Steven Englehardt will present his Generals on May 11, 2015 at 2pm in CS 301. Committee Members: Arvind Narayanan (adviser), Edward Felten, and Nick Feamster Everyone is invited to attend his talk, and those faculty wishing to remain for the oral exam following are welcome to do so. His abstract and reading list follow below. Abstract: Web tracking has been a longstanding issue undermining consumer privacy. The proliferation of a mixed-origin websites, where nearly every site includes third-party content from a relatively small set of providers has given these providers the ability to observe and track a large percentage of a user’s web history. Web measurement has been highly influential in online privacy debates and provided transparency into the tracking ecosystem. In this work, we briefly present the design of a platform for web measurement studies and explore a measurement of surveillance completed using the platform. We highlight the ability of a passive eavesdropper to leverage third-party cookies for mass surveillance, showing how such an adversary can reconstruct nearly 75% of a user’s browsing history in the absence of persistent network identifiers. Finally, we examine the effectiveness of browser-based privacy tools at mitigating the attack. Books: The Tangled Web: A Guide to Securing Modern Web Applications, Michal Zalewski Security Engineering, Ross Andersen: Ch. 1 - 7 Papers:

Third-party web tracking: Policy and technology Jonathan Mayer, John C. Mitchell

Privacy diffusion on the web: a longitudinal perspective Balachander Krishnamurthy, Craig E. Wills

Privacy leakage vs. protection measures: the growing disconnect Balachander Krishnamurthy, Konstantin Naryshkin, Craig E. Wills

Detecting and defending against third-party tracking on the web Franziska Roesner, Tadayoshi Kohno, and David Wetherall

FPDetective: dusting the web for fingerprinters Gunes Acar, et.al .

Tracking the trackers: Fast and scalable dynamic analysis of web content for privacy violations Minh Tran, et. al.

Automated Experiments on Ad Privacy Settings: A Tale of Opacity, Choice, and Discrimination Amit Datta, Michael Carl Tschantz, Anupam Datta

XRay: Enhancing the Web’s Transparency with Differential Correlation Mathias Lecuyer, et. al.

Why Johnny Can’t Browse in Peace: On the Uniqueness of Web Browsing History Patterns Lukasz Olejnik

A Contextual Approach to Privacy Online Helen Nissenbaum

What Can Behavioral Economics Teach Us About Privacy? Alessandro Acquisti, Jens Grossklags

Privacy, Economics, and Price Discrimination on the Internet Andrew Odlyzko

Protecting Consumer Privacy in an Era of Rapid Change FTC (executive summary / recommendations)