erklärung zur Verfassung der Arbeit}
-
-\textsf{Tobias Eidelpes} \\
-
-Hiermit erkläre ich, dass ich diese Arbeit selbständig verfasst habe, dass ich
-die verwendeten Quellen und Hilfsmittel vollständig angegeben habe und dass
-ich die Stellen der Arbeit---einschließlich Tabellen, Karten und Abbildungen---,
-die anderen Werken oder dem Internet im Wortlaut oder dem Sinn nach entnommen
-sind, auf jeden Fall unter Angabe der Quelle als Entlehnung kenntlich gemacht habe.
-
-\vspace{2cm}
-
-\bigskip
-
-\begin{minipage}{0.55\textwidth}
-	\textsf{Wien, 31. März 2020} \\
-\end{minipage}
-\begin{minipage}{0.45\textwidth}
-\begin{tabular}{c}
-\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ \\
-\textsf{Tobias Eidelpes}
-\end{tabular}
-\end{minipage}
-
-\end{document}

chapters/implications.tex

@@ -1,7 +0,0 @@
-\documentclass[../main.tex]{subfiles}
-
-\begin{document}
-
-\chapter{Implications of Tracking}
-
-\end{document}

chapters/introduction.tex

@@ -1,16 +0,0 @@
-\documentclass[../main.tex]{subfiles}
-
-\begin{document}
-
-\chapter{Introduction}
-
-\section{Terms and Scope}
-\label{sec:Terms and Scope}
-
-\section{Background and Related Work}
-\label{sec:Background and Related Work}
-
-\section{Structure of the Thesis}
-\label{sec:Structure of the Thesis}
-
-\end{document}

cookie-syncing.drawio

@@ -0,0 +1 @@
+<mxfile host="www.draw.io" modified="2020-02-21T15:49:32.124Z" agent="Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0" etag="B-xuoaF9nph0aC_kFL44" version="12.7.3" type="device"><diagram name="Page-1" id="822b0af5-4adb-64df-f703-e8dfc1f81529">7Vxbc6M2FP41flwPkrg+xpdst7Od7mza2Zm+ZGSQsRqMKODEu7++EjeDAOMkBjyxySSxJXFkzjnfuYInaL7dfw5xsPmDOcSbQMXZT9BiAiFUgcb/iZGf6YgFjHTADamTDoHDwAP9RbJBJRvdUYdElYUxY15Mg+qgzXyf2HFlDIche6kuWzOvumuAXVIbeLCxVx/9QZ14k40CRTlM/Eaou8m2NrVsYoXtJzdkOz/bbwLROjnS6S3OaWXrow122EtpCC0naB4yFqevtvs58QRvc7al5923zBafOyR+fMoJDzNtMQf3GnK/LlXlX/Y3/vOfTxmVZ+ztSH4ZyYeNf+YMChj1YxIun/k+gtdggmbFtSj8jYOjDXGyN5t46+WL4pA9kTnzWMhHfOZzgrM19bx8iHNMU8QPH/fwinjfWERjynw+ZxOxKZ94JmFMubi+SgtWLI7ZtrTgzqOumIhZwEfZLvaoz3fPtUZsgrMlBXF+HYG4zO3eFdo9Zes1tcl0F5EwSv7yNRmH+C5k38p6UAiUA4WwLYnDn3xJjhIrw0SGEZSpxMtB4VQ9HdqUVC3XNJypuFsQPoiZv8gk/Qqpq91SJ75zJ9AluOXhKKJ2Vbhr5scZmAEsuEScGtg6eVRiQn7BTUwIiYdj+lwl38SZbIdvQm0PIkC6UhGBLvE2YrvQJtlJZRRJdHTzOJ0Yhy6Ja3QSMRUX/XbJaQ2S0z3OqtmKv3DFCzDNh/gOxSg/6fPyr4mwEffUd8h+mghTFjvX8bgq6BpmZLxtqeOI02chiegvvEpICbQlhiNhizabaAtBaxdzAKdK06pD70KaqmtVpBk1pAHQoGWwL6jp3VDDUZCaqDXdCzs6O6/FPbdl7TSi28jGZJrMBiGNyPSFrDhx8ugSn4SJIZG8gLEQP/1ohG5JGqHXNKLJ7KhqTwphtCJYXHxFM/T/diyf+JTi5o4vsIL9YS7Hd8ZjMLW56A74T2nmJuCDgd2AVdGCOtiNIbFudmOdbpNwtMzzBJ+zIpgswSILJ9EsO2tBty7/YB7lVv3e9mjwiEMu3XufxC8sfKK+mJ17bOc8PpCQs/YRQHPPf6cBn+pFBKbkVs16ZGM2iMDsSwTWeJEN3ySJIbqdQRojdCnSWJGScaZIyYRVOsawkRJoSm1Su+jQ54NNlKIn2BY9eQw7/N/v+Bk/2CEN4tK6CsFLMrIhi3Hm1aFyJqOrwap61P3psBEWgBeN+VGxrElYljPKU7EsZ0+y/e4by6gVywVEURtw54w90Sx0Ein9l4XIggQRBUCkXixgtfPgVUNV0QEF1AHbpIL9Abap/HCGEDip11xJ6AtbgF0SKhpUpk2FiVueO2KeC/L3YyW64ITSx622/H5LINWWgTVycRn0VOG4LvMOKkKFoO60h7XvJ9Q2PnrLAAJzmmc7r24bGNbUKh1mJ+W+Q+qmSokUUqu3TkLZro6d6OaEeyodw+sqHatV6Roj145he4p7rFyldZSrVpjHKIXbXIUyoWsrXskmHdaDZGtQsY/Yij+heJWndZ0V65SPo5WsVfWYd0XWVFFAccC3uXBTO+rCDe7CASwONKg3hyek3x+99cTFXMPyoL0n2JTwnsE/24Kta48z5po8tKVKdUtQz2uH9dA95bUuY6531aKFeh25+qCiHTG7PcELj+tcdVCVFkKSGN7aRIKqRKhvJ3lCyqu/oYt0N5svLgujPXSRoFSQ0usFqWG7SKgpG5aEcOs4DHpnnTbyrXXodjf7KHeza3VbMGjHAcF+IrNr7jggA9aEOmjHATUVxAaKyS6l44AMa6rrSnFIBM/TfOjYpOegDDUVwKSgzLj1IcrWduxHGlD7Qyjn6EOga0qF5T4EQmZNuoNWOVB7EetYH8J89W2zt16EJhl7c+wGI2qqcF1OGSQPPzqbEWjc++ePNiNURem/GaEia8RmBLo9ByPEXAPzoM0IVC92yX2EC7GvVj9FZbXhIetBPal6QoFqTGs6qpGUi8qq9cbcRk6Z1IHzF7X9MaMiDLLagqPvy8WX78u5SGLKXaByOoPus2qz0ACRLOl4m9QKk7/BbuXRaCPAuaiGzxcC7p7K0UWslEs9x1a5BAUHRXtTDerKnJ42ttNT22+iurVo3+VNtQZvOmiLVm2qEw3mTTtTjhT+o9UN5dhHFsOp3tRQjqYVhjUFxliVQvWU7z5RXlMq/GC+9WwVx7yPlou94aF+dKZeAH97+AasVFMOXzOGlv8D</diagram></mxfile>

