Finish defense techniques

acronym.tex

@@ -33,3 +33,4 @@
 \newacronym {TTL}	{TTL}		{Time To Live}
 \newacronym {PSK}	{PSK}		{Pre-Shared Key}
 \newacronym {GDPR}  {GDPR}      {General Data Protection Regulation}
+\newacronym {DNT}   {DNT}       {Do Not Track}

defences.tex

@@ -169,9 +169,54 @@ browsing mode with the methods from chapter~\ref{chap:tracking methods}.
 \subsection{Do Not Track}
 \label{subsec:Do Not Track}
 
+\gls{DNT} \cite{w3cTrackingPreferenceExpression2019} is a header field that
+browsers can send along with the \gls{HTTP} header to indicate that the user
+prefers to not be tracked or prefers to allow tracking. All major browsers have
+implemented it and offer the user the possibility of sending the header with
+every request. Since its inception in 2011, adoption by trackers has been slow
+to a point where \gls{DNT} is considered to be deprecated and development of the
+standard has halted. Originally, it was intended to be the main way of
+opting-out of tracking but without tracker compliance, it slowly faded into
+obscurity.
+
+Due to its voluntary nature and slow to no adoption, \gls{DNT} does not provide
+any protection against any of the tracking methods discussed in
+chapter~\ref{chap:tracking methods} in practice. For \gls{DNT} to be effective,
+the ad-scape would have to change in a way that users see advertisements as a
+necessary factor in keeping the Internet `free' and trackers respect a user's
+choice to not want to be tracked.
+
 \subsection{Privacy-focused Search Engines}
 \label{subsec:Privacy-focused Search Engines}
 
+Using privacy-focused search engines is often the first step in protecting a
+users privacy. Search is a cornerstone of the Internet and thus almost every
+user searches for something upon opening the browser. With every search request,
+the search engine can infer information about the user which gets added to a
+profile. This profile is then used to enable personalized search results. Users
+trying to protect their privacy by using other search engines than the default
+ones (Google, Bing, Yahoo, Baidu, \dots), might find themselves in a dilemma.
+Personalized search results usually provide better relevant results overall and
+switching to a privacy-focused search engine, which usually has a smaller market
+share, might lead to less relevant results. With Google having a market share of
+almost 92\% as of June 2020 \cite{statcounterSearchEngineMarket}, users may find
+that Google's search results are better than everyone else's, making a switch to
+other search engines particularly difficult. Despite the market dominance of
+Google, smaller, privacy-focused search engines such as DuckDuckGo
+\cite{DuckDuckGoa} and Startpage \cite{StartpageCom} exist. Although those
+search engines claim to not collect any personal information, these claims
+cannot be verified easily and thus users have to trust them. Other open source
+solutions such as searx \cite{tauberAsciimooSearx2020} can be self-hosted by
+users with enough expertise and therefore eliminate the need to trust big search
+engine providers. As is the case with searx, metasearch engines do not crawl the
+Internet on their own but aggregate results from different search engines.
+
+The benefit of using privacy-focused search engines is that they obfuscate the
+\gls{HTTP} Referer field (see section~\ref{subsec:http referer}) by not
+forwarding search results to the linked website. Additionally, they often
+abstain from showing adverts on result pages, protecting user data from third
+parties that seek to monetize it.
+
 \section{Tools}
 \label{sec:tools}
 

references.bib

@@ -350,6 +350,15 @@
   journal = {Proc. 2019 Netw. Distrib. Syst. Secur. Symp.}
 }
 
+@misc{DuckDuckGoa,
+  title = {{{DuckDuckGo}}},
+  url = {https://duckduckgo.com/},
+  urldate = {2020-07-10},
+  abstract = {The Internet privacy company that empowers you to seamlessly take control of your personal information online, without any tradeoffs.},
+  journal = {DuckDuckGo},
+  language = {en\_US}
+}
+
 @article{enckTaintDroidInformationFlowTracking2014,
   title = {{{TaintDroid}}: {{An Information}}-{{Flow Tracking System}} for {{Realtime Privacy Monitoring}} on {{Smartphones}}},
   shorttitle = {{{TaintDroid}}},
@@ -1177,6 +1186,23 @@
   number = {1}
 }
 
