If you are not paying for it, you are the product

Papadopoulos, Panagiotis; Kourtellis, Nicolas; Rodríguez, P.; Laoutaris, Nikolaos

doi:10.1145/3131365.3131397

Cited by 56 publications

(38 citation statements)

References 27 publications

(32 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, in exchange, and not explicitly communicated to the user, they sell collected user data to interested third-parties. This is typically the case within the real-time bidding ad-ecosystem, where data such as location and user behavioral traits are sold for better ad-targeting [17].…”

Section: Discussionmentioning

confidence: 99%

There goes Wally: Anonymously sharing your location gives you away

Pyrgelis

Kourtellis

Leontiadis

et al. 2018

2018 IEEE International Conference on Big Data (Big Data)

Self Cite

View full text Add to dashboard Cite

With current technology, a number of entities have access to user mobility traces at different levels of spatio-temporal granularity. At the same time, users frequently reveal their location through different means, including geo-tagged social media posts and mobile app usage. Such leaks are often bound to a pseudonym or a fake identity in an attempt to preserve one's privacy. In this work, we investigate how largescale mobility traces can de-anonymize anonymous location leaks. By mining the country-wide mobility traces of tens of millions of users, we aim to understand how many location leaks are required to uniquely match a trace, how spatiotemporal obfuscation decreases the matching quality, and how the location popularity and time of the leak influence de-anonymization. We also study the mobility characteristics of those individuals whose anonymous leaks are more prone to identification. Finally, by extending our matching methodology to full traces, we show how large-scale human mobility is highly unique. Our quantitative results have implications for the privacy of users' traces, and may serve as a guideline for future policies regarding the management and publication of mobility data.

show abstract

Section: Discussionmentioning

confidence: 99%

There goes Wally: Anonymously sharing your location gives you away

Pyrgelis

Kourtellis

Leontiadis

et al. 2018

2018 IEEE International Conference on Big Data (Big Data)

Self Cite

View full text Add to dashboard Cite

show abstract

“…There are also several cases where a website can end up hosting malicious content unintentionally. Those cases include: (i) the website registers a benign service worker that includes untrusted dynamic thirdparty scripts [52], which in turn possibly load malicious code; (ii) the website includes third-party libraries 1 , one of which can turn rogue or be compromised, and then divert the user to a new tab (e.g., using popunders [37] or clickjacking [80]) where it can register its own service worker bound to a third-party domain; (iii) the website is compromised and attackers plant their malicious JavaScript code directly into the page, thus registering their malicious service worker -a scenario that we see quite often in recent years [58], [53]; or (iv) the website includes iframes with dynamic content, which are typically auctioned at real-time [73] and loaded with content from third parties.…”

Section: A Threat Modelmentioning

confidence: 99%

Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation

Papadopoulos

Ilia

Polychronakis

et al. 2019

Proceedings 2019 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

The proliferation of web applications has essentially transformed modern browsers into small but powerful operating systems. Upon visiting a website, user devices run implicitly trusted script code, the execution of which is confined within the browser to prevent any interference with the user's system. Recent JavaScript APIs, however, provide advanced capabilities that not only enable feature-rich web applications, but also allow attackers to perform malicious operations despite the confined nature of JavaScript code execution.In this paper, we demonstrate the powerful capabilities that modern browser APIs provide to attackers by presenting MarioNet: a framework that allows a remote malicious entity to control a visitor's browser and abuse its resources for unwanted computation or harmful operations, such as cryptocurrency mining, password-cracking, and DDoS. MarioNet relies solely on already available HTML5 APIs, without requiring the installation of any additional software. In contrast to previous browserbased botnets, the persistence and stealthiness characteristics of MarioNet allow the malicious computations to continue in the background of the browser even after the user closes the window or tab of the initial malicious website. We present the design, implementation, and evaluation of a prototype system, MarioNet, that is compatible with all major browsers, and discuss potential defense strategies to counter the threat of such persistent inbrowser attacks. Our main goal is to raise awareness regarding this new class of attacks, and inform the design of future browser APIs so that they provide a more secure client-side environment for web applications.

show abstract

“…Using smart contracts, service providers can ensure that rewards provided by the service, and the data provided by users are exchanged simultaneously. This can be achieved because smart contract terms and conditions are strictly followed after they are agreed by the parties involved [13].…”

Section: Using Blockchain Technologies Smart Contracts and Incentivementioning

confidence: 99%

CrowdLED: Towards Crowd-Empowered and Privacy-Preserving Data Sharing Using Smart Contracts

Pouyioukka

Giannetsos

Meng

2019

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

In this research paper, we explore how Blockchain technologies and Smart Contracts can be used to fairly reward users for the data they share with advertising networks without compromising anonymity and user privacy. The novelty of using Blockchains alongside such systems is to understand and investigate how a proper and fair exchange of data can ensure that participating users can be kept secure and eliminate aggressive data collection by ad libraries; libraries that are embedded inside the code of smart-phones and web applications for monetization. There are a lot of privacy issues regarding mobile and online advertising: Advertising networks mostly rely on data collection, similar to a crowdsensing system, but in most cases, neither consent has been granted by the user for the data collection nor a reward has been given to the user as compensation. Making a comparison between the problems identified in mobile and online advertising and the positives of the approach of using Blockchain, we propose "CrowdLED", a holistic system to address the security and privacy issues discussed throughout the paper.

show abstract

If you are not paying for it, you are the product

Cited by 56 publications

References 27 publications

There goes Wally: Anonymously sharing your location gives you away

There goes Wally: Anonymously sharing your location gives you away

Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation

CrowdLED: Towards Crowd-Empowered and Privacy-Preserving Data Sharing Using Smart Contracts

Contact Info

Product

Resources

About