main.tex

@@ -1,135 +0,0 @@
-\documentclass[a4paper,12pt,oneside]{scrreport}
-
-\usepackage[utf8]{inputenc}
-\usepackage[T1]{fontenc}
-\usepackage[scaled]{helvet}
-\usepackage{times}
-\usepackage{subfiles}
-\usepackage[english]{babel}
-\usepackage[includeheadfoot,left=3.4cm,right=2.4cm,bottom=1.5cm,top=1.7cm]{geometry}
-\usepackage{graphicx}
-\usepackage{microtype}
-\usepackage{setspace}
-\usepackage{fancyhdr}
-\usepackage[hidelinks]{hyperref}
-\usepackage{xcolor}
-\usepackage{minted}
-\usepackage{listings}
-\usepackage{csquotes}
-\usepackage{xr}
-\usepackage[acronym]{glossaries}
-\usepackage{lastpage}
-\usepackage{pdfpages}
-
-\glsenablehyper
-
-\setlength{\marginparwidth}{2cm}
-\setlength{\parindent}{0pt}
-\setlength{\parskip}{0.5em}
-
-\usepackage{todonotes}
-
-\fancypagestyle{frontmatter}{%
-    \fancyhead{}
-    \fancyfoot{}
-    \fancyfoot[C]{\thepage}
-    \renewcommand{\headrulewidth}{0pt}
-    \renewcommand{\footrulewidth}{0pt}
-}
-
-\definecolor{light-gray}{gray}{0.95}
-
-\RedeclareSectionCommand[beforeskip=0.5cm,afterskip=1.5cm]{chapter}
-\addtokomafont{chapter}{\normalfont\sffamily\huge}
-\addtokomafont{section}{\normalfont\sffamily\Large}
-\addtokomafont{subsection}{\normalfont\sffamily\large}
-
-\usepackage[backend=biber,style=ieee,urldate=iso,date=iso,seconds=true]{biblatex}
-
-\addbibresource{bibliography/references.bib}
-
-\hypersetup{
-    linkcolor=black,
-    urlcolor=black,
-    citecolor=black,
-    breaklinks=true,
-    colorlinks=true,
-    frenchlinks=true,
-    linktoc = all,
-    pdftitle = {Stateful Web Tracking: Techniques and Countermeasures},
-    pdfauthor = {Tobias Eidelpes}
-}
-
-\pagestyle{fancy}
-
-\renewcommand{\chaptermark}[1]{\markboth{\chaptername\ \thechapter.\ #1}{}}
-\renewcommand{\sectionmark}[1]{\markright{\arabic{chapter}.\arabic{section}.\ #1}}
-\renewcommand	{\headrulewidth}{0.4pt} % unterdruecken der Linie
-\renewcommand	{\footrulewidth}{0.4pt} % unterdruecken der Linie
-
-\fancyhead{}
-
-\fancyhead[L]{\leftmark}
-\fancyhead[R]{\rightmark}
-
-\fancyfoot{}
-\fancyfoot[L]{Stateful Web Tracking: Techniques and Countermeasures}
-\fancyfoot[R]{\thepage \ / \pageref{LastPage}}
-
-\fancypagestyle{plain}{}
-
-\graphicspath{{figures/}{../figures/}}
-
-\setstretch{1.1}
-
-\makeglossaries
-
-\begin{document}
-
-    \input{abbrev/acronym.tex}
-
-    \includepdf[pages=-]{chapters/titlepage.pdf}
-
-    \newpage
-
-    \pagenumbering{roman}
-
-    \subfile{chapters/erklaerung.tex}
-    \thispagestyle{frontmatter}
-
-    \subfile{chapters/abstract-de}
-    \thispagestyle{frontmatter}
-
-    \subfile{chapters/abstract-en}
-    \thispagestyle{frontmatter}
-
-    \tableofcontents
-    \thispagestyle{frontmatter}
-
-    \listoffigures
-    \thispagestyle{frontmatter}
-
-    \listoflistings
-    \thispagestyle{frontmatter}
-
-    \printglossary
-    \printglossary[type=\acronymtype]
-    \thispagestyle{frontmatter}
-
-    \subfile{chapters/introduction}
-
-    \pagenumbering{arabic}
-
-    \subfile{chapters/methods}
-
-    \subfile{chapters/defences}
-
-    \subfile{chapters/implications}
-
-    \subfile{chapters/developments}
-
-    \subfile{chapters/conclusion}
-
-    \printbibliography
-
-\end{document}

methods.tex

@@ -1,8 +1,3 @@
-\documentclass[../main.tex]{subfiles}
-\externaldocument{defences}
-
-\begin{document}
-
 \chapter{Tracking Methods}
 \label{chap:tracking methods}
 
@@ -81,15 +76,15 @@ with the same unique identifier leaves a trail behind that can be used to
 compile a browsing history. Sharing information with other parties is not only
 limited to unique identifiers. \gls{URL} parameters can also be used to pass the
 referrer of a web page containing a query that has been submitted by the user.
-\citeauthor{falahrastegarTrackingPersonalIdentifiers2016} demonstrate such an
+\citet{falahrastegarTrackingPersonalIdentifiers2016} demonstrate such an
 example where an advertisement tracker logs a user's browsing history by storing
 the referrer into a \texttt{(key,value)} pair
 \cite[p.~37]{falahrastegarTrackingPersonalIdentifiers2016}. Other possibilities
 include encoding geographical data, network properties, user information (e.g.,
 e-mails) and authentication credentials.
-\citeauthor{westMeasuringPrivacyDisclosures2014} conducted a survey concerning
+\citet{westMeasuringPrivacyDisclosures2014} conducted a survey concerning
 the use of \gls{URL} Query Strings and found it to be in widespread use on the
-web \cite{westMeasuringPrivacyDisclosures2014}.
+web.
 
