SWS   Info

Public Audience

English

60 Minutes

Kaiserslautern

Today, websites and mobile application developers commonly use third
party analytics services to obtain aggregate information about users
that visit their sites or use their applications. This information
includes demographics, other sites that are visited, other applications
that are used as well as user behavior within their own sites or
applications. In addition, website publishers utilize online social
network providers’ appeal to attract more users to their websites by
embedding social widgets on their pages. Unfortunately, this outsourcing
to obtain aggregate statistics and to benefit from social networking
features allow these third parties to track individual user behavior
across the web. This violation of user privacy has been strongly
criticized, resulting in tools that block such tracking as well as
anti-tracking legislation and standards such as Do-Not-Track. These
efforts, while improving user privacy, degrade the quality of analytics
information as well as prevent the engagement of users on websites. In
addition, such client-side tools are mostly based on a blacklist, which
can be difficult and error-prone to maintain, and thus can cause other
non-tracking services to suffer.

We propose a general, interaction-based, third-party cookie policy that
gives more control to the users and enables social networking features
when the users want them. At the same time, our policy prevents
third-party tracking without the requirement of a blacklist, and does
not interfere with non-tracking services for analytics and
advertisements. We then present two systems that enable publishers to
obtain rich web analytics information (e.g., user demographics, other
sites visited, products viewed) without tracking the users across the
web. The first system enables web publishers to directly query their
users while preserving user privacy, and thus, can supply with more
types of analytics information that is not available through tracking
today. Our system requires no new organizational players and is
practical to deploy, but necessitates the publishers to pre-define
answer values for the queries. While this task can be easy for certain
information (e.g., age, gender, education level), it is not feasible in
many other analytics scenarios (e.g., free-text tag values in a photo
application). To complement our system (and other systems requiring
pre-defined answer values [48, 49, 56, 57]), we design and describe
another system that enables analysts to discover unknown strings to be
used as potential answer values. Our system employs the exclusive-OR
operation as its crypto primitive and utilizes a novel method to compare
the equality of two XOR-encrypted strings without revealing them. We
evaluate our system with real-world string distribution data and show
that our system outperforms the closest system by several orders of
magnitude for client computations, and reduces server computations by at
least a factor of two.

Maria-Louise Albrecht

--email hidden

Yes

Saarbrücken

E1 5

005

passcode not visible

logged in users only