Add section blacklist
This commit is contained in:
parent
da461fb9ef
commit
8df4359245
@ -34,3 +34,5 @@
|
||||
\newacronym {PSK} {PSK} {Pre-Shared Key}
|
||||
\newacronym {GDPR} {GDPR} {General Data Protection Regulation}
|
||||
\newacronym {DNT} {DNT} {Do Not Track}
|
||||
\newacronym {TPL} {TPL} {Tracking Protection List}
|
||||
\newacronym {EFF} {EFF} {Electronic Frontier Foundation}
|
||||
|
||||
67
defences.tex
67
defences.tex
@ -181,10 +181,12 @@ obscurity.
|
||||
|
||||
Due to its voluntary nature and slow to no adoption, \gls{DNT} does not provide
|
||||
any protection against any of the tracking methods discussed in
|
||||
chapter~\ref{chap:tracking methods} in practice. For \gls{DNT} to be effective,
|
||||
the ad-scape would have to change in a way that users see advertisements as a
|
||||
necessary factor in keeping the Internet `free' and trackers respect a user's
|
||||
choice to not want to be tracked.
|
||||
chapter~\ref{chap:tracking methods} in practice. Indeed,
|
||||
\citet{englehardtCookiesThatGive2015} show that the \gls{DNT} header field does
|
||||
not influence the level of tracking a user experiences at all. For \gls{DNT} to
|
||||
be effective, the ad-scape would have to change in a way that users see
|
||||
advertisements as a necessary factor in keeping the Internet `free' and trackers
|
||||
respect a user's choice to not want to be tracked.
|
||||
|
||||
\subsection{Privacy-focused Search Engines}
|
||||
\label{subsec:Privacy-focused Search Engines}
|
||||
@ -220,19 +222,66 @@ parties that seek to monetize it.
|
||||
\section{Tools}
|
||||
\label{sec:tools}
|
||||
|
||||
This section focuses on external tools that can either be installed as a plugin
|
||||
within the browser or as a standalone program. Specific user knowledge is only
|
||||
necessary in some cases when users want to have fine-grained control over their
|
||||
data sharing preferences.
|
||||
|
||||
\subsection{Blacklists}
|
||||
\label{subsec:blacklists}
|
||||
|
||||
Blacklists are a central component of tracking protection on the Web. They block
|
||||
requests from web sites that are on the blacklist and are known for their
|
||||
tracking purposes. Only third party requests are blocked by blacklists because
|
||||
blocking first parties would result in those web sites not being accessible at
|
||||
all. Blacklists usually start out as small lists of manually selected web sites.
|
||||
Over time and as their user base grows, more and more web sites are added,
|
||||
resulting in a good first defense against tracking on moderately popular web
|
||||
sites. The effectiveness of \glspl{TPL} depends on how quickly new domains
|
||||
belonging to trackers are added to the list and when old, supposedly inactive,
|
||||
domains are removed again. Futhermore, modern browser plugins aggregate
|
||||
multiple, independently maintained blocklists into one big blacklist, improving
|
||||
the overall detection rate. Since some lists are aimed at blocking for example
|
||||
cryptocurrency mining applications on websites and others at regular third party
|
||||
requests, knowledgeable users can customize their blocking preferences by only
|
||||
including those lists that they deem necessary. A well-known list used by
|
||||
popular browser plugins such as Adblock Plus \cite{Adblock} and uBlock Origin
|
||||
\cite{hillGorhillUBlock2020} is EasyList \cite{EasyList}. This list is used as a
|
||||
basis and additional lists are added by both browser plugins.
|
||||
|
||||
\citet{merzdovnikBlockMeIf2017} provide an evaluation of different browser
|
||||
plugins (Adblock Plus, disconnect, ghostery, privacy badger and uBlock Origin)
|
||||
and their tracking protection capabilities. They identify three approaches to
|
||||
curating rulesets that are then used by these plugins. Adblock Plus and uBlock
|
||||
Origin rely on EasyList and its additional subscriptions which are
|
||||
\emph{community-driven}. Here, the community maintains the blocklists and
|
||||
updates are monitored through a public repository. Ghostery and disconnect use
|
||||
blocklists that are curated by a \emph{centralized} entity such as a company. In
|
||||
Ghostery's case, the centralized entity is Cliqz GmbH. Centralized entities
|
||||
raise the question of how they are funding themselves especially when the
|
||||
application they develop has been released to the open source community. The
|
||||
third approach works by curating blocklists \emph{algorithmically}. Privacy
|
||||
Badger, developed by the \gls{EFF}, does not maintain a regularly updated
|
||||
blocklist but instead relies on heuristics to detect third party tracking.
|
||||
|
||||
In their survey of about 120,000 web sites, \citet{merzdovnikBlockMeIf2017} find
|
||||
that the most popular choice Adblock Plus blocks the least amount of requests by
|
||||
third parties. Additionally, their results indicate that centralized blocklists
|
||||
are more effective than community-driven ones in reducing the number of requests
|
||||
to third parties. Algorithmic approaches such as Privacy Badger lead to a
|
||||
comparatively high number of web site timeouts. Furthermore, Privacy Badger does
|
||||
not perform well on analytics.