 \subsection{Hidden Form Fields}
 \label{subsec:hidden form fields}
@@ -137,18 +132,17 @@ Referer field. The header with the referrer information gets attached to the
 requested web page and can establish a link from the original web page to the
 new web page. When applied to a majority of the requests on a site, the
 resulting data can be analyzed for promotional and statistical purposes.
-\citeauthor{malandrinoPrivacyAwarenessInformation2013} have shown that the
+\citet{malandrinoPrivacyAwarenessInformation2013} have shown that the
-\gls{HTTP} Referer is one of the most critical factors in leaking \gls{PII}
+\gls{HTTP} Referer is one of the most critical factors in leaking \gls{PII},
-\cite{malandrinoPrivacyAwarenessInformation2013}, because leakage of information
+because leakage of information relating to user's health has been identified as
-relating to user's health has been identified as the most severe in terms of
+the most severe in terms of identifiability of users on the web.
-identifiability of users on the web.
 
 \subsection{Explicit Authentication}
 \label{subsec:explicit authentication}
 
 Explicit authentication requires a user to \emph{explicitly} log in or register
-to the web site. This way, specific resources are only available to the user when
+to the web site. This way, specific resources are only available to the user
-he or she has authenticated themselves to the service. Actions taken on an
+when he or she has authenticated themselves to the service. Actions taken on an
 authenticated user account are tied to that account and crafting a personal
 profile is more or less a built-in function in this case. Since merely asking a
 user to authenticate is a simple method, the extent to which it can be used is
@@ -159,27 +153,25 @@ always requiring a logged in state can be a tiring task for users, because they
 have to be authenticated every time they visit a particular service. This can
 potentially pose a usability problem where users simply stop using the service
 or go to considerable lengths to avoid logging in. This largely depends on a
-cost-benefit analysis the users subconsciously undertake \cite{}. The third
+cost-benefit analysis the users subconsciously undertake. The third factor
-factor where this method is lacking, concerns the awareness of the user being
+where this method is lacking, concerns the awareness of the user being tracked.
-tracked. Since tracking users depends on them actively logging in to the
+Since tracking users depends on them actively logging in to the service,
-service, tracking them transparently is impossible. Even though most tracking
+tracking them transparently is impossible. Even though most tracking efforts
-efforts are not detected by the average user \cite{}, it is known that actions
+are not detected by the average user, it is known that actions taken on an
-taken on an account are logged to provide better service through service
+account are logged to provide better service through service optimization and
-optimization and profile personalization.
+profile personalization.
 
 Making an account on a web site to use their services to their full extent, can
 be beneficial in some cases. Facebook for example, allows their users to
 configure what they want to share with the public and their friends. Research
 has shown however, that managing which posts get shown to whom is not as
-straightforward as one might think.
+straightforward as one might think. \citet{liuAnalyzingFacebookPrivacy2011}
-\citeauthor{liuAnalyzingFacebookPrivacy2011}
+conducted a survey where they asked Facebook users about their desired privacy
-\cite{liuAnalyzingFacebookPrivacy2011} conducted a survey where they asked
+and visibility settings and cross-checked them with the actual settings they
-Facebook users about their desired privacy and visibility settings and
+have used for their posts. The results showed that in only 37\% of cases the
-cross-checked them with the actual settings they have used for their posts. The
+users' expectations match the reality. Additionally, 36\% of content is left on
-results showed that in only 37\% of cases the users' expectations match the
+the default privacy settings which set the visibility of posts to public,
-reality. Additionally, 36\% of content is left on the default privacy settings
+meaning that any Facebook user can view them.
-which set the visibility of posts to public, meaning that any Facebook user can
-view them.
 
 \subsection{window.name DOM Property}
 \label{subsec:window.name dom property}
@@ -296,27 +288,26 @@ policy applies to cookies, disallowing access by other domains.
 
 Distinguishing tracking and non-tracking cookies can be done with high accuracy
 by observing their expiration time and the length of the value field.
-\citeauthor{liTrackAdvisorTakingBack2015} \cite{liTrackAdvisorTakingBack2015}
+\citet{liTrackAdvisorTakingBack2015} demonstrate a supervised learning approach
-demonstrate a supervised learning approach to detecting tracking cookies with
+to detecting tracking cookies with their tool \emph{TrackAdvisor}. They found
-their tool \emph{TrackAdvisor}. They found that tracking cookies generally have
+that tracking cookies generally have a longer expiration time than non-tracking
-a longer expiration time than non-tracking cookies and they need to have a
+cookies and they need to have a sufficiently long value field carrying the
-sufficiently long value field carrying the unique identifier. Using this method,
+unique identifier. Using this method, they found that only 10\% of tracking
-they found that only 10\% of tracking cookies have a lifetime of a single day or
+cookies have a lifetime of a single day or less while 80\% of non-tracking
-less while 80\% of non-tracking cookies expire before a day is over.
+cookies expire before a day is over.  Additionally, a length of more than 35
-Additionally, a length of more than 35 characters in the value field applies to
+characters in the value field applies to 80\% of tracking cookies and a value
-80\% of tracking cookies and a value field of less than 35 characters applies to
+field of less than 35 characters applies to 80\% of non-tracking cookies.
-80\% of non-tracking cookies. \emph{Cookie Chunking}, where a cookie of larger
+\emph{Cookie Chunking}, where a cookie of larger length is split into multiple
-length is split into multiple cookies with smaller length, did not appear to
+cookies with smaller length, did not appear to affect detection by their method
-affect detection by their method negatively. They also present a site
+negatively. They also present a site measurement of the Alexa Top 10,000 web
-measurement of the Alexa Top 10,000 web sites, finding that 46\% of web sites use
+sites, finding that 46\% of web sites use third party tracking. More recent
-third party tracking. More recent research
+research \cite{gonzalezCookieRecipeUntangling2017} has shown that tracking
-\cite{gonzalezCookieRecipeUntangling2017} has shown that tracking cookies do not
+cookies do not have to be long lasting to accumulate data about users. Some
-have to be long lasting to accumulate data about users. Some cookies---like the
+cookies---like the \texttt{\_\_utma} cookie from Google Analytics for
-\texttt{\_\_utma} cookie from Google Analytics for example---save a timestamp of
+example---save a timestamp of the current visit with the unique identifier,
-the current visit with the unique identifier, thereby allowing to use cookies
+thereby allowing to use cookies which last a short time but can be afterwards
-which last a short time but can be afterwards used in series to complete the
+used in series to complete the whole picture.
-whole picture. \citeauthor{gonzalezCookieRecipeUntangling2017}
+\citet{gonzalezCookieRecipeUntangling2017} have also found 20\% of observed
-\cite{gonzalezCookieRecipeUntangling2017} have also found 20\% of observed
 cookies to be \gls{URL} or base64 encoded, making decoding of cookies a
 necessary step for analysis. Furthermore---and contrary to previous work---,
 cookie values are found in much more varieties than is assumed by approaches
@@ -350,34 +341,33 @@ the Flash Player runtime to get rid of them. Trackers were searching for a new
 way to store identifiers because users became increasingly aware of the dangers
 posed by \gls{HTTP} cookies and reacted by taking countermeasures.
 
