More Like this

1. Comparative Privacy Analysis of Mobile Browsers

   https://doi.org/10.1145/3577923.3583638  

   Zafar, Ahsan ; Das, Anupam ( April 2023 , Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy (CODASPY))

   Online trackers are invasive as they track our digital footprints, many of which are sensitive in nature, and when aggregated over time, they can help infer intricate details about our lifestyles and habits. Although much research has been conducted to understand the effectiveness of existing countermeasures for the desktop platform, little is known about how mobile browsers have evolved to handle online trackers. With mobile devices now generating more web traffic than their desktop counterparts, we fill this research gap through a large-scale comparative analysis of mobile web browsers. We crawl 10K valid websites from the Tranco list on real mobile devices. Our data collection process covers both popular generic browsers (e.g., Chrome, Firefox, and Safari) as well as privacy-focused browsers (e.g., Brave, Duck Duck Go, and Firefox-Focus). We use dynamic analysis of runtime execution traces and static analysis of source codes to highlight the tracking behavior of invasive fingerprinters. We also find evidence of tailored content being served to different browsers. In particular, we note that Firefox Focus sees altered script code, whereas Brave and Duck Duck Go have highly similar content. To test the privacy protection of browsers, we measure the responses of each browser in blocking trackers and advertisers and note the strengths and weaknesses of privacy browsers. To establish ground truth, we use well-known block lists, including EasyList, EasyPrivacy, Disconnect and WhoTracksMe and find that Brave generally blocks the highest number of content that should be blocked as per these lists. Focus performs better against social trackers, and Duck Duck Go restricts third-party trackers that perform email-based tracking. 

   more » « less
2. NoMoATS: Towards Automatic Detection of Mobile Tracking

   https://doi.org/DOI 10.2478/popets-2020-0017  

   Shuba, Anastasia ; Markopoulou, Athina ( July 2020 , Proceedings on Privacy Enhancing Technologies)

   Today’s mobile apps employ third-party advertising and tracking (A&T) libraries, which may pose a threat to privacy. State-of-the-art detects and blocks outgoing A&T HTTP/S requests by using manually curated filter lists (e.g. EasyList), and recently, using machine learning approaches. The major bottleneck of both filter lists and classifiers is that they rely on experts and the community to inspect traffic and manually create filter list rules that can then be used to block traffic or label ground truth datasets. We propose NoMoATS – a system that removes this bottleneck by reducing the daunting task of manually creating filter rules, to the much easier and scalable task of labeling A&T libraries. Our system leverages stack trace analysis to automatically label which network requests are generated by A&T libraries. Using NoMoATS, we collect and label a new mobile traffic dataset. We use this dataset to train decision tree classifiers, which can be applied in real-time on the mobile device and achieve an average F-score of 93%. We show that both our automatic labeling and our classifiers discover thousands of requests destined to hundreds of different hosts, previously undetected by popular filter lists. To the best of our knowledge, our system is the first to (1) automatically label which mobile network requests are engaged in A&T, while requiring to only manually label libraries to their purpose and (2) apply on-device machine learning classifiers that operate at the granularity of URLs, can inspect connections across all apps, and detect not only ads, but also tracking. 

   more » « less
3. NoMoAds: Effective and Efficient Cross-App Mobile Ad-Blocking (The Andreas Pfitzmann Best Student Paper Award)

   Shuba, A. ; Markopoulou, A. ; Shafiq, Z. ( October 2018 , Proceedings of the Privacy Enhancing Technologies Symposium (PETS))

   Although advertising is a popular strategy for mobile app monetization, it is often desirable to block ads in order to improve usability, performance, privacy, and security. In this paper, we propose NoMoAds to block ads served by any app on a mobile device. NoMoAds leverages the network interface as a universal vantage point: it can intercept, inspect, and block outgoing packets from all apps on a mobile device. NoMoAds extracts features from packet headers and/or payload to train machine learning classifiers for detecting ad requests. To evaluate NoMoAds, we collect and label a new dataset using both EasyList and manually created rules. We show that NoMoAds is effective: it achieves an F-score of up to 97.8% and performs well when deployed in the wild. Furthermore, NoMoAds is able to detect mobile ads that are missed by EasyList (more than one-third of ads in our dataset). We also show that NoMoAds is efficient: it performs ad classification on a per-packet basis in real-time. To the best of our knowledge, NoMoAds is the first mobile ad-blocker to effectively and efficiently block ads served across all apps using a machine learning approach. 

