Half Baked: The Opportunity to Secure Cookie-based Identifiers from Passive Surveillance

Website Maintenance Alert

Due to scheduled maintenance on Wednesday, October 16, from 10:30 am to 4:30 pm Pacific Daylight Time (UTC -7), parts of the USENIX website (e.g., conference registration, user account changes) may not be available. We apologize for the inconvenience.

If you are trying to register for LISA19, please complete your registration before or after this time period.

Authors: 

Andrew Hilts, Citizen Lab, University of Toronto and Open Effect; Christopher Parsons, Citizen Lab, University of Toronto

Abstract: 

Documents released by Edward Snowden have revealed that the National Security Agency, and its Australian, British, Canadian, and New Zealand equivalents, routinely monitor the Internet for the identifiers that are contained in advertising and tracking cookies. Once collected, the identifiers are stored in government databases and used to develop patterns of life, or the chains of activities that individuals engage in when they use Internet-capable devices. This paper investigates the extent to which contemporary advertising and analytics identifiers that are used in establishing such patterns continue to be transmitted in plaintext following Snowden’s revelations. We look at variations in the secure transmission of cookie-based identifiers across different website categories, and identify practical steps for both website operators and ad tracking companies to take to better secure their audiences and readers from passive surveillance.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {192002,
author = {Andrew Hilts and Christopher Parsons},
title = {Half Baked: The Opportunity to Secure Cookie-based Identifiers from Passive Surveillance},
booktitle = {5th {USENIX} Workshop on Free and Open Communications on the Internet ({FOCI} 15)},
year = {2015},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/foci15/workshop-program/presentation/hilts},
publisher = {{USENIX} Association},
month = aug,
}
Download
Hilts PDF
View the slides