-\citeauthor{soltaniFlashCookiesPrivacy2009}
+\citet{soltaniFlashCookiesPrivacy2009} were the first to report on the usage of
-\cite{soltaniFlashCookiesPrivacy2009} were the first to report on the usage of
 Flash cookies by advertisers and popular web sites. While surveying the top 100
 web sites at the time, they found that 54\% of them used Flash cookies. Some
-web sites were setting Flash cookies as well as \gls{HTTP} cookies with the same
+web sites were setting Flash cookies as well as \gls{HTTP} cookies with the
-values, suggesting that Flash cookies serve as backup to \gls{HTTP} cookies.
+same values, suggesting that Flash cookies serve as backup to \gls{HTTP}
-Several web sites were found using Flash cookies to respawn already deleted
+cookies.  Several web sites were found using Flash cookies to respawn already
-\gls{HTTP} cookies, even across domains. \citeauthor{acarWebNeverForgets2014}
+deleted \gls{HTTP} cookies, even across domains.
-\cite{acarWebNeverForgets2014} automated detecting Flash cookies and access to
+\citet{acarWebNeverForgets2014} automated detecting Flash cookies and access to
 them by monitoring file access with the GNU/Linux \emph{strace} tool
 \cite{michaelStraceLinuxManual2020}. This allowed them to acquire data about
 Flash cookies respawning \gls{HTTP} cookies. Their results show that six of the
 top 100 sites use Flash cookies for respawning.
 
 Even though Flash usage has declined during the last few years thanks to the
-development of the HTML5 standard, \citeauthor{buhovFLASH20thCentury2018}
+development of the HTML5 standard, \citet{buhovFLASH20thCentury2018} have shown
-\cite{buhovFLASH20thCentury2018} have shown that despite major security flaws,
+that despite major security flaws, Flash content is still served by 7.5\% of
-Flash content is still served by 7.5\% of the top one million web sites (2017).
+the top one million web sites (2017).  The W3Techs Web Technology Survey shows
-The W3Techs Web Technology Survey shows a similar trend and also offers an
+a similar trend and also offers an up-to-date measurement of 2.7\% of the top
-up-to-date measurement of 2.7\% of the top ten million web sites for the year
+ten million web sites for the year 2020
-2020 \cite{w3techsHistoricalYearlyTrends2020}. Due to the security concerns with
+\cite{w3techsHistoricalYearlyTrends2020}. Due to the security concerns with
-using Flash, Google's popular video sharing platform YouTube switched by default
+using Flash, Google's popular video sharing platform YouTube switched by
-to the HTML5 <video> tag in January of 2015
+default to the HTML5 <video> tag in January of 2015
-\cite{youtubeengineeringYouTubeNowDefaults2015}. In 2017 Adobe announced that they
+\cite{youtubeengineeringYouTubeNowDefaults2015}. In 2017 Adobe announced that
-will end-of-life Flash at the end of 2020, stopping updates and distribution
+they will end-of-life Flash at the end of 2020, stopping updates and
-\cite{adobecorporatecommunicationsFlashFutureInteractive2017}. Consequently,
+distribution \cite{adobecorporatecommunicationsFlashFutureInteractive2017}.
-Chrome 76 and Firefox 69 disabled Flash by default and will drop support
+Consequently, Chrome 76 and Firefox 69 disabled Flash by default and will drop
-entirely in 2020.
+support entirely in 2020.
 
 Similarly to Flash, Java also provides a way of storing data locally on the
 user's computer via the PersistenceService \gls{API}
@@ -404,11 +394,9 @@ evercookie is therefore not easy to do. Additionally, it is reported on the
 project's github page that it might cause severe performance issues in browsers.
 
 Evercookie has been proposed and implemented by
-\citeauthor{kamkarEvercookieVirtuallyIrrevocable2010} in
+\citet{kamkarEvercookieVirtuallyIrrevocable2010}. Multiple surveys have tried
-\cite{kamkarEvercookieVirtuallyIrrevocable2010}. Multiple surveys have tried to
+to quantify the use of evercookie in the wild.  \citet{acarWebNeverForgets2014}
-quantify the use of evercookie in the wild.
+provide a heuristic for detecting evercookies stored on the user's computer and
-\citeauthor{acarWebNeverForgets2014} provide a heuristic for detecting
-evercookies stored on the user's computer \cite{acarWebNeverForgets2014} and
 analyze evercookie usage in conjunction with cookie respawning.
 
 \subsection{Cookie Synchronization}
@@ -426,7 +414,7 @@ necessarily having to know the web site the user visits.
 
 \begin{figure}[ht]
 	\centering
-	\includegraphics[width=1\textwidth]{cookiesyncing}
+	\includegraphics[width=1\textwidth]{../figures/cookiesyncing.pdf}
 	\label{fig:cookie synchronization}
 	\caption{Cookie Synchronization in practice between two trackers
 	\emph{cloudflare.com} and \emph{google.com}.}
@@ -467,24 +455,22 @@ knowing.
 
 Cookie Synchronization has seen widespread adoption especially in \gls{RTB}
 based auctions \cite{olejnikSellingPrivacyAuction2014}.
-\citeauthor{papadopoulosCookieSynchronizationEverything2019}
+\citet{papadopoulosCookieSynchronizationEverything2019} recorded and analyzed
-\cite{papadopoulosCookieSynchronizationEverything2019} recorded and analyzed the
+the browsing habits of 850 users over a time period of one year and found that
-browsing habits of 850 users over a time period of one year and found that 97\%
+97\% of users with regular browsing activity were exposed to Cookie
-of users with regular browsing activity were exposed to Cookie Synchronization
+Synchronization at least once. Furthermore, they found that ``[...] the average
-at least once. Furthermore, they found that ``[...] the average user receives
+user receives around 1 synchronization per 68 requests''
-around 1 synchronization per 68 requests''
 \cite[p.~7]{papadopoulosCookieSynchronizationEverything2019}. In
 \cite{englehardtOnlineTracking1MillionSite2016} the authors crawl the top
-100,000 sites and find that 45 of the top 50 (90\%) third parties and 460 of the
+100,000 sites and find that 45 of the top 50 (90\%) third parties and 460 of
-top 1000 (46\%) use Cookie Synchronization with at least one other party.
+the top 1000 (46\%) use Cookie Synchronization with at least one other party.
-\emph{Doubleclick.net} being at the top sharing 108 cookies with 118 other third
+\emph{Doubleclick.net} being at the top sharing 108 cookies with 118 other
-parties. \citeauthor{papadopoulosExclusiveHowSynced2018} show in
+third parties. \citet{papadopoulosExclusiveHowSynced2018} show the threat
-\cite{papadopoulosExclusiveHowSynced2018} the threat that Cookie Synchronization
+that Cookie Synchronization poses to encrypted \gls{TLS} sessions by performing
-poses to encrypted \gls{TLS} sessions by performing the cookie-syncing over
+the cookie-syncing over unencrypted \gls{HTTP} even though the original request
-unencrypted \gls{HTTP} even though the original request to the web site was
+to the web site was encrypted. This highlights the serious privacy implications
-encrypted. This highlights the serious privacy implications for users of
+for users of \gls{VPN} services trying to safeguard their traffic from a
-\gls{VPN} services trying to safeguard their traffic from a potentially
+potentially malicious \gls{ISP}.
-malicious \gls{ISP}.
 