+@misc{StartpageCom,
+  title = {Startpage.Com},
+  url = {https://www.startpage.com},
+  urldate = {2020-07-10},
+  abstract = {Startpage.com delivers online tools that help you to stay in control of your personal information and protect your online privacy.},
+  journal = {www.startpage.com}
+}
+
+@misc{statcounterSearchEngineMarket,
+  title = {Search {{Engine Market Share Worldwide}}},
+  author = {StatCounter},
+  url = {https://gs.statcounter.com/search-engine-market-share},
+  urldate = {2020-07-10},
+  abstract = {This graph shows the market share of search engines worldwide based on over 10 billion monthly page views.},
+  journal = {StatCounter Global Stats}
+}
+
 @article{syQUICLookWeb2019,
   title = {A {{QUIC Look}} at {{Web Tracking}}},
   author = {Sy, Erik and Burkert, Christian and Federrath, Hannes and Fischer, Mathias},
@@ -1210,6 +1236,17 @@
   series = {{{WWW}} '18}
 }
 
+@misc{tauberAsciimooSearx2020,
+  title = {Asciimoo/Searx},
+  author = {Tauber, Adam},
+  year = {2020},
+  month = jul,
+  url = {https://github.com/asciimoo/searx},
+  urldate = {2020-07-10},
+  abstract = {Privacy-respecting metasearch engine. Contribute to asciimoo/searx development by creating an account on GitHub.},
+  copyright = {AGPL-3.0 License         ,                 AGPL-3.0 License}
+}
+
 @article{trevisanYearsEUCookie2019,
   title = {4 {{Years}} of {{EU Cookie Law}}: {{Results}} and {{Lessons Learned}}},
   shorttitle = {4 {{Years}} of {{EU Cookie Law}}},
@@ -1281,6 +1318,15 @@
 The goal of the DOM specification is to define a programmatic interface for XML and HTML. The DOM Level 1 specification is separated into two parts: Core and HTML. The Core DOM Level 1 section provides a low-level set of fundamental interfaces that can represent any structured document, as well as defining extended interfaces for representing an XML document. These extended XML interfaces need not be implemented by a DOM implementation that only provides access to HTML documents; all of the fundamental interfaces in the Core section must be implemented. A compliant DOM implementation that implements the extended XML interfaces is required to also implement the fundamental Core interfaces, but not the HTML interfaces. The HTML Level 1 section provides additional, higher-level interfaces that are used with the fundamental interfaces defined in the Core Level 1 section to provide a more convenient view of an HTML document. A compliant implementation of the HTML DOM implements all of the fundamental Core interfaces as well as the HTML interfaces.}
 }
 
+@misc{w3cTrackingPreferenceExpression2019,
+  title = {Tracking {{Preference Expression}} ({{DNT}})},
+  author = {W3C},
+  year = {2019},
+  month = jan,
+  url = {https://www.w3.org/TR/tracking-dnt/},
+  urldate = {2020-07-09}
+}
+
 @misc{w3techsHistoricalYearlyTrends2020,
   title = {Historical Yearly Trends in the Usage Statistics of Client-Side Programming Languages for Websites},
   author = {W3Techs},

thesis.tex

@@ -24,7 +24,7 @@
 \usepackage{minted}
 \usepackage{rotating}
 \usepackage[numbers]{natbib}
-\usepackage{hyperref}  % Enables cross linking in the electronic document version. This package has to be included second to last.
+\usepackage[colorlinks=true,linkcolor=blue]{hyperref}  % Enables cross linking in the electronic document version. This package has to be included second to last.
 \usepackage[acronym,toc]{glossaries} % Enables the generation of glossaries and lists fo acronyms. This package has to be included last.
 
 % Define convenience functions to use the author name and the thesis title in the PDF document properties.