|
||||
|
||||
In general, using blacklists can be very effective against every form of
|
||||
tracking that relies on third party requests. As soon as a first party performs
|
||||
the same tracking that the third party does, blacklists do not provide any
|
||||
protection.
|
||||
|
||||
\subsection{TOR}
|
||||
\label{subsec:tor}
|
||||
|
||||
\subsection{Virtual Private Networks}
|
||||
\label{subsec:virtual private networks}
|
||||
|
||||
\subsection{Privacy Badger}
|
||||
\label{subsec:privacy badger}
|
||||
|
||||
\subsection{Request Policy}
|
||||
\label{subsec:Request Policy}
|
||||
|
||||
|
||||
|
||||
@ -11,6 +11,14 @@
|
||||
series = {{{CCS}} '14}
|
||||
}
|
||||
|
||||
@misc{Adblock,
|
||||
title = {Adblock {{Plus}}},
|
||||
url = {https://adblockplus.org/en/},
|
||||
urldate = {2020-07-12},
|
||||
abstract = {Adblock Plus, the most popular ad blocker on Firefox, Chrome, Safari, Android and iOS. Block pop-ups and annoying ads on websites like Facebook and YouTube.},
|
||||
language = {en}
|
||||
}
|
||||
|
||||
@misc{adobecorporatecommunicationsFlashFutureInteractive2017,
|
||||
title = {Flash \& {{The Future}} of {{Interactive Content}}},
|
||||
author = {Adobe Corporate Communications},
|
||||
@ -359,6 +367,12 @@
|
||||
language = {en\_US}
|
||||
}
|
||||
|
||||
@misc{EasyList,
|
||||
title = {{{EasyList}}},
|
||||
url = {https://easylist.to/},
|
||||
urldate = {2020-07-12}
|
||||
}
|
||||
|
||||
@article{enckTaintDroidInformationFlowTracking2014,
|
||||
title = {{{TaintDroid}}: {{An Information}}-{{Flow Tracking System}} for {{Realtime Privacy Monitoring}} on {{Smartphones}}},
|
||||
shorttitle = {{{TaintDroid}}},
|
||||
@ -516,6 +530,17 @@
|
||||
urldate = {2020-03-20}
|
||||
}
|
||||
|
||||
@misc{hillGorhillUBlock2020,
|
||||
title = {Gorhill/{{uBlock}}},
|
||||
author = {Hill, Raymond},
|
||||
year = {2020},
|
||||
month = jul,
|
||||
url = {https://github.com/gorhill/uBlock},
|
||||
urldate = {2020-07-12},
|
||||
abstract = {uBlock Origin},
|
||||
copyright = {GPL-3.0 License , GPL-3.0 License}
|
||||
}
|
||||
|
||||
@article{huCharacterisingThirdParty2019,
|
||||
title = {Characterising {{Third Party Cookie Usage}} in the {{EU}} after {{GDPR}}},
|
||||
author = {Hu, Xuehui and Sastry, Nishanth},
|
||||
@ -888,6 +913,17 @@
|
||||
number = {2}
|
||||
}
|
||||
|
||||
@inproceedings{merzdovnikBlockMeIf2017,
|
||||
title = {Block {{Me If You Can}}: {{A Large}}-{{Scale Study}} of {{Tracker}}-{{Blocking Tools}}},
|
||||
shorttitle = {Block {{Me If You Can}}},
|
||||
booktitle = {2017 {{IEEE European Symposium}} on {{Security}} and {{Privacy}} ({{EuroS P}})},
|
||||
author = {Merzdovnik, Georg and Huber, Markus and Buhov, Damjan and Nikiforakis, Nick and Neuner, Sebastian and Schmiedecker, Martin and Weippl, Edgar},
|
||||
year = {2017},
|
||||
month = apr,
|
||||
pages = {319--333},
|
||||
abstract = {In this paper, we quantify the effectiveness of third-party tracker blockers on a large scale. First, we analyze the architecture of various state-of-the-art blocking solutions and discuss the advantages and disadvantages of each method. Second, we perform a two-part measurement study on the effectiveness of popular tracker-blocking tools. Our analysis quantifies the protection offered against trackers present on more than 100,000 popular websites and 10,000 popular Android applications. We provide novel insights into the ongoing arms race between trackers and developers of blocking tools as well as which tools achieve the best results under what circumstances. Among others, we discover that rule-based browser extensions outperform learning-based ones, trackers with smaller footprints are more successful at avoiding being blocked, and CDNs pose a major threat towards the future of tracker-blocking tools. Overall, the contributions of this paper advance the field of web privacy by providing not only the largest study to date on the effectiveness of tracker-blocking tools, but also by highlighting the most pressing challenges and privacy issues of third-party tracking.}
|
||||
}
|
||||
|
||||
@misc{michaelStraceLinuxManual2020,
|
||||
title = {Strace(1) - {{Linux}} Manual Page},
|
||||
author = {Michael, Kerrisk},
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user