 \subsection{Silverlight Isolated Storage}
 \label{subsec:silverlight isolated storage}
@@ -545,14 +531,12 @@ storage.
 
 HTML5 Web Storage can be used for tracking in the same way that cookies are
 used: by storing unique identifiers which are read on subsequent visits.
-\citeauthor{ayensonFlashCookiesPrivacy2011}
+\citet{ayensonFlashCookiesPrivacy2011} found that 17 of the top 100 web sites
-\cite{ayensonFlashCookiesPrivacy2011} found that 17 of the top 100 web sites
 used HTML5 Web Storage with some of them using it for cookie respawing (see
 section~\ref{subsec:evercookie}). A recent survey by
-\citeauthor{belloroKnowWhatYou2018} \cite{belloroKnowWhatYou2018} looks at Web
+\citet{belloroKnowWhatYou2018} looks at Web Storage usage in general and found
-Storage usage in general and found that 83.09\% of the top 10K Alexa web sites
+that 83.09\% of the top 10K Alexa web sites use it. The authors flagged 63.88\%
-use it. The authors flagged 63.88\% of those usages as coming from known
+of those usages as coming from known tracking domains.
-tracking domains.
 
 \subsection{HTML5 Indexed Database API}
 \label{subsec:html5 indexed database api}
@@ -580,16 +564,15 @@ an editors draft until it is ready for recommendation.
 
 HTML5 IndexedDB has been added to the evercookie library (see
 section~\ref{subsec:evercookie}) by
-\citeauthor{kamkarEvercookieVirtuallyIrrevocable2010}, providing redundancy for
+\citet{kamkarEvercookieVirtuallyIrrevocable2010}, providing redundancy for
-\gls{HTTP} cookies. \citeauthor{acarWebNeverForgets2014}
+\gls{HTTP} cookies. \citet{acarWebNeverForgets2014} have shown that only 20 of
-\cite{acarWebNeverForgets2014} have shown that only 20 of 100.000 surveyed sites
+100.000 surveyed sites use the IndexedDB storage vector with one of them
-use the IndexedDB storage vector with one of them (\texttt{weibo.com}) using it
+(\texttt{weibo.com}) using it for respawning \gls{HTTP} cookies. A more recent
-for respawning \gls{HTTP} cookies. A more recent study by
+study by \citet{belloroKnowWhatYou2018} paints a different picture: On a
-\citeauthor{belloroKnowWhatYou2018} \cite{belloroKnowWhatYou2018} paints a
+dataset provided by the \gls{HTTP} Archive project
-different picture: On a dataset provided by the \gls{HTTP} Archive project
 \cite{soudersAnnouncingHTTPArchive2011}, they found that 5.56\% of observed
-sites use IndexedDB. Of those that use IndexedDB, 31.87\% of usages appear to be
+sites use IndexedDB. Of those that use IndexedDB, 31.87\% of usages appear to
-coming from domains that are flagged as `trackers'.
+be coming from domains that are flagged as trackers.
 
 \subsection{Web SQL Database}
 \label{subsec:web sql database}
@@ -613,11 +596,11 @@ affiliated with the origin but have a different name (e.g. subdomains).
 
 Due to the W3C abandoning the Web SQL Database standard, not many reports on
 usage for tracking purposes exist. The method has been added, however, to the
-evercookie library by \citeauthor{kamkarEvercookieVirtuallyIrrevocable2010} (see
+evercookie library by \citet{kamkarEvercookieVirtuallyIrrevocable2010} (see
 section~\ref{subsec:evercookie}) to add another layer of redundancy for storing
 unique identifiers and respawning deleted ones. By performing static analysis on
 a dataset provided by the \gls{HTTP} Archive project
-\cite{soudersAnnouncingHTTPArchive2011}, \citeauthor{belloroKnowWhatYou2018}
+\cite{soudersAnnouncingHTTPArchive2011}, \citet{belloroKnowWhatYou2018}
 found that 1.34\% of the surveyed web sites use Web SQL Database in one of their
 subresources. 53.59\% of Web SQL Database usage are considered to be coming from
 known tracking domains. This ratio is lower for the first 10K web sites as
@@ -656,27 +639,24 @@ colour, compare it with the colour that has been set for visited and non-visited
 web sites and see if a web site has already been visited or not.
 
 A solution to the problem has been proposed and subsequently implemented by
-\citeauthor{baronPreventingAttacksUser2010}
+\citet{baronPreventingAttacksUser2010} in 2010, making
-\cite{baronPreventingAttacksUser2010} in 2010, making
 \texttt{getComputedStyle()} and similar functions lie about the state of the
-visited links and marking them as unvisited. Another solution has been developed
+visited links and marking them as unvisited. Another solution has been
-by \citeauthor{jacksonProtectingBrowserState2006}
+developed by \citet{jacksonProtectingBrowserState2006} in form of a browser
-\cite{jacksonProtectingBrowserState2006} in form of a browser extension that
+extension that enforces the same-origin policy for browser histories as well.
-enforces the same-origin policy for browser histories as well. Although their
+Although their approach limits access to a user's browsing history by third
-approach limits access to a user's browsing history by third parties, first
+parties, first parties are unencumbered by the same-origin policy. Their
-parties are unencumbered by the same-origin policy. Their browser extension
+browser extension does, however, thwart the attack carried out by
-does, however, thwart the attack carried out by
+\citet{jancWebBrowserHistory2010} where the authors were able to check for up
-\citeauthor{jancWebBrowserHistory2010} in \cite{jancWebBrowserHistory2010} where
+to 30.000 links per second.
-the authors were able to check for up to 30.000 links per second.
 
