TY - JOUR
T1 - WebTracker: Real Webbrowsing Behaviors
AU - Reyes, Daisy
AU - Dynowski, Eno
AU - Chovan, Taryn
AU - Mikos, John
AU - Chan-Tin, Eric
AU - Abuhamad, Mohammed
AU - Kennison, Shelia
PY - 2023/6/30
Y1 - 2023/6/30
N2 - With increased privacy concerns, anonymity tools such as VPNs and Tor have become popular. However, the packet metadata such as the packet size and number of packets can still be observed by an adversary. This is commonly known as fingerprinting and website fingerprinting attacks have received a lot of attention recently as a known victim’s website visits can be accurately predicted, deanonymizing that victim’s web usage. Most of the previous work have been performed in laboratory settings and have made two assumptions: 1) a victim visits one website at a time, and 2) the whole website visit with all the network packets can be observed. To validate these assumptions, a new private webbrowser extension called WebTracker is deployed with real users. WebTracker records the websites visited, when the website loading starts, and when the website loading finishes. Results show that users’ browsing patterns are different than what was previously assumed. Users may browse the web in a way that acts as a countermeasure against website fingerprinting due to multiple websites overlapping and downloading at the same time. Over 15% of websites overlap with at least one other website and each overlap was 66 seconds. Moreover, each overlap happens roughly 9 seconds after the first website download has started. Thus, this reinforces some previous work that the beginning of a website is more important than the end for a website fingerprinting attack.
AB - With increased privacy concerns, anonymity tools such as VPNs and Tor have become popular. However, the packet metadata such as the packet size and number of packets can still be observed by an adversary. This is commonly known as fingerprinting and website fingerprinting attacks have received a lot of attention recently as a known victim’s website visits can be accurately predicted, deanonymizing that victim’s web usage. Most of the previous work have been performed in laboratory settings and have made two assumptions: 1) a victim visits one website at a time, and 2) the whole website visit with all the network packets can be observed. To validate these assumptions, a new private webbrowser extension called WebTracker is deployed with real users. WebTracker records the websites visited, when the website loading starts, and when the website loading finishes. Results show that users’ browsing patterns are different than what was previously assumed. Users may browse the web in a way that acts as a countermeasure against website fingerprinting due to multiple websites overlapping and downloading at the same time. Over 15% of websites overlap with at least one other website and each overlap was 66 seconds. Moreover, each overlap happens roughly 9 seconds after the first website download has started. Thus, this reinforces some previous work that the beginning of a website is more important than the end for a website fingerprinting attack.
KW - Webbrowsing
KW - Website Fingerprinting
KW - Anonymity
KW - Privacy
UR - https://ecommons.luc.edu/cs_facpubs/355
U2 - 10.1109/SVCC56964.2023.10164930
DO - 10.1109/SVCC56964.2023.10164930
M3 - Article
JO - Computer Science: Faculty Publications and Other Works
JF - Computer Science: Faculty Publications and Other Works
ER -