From 9c75154eaaffd9a5e4bcb653f97cb923446447d6 Mon Sep 17 00:00:00 2001 From: Tobias Eidelpes Date: Wed, 8 Jul 2020 10:11:10 +0200 Subject: [PATCH] Finish browser history section --- defences.tex | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/defences.tex b/defences.tex index 093c857..0729bf9 100644 --- a/defences.tex +++ b/defences.tex @@ -26,7 +26,7 @@ one browser to another, the basic idea of the underlying functionality remains the same. \subsection{Opt-out and Opt-in} -\label{subsec:Opt-out} +\label{subsec:opt-out} To opt-out in the context of web tracking means to make use of the possibility of turning off data collection by a web site. After the user has opted-out of @@ -73,6 +73,29 @@ in chapter~\ref{chap:tracking methods} can be defended against. \subsection{Clearing Browser History} \label{subsec:Clearing Browser History} +For our purposes, clearing the browser history means not only clearing the web +sites that have been visited but also cookies and other relevant data that is +saved with a visit to a web site. All major browser offer this function and what +they delete is similar. Firefox for example allows clearing the browsing and +search history, form and search history, cookies (also flash cookies), the +cache, active logins, offline web site data and site preferences such as +permissions, zoom level and character encodings. This technique is only +beneficial in the long term if users do it frequently to stop any accumulation +of tracking identifiers in caches, cookies or other site data. The downside is +that not having a history to go back to can hamper user experience depending on +the workflow of each user. Futhermore, opt-out or opt-in preferences are deleted +as well, making the technique in section~\ref{subsec:opt-out} less effective. + +Clearing the browser history is effective against some storage-based tracking +methods. Evercookie (section~\ref{subsec:evercookie}) and cookie synchronisation +(section~\ref{subsec:cookie synchronization}) are designed to respawn items in +the browser history and can therefore not be mitigated. Almost all cache-based +methods are also mitigated by frequently clearing the browser history as long as +users do not authenticate themselves with a web service. +\citet{kleinDNSCacheBasedUser2019} demonstrate that their \gls{DNS} cache attack +works across history deletions. Session-based methods are not affected by +history clearing because they are intended to track a user for one session only. + \subsection{Private Browsing Mode} \label{subsec:Private Browsing Mode}