-\citeauthor{wondracekPracticalAttackDeanonymize2010}
+\citet{wondracekPracticalAttackDeanonymize2010} demonstrate the severity of
-\cite{wondracekPracticalAttackDeanonymize2010} demonstrate the severity of
 history stealing attacks (e.g. visited link differentiation) on user privacy by
-probing for \glspl{URL} that encode user information such as group membership in
+probing for \glspl{URL} that encode user information such as group membership
-social networks. By constructing a set of group memberships for each user, the
+in social networks. By constructing a set of group memberships for each user,
-results can uniquely identify a person. Furthermore, information that is not yet
+the results can uniquely identify a person. Furthermore, information that is
-attributed to a single user but to a group as a whole can be used to more
+not yet attributed to a single user but to a group as a whole can be used to
-accurately identify members of said group.
+more accurately identify members of said group.
 
 Other ways of utilizing a web browser's cache to track users are tracking
 whether a web site asset (e.g., an image or script) has already been cached by
@@ -731,45 +711,43 @@ to circumvent because caches exist solely for that purpose. Countermeasures
 either cause a massive slowdown when browsing the web due to the ubiquity of
 caches, or imply a substantial change in user agent design.
 
-\citeauthor{feltenTimingAttacksWeb2000} \cite{feltenTimingAttacksWeb2000} were
+\citet{feltenTimingAttacksWeb2000} were the first to conduct a study on the
-the first to conduct a study on the feasibility of cache timing attacks and
+feasibility of cache timing attacks and concluded that accuracy in determining
-concluded that accuracy in determining whether a file has been loaded from cache
+whether a file has been loaded from cache or downloaded from a server is
-or downloaded from a server is generally very high ($>95$\%). Furthermore, they
+generally very high ($>95$\%). Furthermore, they evaluated a host of
-evaluated a host of countermeasures such as turning off caching, altering hit or
+countermeasures such as turning off caching, altering hit or miss performance
-miss performance and turning off Java and JavaScript but concluded that they
+and turning off Java and JavaScript but concluded that they were unattractive
-were unattractive or at worst ineffective. They propose a partial remedy for
+or at worst ineffective. They propose a partial remedy for cache timing by
-cache timing by introducing \emph{Domain Tagging} which requires that resources
+introducing \emph{Domain Tagging} which requires that resources are tagged with
-are tagged with the domain they have initially been loaded from. Once another
+the domain they have initially been loaded from. Once another web site wants to
-web site wants to determine whether a user has visited a site before by
+determine whether a user has visited a site before by cross-loading a resource,
-cross-loading a resource, the domain does not match the tagged domain on the
+the domain does not match the tagged domain on the resource. If that is the
-resource. If that is the case, the initial cache hit gets transformed into a
+case, the initial cache hit gets transformed into a cache miss and the resource
-cache miss and the resource has to be downloaded again, fooling the attacker
+has to be downloaded again, fooling the attacker into believing that the origin
-into believing that the origin web site has not been visited before. It is
+web site has not been visited before. It is necessary to mention that at the
-necessary to mention that at the time (2000) \glspl{CDN} were not as widely
+time (2000) \glspl{CDN} were not as widely used as today. Since web sites rely
-used as today. Since web sites rely on \glspl{CDN} to cache resources that are
+on \glspl{CDN} to cache resources that are used on multiple sites and can thus
-used on multiple sites and can thus be served much faster from cache, domain
+be served much faster from cache, domain tagging would effectively nullify the
-tagging would effectively nullify the performance boost a \gls{CDN} provides by
+performance boost a \gls{CDN} provides by converting every cache hit into a
-converting every cache hit into a cache miss. The authors themselves question
+cache miss. The authors themselves question the effectiveness of such an
-the effectiveness of such an approach.
+approach.
 
-Because the attack presented by \citeauthor{feltenTimingAttacksWeb2000} relies
+Because the attack presented by \citet{feltenTimingAttacksWeb2000} relies on
-on being able to accurately time resource loading, a reliable network is needed.
+being able to accurately time resource loading, a reliable network is needed.
 Today a sizeable portion of internet activity comes from mobile devices which
 are often not connected via cable but wirelessly.
-\citeauthor{vangoethemClockStillTicking2015}
+\citet{vangoethemClockStillTicking2015} have therefore proposed four new
-\cite{vangoethemClockStillTicking2015} have therefore proposed four new methods
+methods to accurately time resource loading over unstable networks. By using
-to accurately time resource loading over unstable networks. By using these
+these improved methods, they managed to determine whether a user is a member of
-improved methods, they managed to determine whether a user is a member of a
+a particular age group (in this case between 23 and 32). The authors also ran
-particular age group (in this case between 23 and 32). The authors also ran
 their attacks against other social networks (LinkedIn, Twitter, Google and
 Amazon), successfully extracting sensitive information on users. The research
 discussed so far has not tackled the problem through a quantitative perspective
 but instead focused on individual cases. Due to this missing piece,
-\citeauthor{sanchez-rolaBakingTimerPrivacyAnalysis2019}
+\citet{sanchez-rolaBakingTimerPrivacyAnalysis2019} conducted a survey on 10K
-\cite{sanchez-rolaBakingTimerPrivacyAnalysis2019} conducted a survey on 10K
+web sites to determine how feasible it is to perform a history sniffing attack
-web sites to determine how feasible it is to perform a history sniffing attack on
+on a large scale. Their tool \textsc{BakingTimer} collects timing information
-a large scale. Their tool \textsc{BakingTimer} collects timing information on
+on \gls{HTTP} requests, checking for logged in status and sensitive data. Their
-\gls{HTTP} requests, checking for logged in status and sensitive data. Their
 results show that 71.07\% of the surveyed web sites are vulnerable to the
 attack.
 
@@ -796,17 +774,16 @@ an \gls{HTTP} 304 Not-Modified status. Otherwise, the answer contains a full
 therefore improve performance and cache consistency while at the same time
 reducing bandwidth usage.
 
-As with most other tracking methods, unique identifiers can be stored inside the
+As with most other tracking methods, unique identifiers can be stored inside
-\gls{ETag} header because it offers a storage capacity of 81864 bits. Once the
+the \gls{ETag} header because it offers a storage capacity of 81864 bits. Once
-identifier has been placed in the \gls{ETag} header, the server can answer
+the identifier has been placed in the \gls{ETag} header, the server can answer
 requests to check for an updated resource always with an \gls{HTTP} 301
 Not-Modified header, effectively persisting the unique identifier in the
 client's cache. During their 2011 survey of QuantCast.com's top 100 U.S. based
-web sites \citeauthor{ayensonFlashCookiesPrivacy2011}
+web sites \citet{ayensonFlashCookiesPrivacy2011} found \texttt{hulu.com} to be
-\cite{ayensonFlashCookiesPrivacy2011} found \texttt{hulu.com} to be using
+using \glspl{ETag} as backup for tracking cookies that are set by
-\glspl{ETag} as backup for tracking cookies that are set by \texttt{KISSmetrics}
+\texttt{KISSmetrics} (an analytics platform). This allowed cookies to be
-(an analytics platform). This allowed cookies to be respawned once they had been
+respawned once they had been cleared by checking the \gls{ETag} header.
-cleared by checking the \gls{ETag} header.
 