   more » « less
4. Understanding Nonideal Paleointensity Recording in Igneous Rocks: Insights From Aging Experiments on Lava Samples and the Causes and Consequences of “Fragile” Curvature in Arai Plots

   https://doi.org/10.1029/2020GC009423  

   Tauxe, L. ; Santos, C. N. ; Cych, B. ; Zhao, X. ; Roberts, A. P. ; Nagy, L. ; Williams, W. ( January 2021 , Geochemistry, Geophysics, Geosystems)

   The theory for recording of thermally blocked remanences predicts a quasilinear relationship between low fields like the Earth's in which rocks cool and acquire a magnetization. This serves as the foundation for estimating ancient magnetic field strengths. Addressing long‐standing questions concerning Earth's magnetic field requires a global paleointensity data set, but recovering the ancient field strength is complicated because the theory only pertains to uniformly magnetized particles. A key requirement of a paleointensity experiment is that a magnetization blocked at a given temperature should be unblocked by zero‐field reheating to the same temperature. However, failure of this requirement occurs frequently and the causes and consequences of failure are understood incompletely. Recent experiments demonstrate that the remanence in many samples typical of those used in paleointensity experiments is unstable, exhibiting an “aging” effect in which the (un)blocking temperature spectra can change over only a few years resulting in nonideal experimental behavior. While a fresh remanence may conform to the requirement of equality of blocking and unblocking temperatures, aged remanences may not. Blocking temperature spectra can be unstable (fragile), which precludes reproduction of the conditions under which the original magnetization was acquired. This limits our ability to acquire accurate and precise ancient magnetic field strength estimates because differences between known and estimated fields can be significant for individual specimens, with a low field bias. Fragility of unblocking temperature spectra may be related to grain sizes with lower energy barriers and may be detected by features observed in first‐order reversal curves.

    

   more » « less
5. adPerf: Characterizing the Performance of Third-party Ads

   https://doi.org/10.1145/3447381  

   Pourghassemi, Behnam ; Bonecutter, Jordan ; Li, Zhou ; Chandramowlishwaran, Aparna ( February 2021 , Proceedings of the ACM on Measurement and Analysis of Computing Systems)

   null (Ed.)

   Monetizing websites and web apps through online advertising is widespread in the web ecosystem, creating a billion-dollar market. This has led to the emergence of a vast network of tertiary ad providers and ad syndication to facilitate this growing market. Nowadays, the online advertising ecosystem forces publishers to integrate ads from these third-party domains. On the one hand, this raises several privacy and security concerns that are actively being studied in recent years. On the other hand, the ability of today's browsers to load dynamic web pages with complex animations and Javascript has also transformed online advertising. This can have a significant impact on webpage performance. The latter is a critical metric for optimization since it ultimately impacts user satisfaction. Unfortunately, there are limited literature studies on understanding the performance impacts of online advertising which we argue is as important as privacy and security. In this paper, we apply an in-depth and first-of-a-kind performance evaluation of web ads. Unlike prior efforts that rely primarily on adblockers, we perform a fine-grained analysis on the web browser's page loading process to demystify the performance cost of web ads. We aim to characterize the cost by every component of an ad, so the publisher, ad syndicate, and advertiser can improve the ad's performance with detailed guidance. For this purpose, we develop a tool, adPerf, for the Chrome browser that classifies page loading workloads into ad-related and main-content at the granularity of browser activities. Our evaluations show that online advertising entails more than 15% of browser page loading workload and approximately 88% of that is spent on JavaScript. On smartphones, this additional cost of ads is 7% lower since mobile pages include fewer and well-optimized ads. We also track the sources and delivery chain of web ads and analyze performance considering the origin of the ad contents. We observe that 2 of the well-known third-party ad domains contribute to 35% of the ads performance cost and surprisingly, top news websites implicitly include unknown third-party ads which in some cases build up to more than 37% of the ads performance cost. 

   more » « less