PURL: Safe and Effective Sanitization of Link Decoration
- URL: http://arxiv.org/abs/2308.03417v2
- Date: Wed, 6 Mar 2024 09:58:49 GMT
- Title: PURL: Safe and Effective Sanitization of Link Decoration
- Authors: Shaoor Munir, Patrick Lee, Umar Iqbal, Zubair Shafiq, Sandra Siby
- Abstract summary: We present PURL, a machine-learning approach that leverages a cross-layer graph representation of webpage execution to safely and effectively sanitize link decoration.
Our evaluation shows that PURL significantly outperforms existing countermeasures in terms of accuracy and reducing website breakage.
- Score: 20.03929841111819
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: While privacy-focused browsers have taken steps to block third-party cookies
and mitigate browser fingerprinting, novel tracking techniques that can bypass
existing countermeasures continue to emerge. Since trackers need to share
information from the client-side to the server-side through link decoration
regardless of the tracking technique they employ, a promising orthogonal
approach is to detect and sanitize tracking information in decorated links. To
this end, we present PURL (pronounced purel-l), a machine-learning approach
that leverages a cross-layer graph representation of webpage execution to
safely and effectively sanitize link decoration. Our evaluation shows that PURL
significantly outperforms existing countermeasures in terms of accuracy and
reducing website breakage while being robust to common evasion techniques.
PURL's deployment on a sample of top-million websites shows that link
decoration is abused for tracking on nearly three-quarters of the websites,
often to share cookies, email addresses, and fingerprinting information.
Related papers
- Fingerprinting and Tracing Shadows: The Development and Impact of Browser Fingerprinting on Digital Privacy [55.2480439325792]
Browser fingerprinting is a growing technique for identifying and tracking users online without traditional methods like cookies.
This paper gives an overview by examining the various fingerprinting techniques and analyzes the entropy and uniqueness of the collected data.
arXiv Detail & Related papers (2024-11-18T20:32:31Z) - CRATOR: a Dark Web Crawler [1.7224362150588657]
This study proposes a general dark web crawler designed to extract pages handling security protocols, such as captchas.
Our approach uses a combination of seed URL lists, link analysis, and scanning to discover new content.
arXiv Detail & Related papers (2024-05-10T09:39:12Z) - Characterizing Browser Fingerprinting and its Mitigations [0.0]
This work explores one of these tracking techniques: browser fingerprinting.
We detail how browser fingerprinting works, how prevalent it is, and what defenses can mitigate it.
arXiv Detail & Related papers (2023-10-12T20:31:24Z) - Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset
Copyright Protection [69.59980270078067]
We explore the untargeted backdoor watermarking scheme, where the abnormal model behaviors are not deterministic.
We also discuss how to use the proposed untargeted backdoor watermark for dataset ownership verification.
arXiv Detail & Related papers (2022-09-27T12:56:56Z) - Real-time Online Multi-Object Tracking in Compressed Domain [66.40326768209]
Recent online Multi-Object Tracking (MOT) methods have achieved desirable tracking performance.
Inspired by the fact that the adjacent frames are highly relevant and redundant, we divide the frames into key and non-key frames.
Our tracker is about 6x faster while maintaining a comparable tracking performance.
arXiv Detail & Related papers (2022-04-05T09:47:24Z) - PhishMatch: A Layered Approach for Effective Detection of Phishing URLs [8.658596218544774]
We present a layered anti-phishing defense, PhishMatch, which is robust, accurate, inexpensive, and client-side.
A prototype plugin of PhishMatch, developed for the Chrome browser, was found to be fast and lightweight.
arXiv Detail & Related papers (2021-12-04T03:21:29Z) - Masked LARk: Masked Learning, Aggregation and Reporting worKflow [6.484847460164177]
Many web advertising data flows involve passive cross-site tracking of users.
Most browsers are moving towards removal of 3PC in subsequent browser iterations.
We propose a new proposal, called Masked LARk, for aggregation of user engagement measurement and model training.
arXiv Detail & Related papers (2021-10-27T21:59:37Z) - Precise URL Phishing Detection Using Neural Networks [0.0]
We present you with ways to detect such malicious URLs with state of art accuracy with neural networks.
Different from previous works, where web content, URL or traffic statistics are examined, we analyse only the URL text.
The network is optimised and can be used even on small devices such as Ras-Pi without a change in performance.
arXiv Detail & Related papers (2021-10-26T05:55:53Z) - Temporally-Transferable Perturbations: Efficient, One-Shot Adversarial
Attacks for Online Visual Object Trackers [81.90113217334424]
We propose a framework to generate a single temporally transferable adversarial perturbation from the object template image only.
This perturbation can then be added to every search image, which comes at virtually no cost, and still, successfully fool the tracker.
arXiv Detail & Related papers (2020-12-30T15:05:53Z) - Learning Spatio-Appearance Memory Network for High-Performance Visual
Tracking [79.80401607146987]
Existing object tracking usually learns a bounding-box based template to match visual targets across frames, which cannot accurately learn a pixel-wise representation.
This paper presents a novel segmentation-based tracking architecture, which is equipped with a local-temporal memory network to learn accurate-temporal correspondence.
arXiv Detail & Related papers (2020-09-21T08:12:02Z) - Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy.
We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.