 \subsection{DNS Cache}
 \label{subsec:dns cache}
@@ -826,14 +803,14 @@ operating system has it's own cache that applications can ask for name
 resolution. Some applications introduce another layer of caching by having their
 own cache (e.g., browsers).
 
-\citeauthor{kleinDNSCacheBasedUser2019} \cite{kleinDNSCacheBasedUser2019}
+\citet{kleinDNSCacheBasedUser2019} demonstrated a tracking method which is
-demonstrated a tracking method which is using \gls{DNS} caches to assign unique
+using \gls{DNS} caches to assign unique identifiers to client machines. In
-identifiers to client machines. In order for the technique to work, the tracker
+order for the technique to work, the tracker has to have control over one web
-has to have control over one web server (or multiple) as well as an
+server (or multiple) as well as an authoritative \gls{DNS} server which
-authoritative \gls{DNS} server which associates the web servers with a domain
+associates the web servers with a domain name under the control of the tracker.
-name under the control of the tracker. The tracking process starts once a user
+The tracking process starts once a user agent requests a web site which loads a
-agent requests a web site which loads a script from one of the web servers the
+script from one of the web servers the attacker is controlling.  The process
-attacker is controlling.  The process can then be sketched out as follows (see
+can then be sketched out as follows (see
 \cite[p.~5]{kleinDNSCacheBasedUser2019} for a detailed description).
 
 \begin{enumerate}
@@ -857,7 +834,7 @@ is unique and thus allows identification of not only the browser but the client
 machine itself.
 
 Advantages of this tracking method are that it works across browsers in most
-cases. \citeauthor{kleinDNSCacheBasedUser2019} found that it survives browser
+cases. \citet{kleinDNSCacheBasedUser2019} found that it survives browser
 restarts and is resistant to the privacy mode employed by modern browsers.
 Futhermore, \glspl{VPN} do not affect the method and it works with different
 protocols (\gls{HTTPS}, \gls{IPv6}, \gls{DNSSEC}).
@@ -901,25 +878,23 @@ identity provides a mechanism by which information associated with a secure
 connection (certificates, keys) can be restored.
 
 Because resuming a connection reuses information that has been exchanged before
-to establish secure communication, individual sessions can be linked together to
+to establish secure communication, individual sessions can be linked together
-form a history of information exchanges. This tracking method is described by
+to form a history of information exchanges. This tracking method is described
-\citeauthor{syTrackingUsersWeb2018} in \cite{syTrackingUsersWeb2018}. Even
+by \citet{syTrackingUsersWeb2018}. Even though \gls{TLS} session resumption can
-though \gls{TLS} session resumption can be mitigated by restarting the browser
+be mitigated by restarting the browser because that clears the cache, the
-because that clears the cache, the authors argue that due to mobile devices
+authors argue that due to mobile devices being online without restarts for long
-being online without restarts for long periods the attack remains viable.
+periods the attack remains viable.  Futhermore, despite browsers imposing
-Futhermore, despite browsers imposing limits on the lifetime of session
+limits on the lifetime of session identifiers and \glspl{PSK}, it is possible
-identifiers and \glspl{PSK}, it is possible to maintain a session indefinitely
+to maintain a session indefinitely by carrying out a \emph{prolongation
-by carrying out a \emph{prolongation attack}. \citeauthor{syTrackingUsersWeb2018}
+attack}. \citet{syTrackingUsersWeb2018} define a prolongation attack as an
-define a prolongation attack as an attack where the client asks for a session
+attack where the client asks for a session resumption by sending the identifier
-resumption by sending the identifier of a previously initiated connection and
+of a previously initiated connection and the server responds with a new
-the server responds with a new handshake instead of resuming the old one. This
+handshake instead of resuming the old one. This effectively resets the time
-effectively resets the time limit as long as the user is initiating new (or
+limit as long as the user is initiating new (or trying to resume old)
-trying to resume old) connections to the server within the imposed time limit.
+connections to the server within the imposed time limit.
 
 The authors present an empirical evaluation of server and browser configurations
 with respect to session resumption lifetime by crawling the top 1M web sites as
 determined by Alexa. Their results indicate that only 4\% of those sites do not
 allow session resumption at all, while the majority (78\%) allows session
 identifiers as well as tickets.
-
-\end{document}

thesis.tex

@@ -0,0 +1,149 @@
+% Copyright (C) 2014-2020 by Thomas Auzinger <thomas@auzinger.name>
+
+\documentclass[draft,final]{vutinfth} % Remove option 'final' to obtain debug information.
+
+% Load packages to allow in- and output of non-ASCII characters.
+\usepackage{lmodern}        % Use an extension of the original Computer Modern font to minimize the use of bitmapped letters.
+\usepackage[T1]{fontenc}    % Determines font encoding of the output. Font packages have to be included before this line.
+\usepackage[utf8]{inputenc} % Determines encoding of the input. All input files have to use UTF8 encoding.
+
+% Extended LaTeX functionality is enables by including packages with \usepackage{...}.
+\usepackage{amsmath}    % Extended typesetting of mathematical expression.
+\usepackage{amssymb}    % Provides a multitude of mathematical symbols.
+\usepackage{mathtools}  % Further extensions of mathematical typesetting.
+\usepackage{microtype}  % Small-scale typographic enhancements.
+\usepackage[inline]{enumitem} % User control over the layout of lists (itemize, enumerate, description).
+\usepackage{multirow}   % Allows table elements to span several rows.
+\usepackage{booktabs}   % Improves the typesettings of tables.
+\usepackage{subcaption} % Allows the use of subfigures and enables their referencing.
+\usepackage[ruled,linesnumbered,algochapter]{algorithm2e} % Enables the writing of pseudo code.
+\usepackage[usenames,dvipsnames,table]{xcolor} % Allows the definition and use of colors. This package has to be included before tikz.
+\usepackage{nag}       % Issues warnings when best practices in writing LaTeX documents are violated.
+\usepackage{todonotes} % Provides tooltip-like todo notes.
+\usepackage{listings}
+\usepackage{minted}
+\usepackage[numbers]{natbib}
+\usepackage{hyperref}  % Enables cross linking in the electronic document version. This package has to be included second to last.
+\usepackage[acronym,toc]{glossaries} % Enables the generation of glossaries and lists fo acronyms. This package has to be included last.
+
+% Define convenience functions to use the author name and the thesis title in the PDF document properties.
+\newcommand{\authorname}{Tobias Eidelpes} % The author name without titles.
+\newcommand{\thesistitle}{Stateful Web Tracking: Techniques and Countermeasures} % The title of the thesis. The English version should be used, if it exists.
+
+% Set PDF document properties
+\hypersetup{
+    pdfpagelayout   = TwoPageRight,           % How the document is shown in PDF viewers (optional).
+    linkbordercolor = {Melon},                % The color of the borders of boxes around crosslinks (optional).
+    pdfauthor       = {\authorname},          % The author's name in the document properties (optional).
+    pdftitle        = {\thesistitle},         % The document's title in the document properties (optional).
+    pdfsubject      = {Web Tracking},              % The document's subject in the document properties (optional).
+    pdfkeywords     = {Stateful, Web, Tracking, Survey} % The document's keywords in the document properties (optional).
+}
+
+\setpnumwidth{2.5em}        % Avoid overfull hboxes in the table of contents (see memoir manual).
+\setsecnumdepth{subsection} % Enumerate subsections.
+
+\definecolor{light-gray}{gray}{0.95} % Define colour for minted code snippets
+
+\nonzeroparskip             % Create space between paragraphs (optional).
+\setlength{\parindent}{0pt} % Remove paragraph identation (optional).
+
+\makeindex      % Use an optional index.
+\makeglossaries % Use an optional glossary.
+%\glstocfalse   % Remove the glossaries from the table of contents.
+
+% Set persons with 4 arguments:
+%  {title before name}{name}{title after name}{gender}
+%  where both titles are optional (i.e. can be given as empty brackets {}).
+\setauthor{}{\authorname}{}{male}
+\setauthorextra
+\setadvisor{}{Thomas Grechenig}{}{male}
+
+% For bachelor and master theses:
+\setfirstassistant{}{Karl Pinter}{}{male}
+
+% Required data.
+\setregnumber{01527193}
+\setdate{31}{03}{2020} % Set date with 3 arguments: {day}{month}{year}.
+\settitle{\thesistitle}{Stateful Web Tracking: Techniques and Countermeasures} % Sets English and German version of the title (both can be English or German). If your title contains commas, enclose it with additional curvy brackets (i.e., {{your title}}) or define it as a macro as done with \thesistitle.
+
+% Select the thesis type: bachelor / master / doctor / phd-school.
+% Bachelor:
+\setthesis{bachelor}
+
+% For bachelor and master:
+\setcurriculum{Software \& Information Engineering}{Software \& Information Engineering} % Sets the English and German name of the curriculum.
+
+\input{acronym.tex}
+
+\begin{document}
+
+\frontmatter % Switches to roman numbering.
+% The structure of the thesis has to conform to the guidelines at
+%  https://informatics.tuwien.ac.at/study-services
+
+\addtitlepage{naustrian} % German title page (not for dissertations at the PhD School).
+\addtitlepage{english} % English title page.
+\addinsotitlepage{naustrian}
+\addstatementpage
+
+\begin{acknowledgements*}
+\todo{Enter your text here.}
+\end{acknowledgements*}
+
+\begin{kurzfassung}
+\todo{Ihr Text hier.}
+\end{kurzfassung}
+
+\begin{abstract}
+\todo{Enter your text here.}
+\end{abstract}
+
+% Select the language of the thesis, e.g., english or naustrian.
+\selectlanguage{english}
+
+% Add a table of contents (toc).
+\tableofcontents % Starred version, i.e., \tableofcontents*, removes the self-entry.
+
+% Switch to arabic numbering and start the enumeration of chapters in the table of content.
+\mainmatter
+
+% Include introduction.tex
+
+% Include methods.tex
+
+\input{methods.tex}
+
+% Include defences.tex
+
+% Include developments
+
+% Include conclusion
+
+% Remove following line for the final thesis.
+%\input{intro.tex} % A short introduction to LaTeX.
+
+\backmatter
+
+% Use an optional list of figures.
+\listoffigures % Starred version, i.e., \listoffigures*, removes the toc entry.
+
+% Use an optional list of tables.
+\cleardoublepage % Start list of tables on the next empty right hand page.
+\listoftables % Starred version, i.e., \listoftables*, removes the toc entry.
+
+% Use an optional list of alogrithms.
+\listofalgorithms
+\addcontentsline{toc}{chapter}{List of Algorithms}
+
+% Add an index.
+\printindex
+
+% Add a glossary.
+\printglossaries
+
+% Add a bibliography.
+\bibliographystyle{plainnat}
+\bibliography{references}
+
+\end{document}

vutinfth.ins

@@ -0,0 +1,64 @@
+%% vutinfth.ins
+%% Copyright (C) 2014-2020 by Thomas Auzinger <thomas@auzinger.name>
+%%
+%% This work may be distributed and/or modified under the
+%% conditions of the LaTeX Project Public License, either version 1.3
+%% of this license or (at your option) any later version.
+%% The latest version of this license is in
+%%   http://www.latex-project.org/lppl.txt
+%% and version 1.3 or later is part of all distributions of LaTeX
+%% version 2005/12/01 or later.
+%%
+%% This work has the LPPL maintenance status `maintained'.
+%%
+%% The Current Maintainer of this work is Thomas Auzinger.
+%%
+%% This work consists of the files vutinfth.dtx and vutinfth.ins
+%% and the derived file vutinfth.cls.
+%% This work also consists of the file intro.tex.
+%%
+
+\input docstrip.tex
+\keepsilent
+
+\usedir{tex/latex/vutinfth}
+
+\preamble
+
+This is a generated file.
+Copyright (C) 2014-2020 by Thomas Auzinger <thomas@auzinger.name>
+
+This work may be distributed and/or modified under the
+conditions of the LaTeX Project Public License, either version 1.3
+of this license or (at your option) any later version.
+The latest version of this license is in
+  http://www.latex-project.org/lppl.txt
+and version 1.3 or later is part of all distributions of LaTeX
+version 2005/12/01 or later.
+
+This work has the LPPL maintenance status `maintained'.
+
+The Current Maintainer of this work is Thomas Auzinger.
+
+This work consists of the files vutinfth.dtx and vutinfth.ins
+and the derived file vutinfth.cls.
+This work also consists of the file intro.tex.
+
+\endpreamble
+
+\askforoverwritefalse
+\generate{\file{vutinfth.cls}{\from{vutinfth.dtx}{class}}}
+
+\Msg{*********************************************************}
+\Msg{*}
+\Msg{* To finish the installation you have to move the}
+\Msg{* following file into a directory searched by TeX:}
+\Msg{*}
+\Msg{* \space\space vuinfth.cls}
+\Msg{*}
+\Msg{* To produce the documentation run the file vuinfth.dtx}
+\Msg{* through LaTeX.}
+\Msg{*}
+\Msg{*********************************************************}
+
+\endbatchfile