Rozšíření pro webový prohlížeč zaměřené na ochranu soukromí / Privacy-Preserving Web Browser Extension

Červinka, Zbyněk

January 2018

This thesis deals with security, privacy, and anonymity on the internet. In this thesis are described tracking mechanisms and approaches that are being used to collect and send away users' personal information. Information that leaks using this tracking approaches can be used to identify user, to monitor and analyze his behavior on specific web pages and several leaked pieces of information can be misused (for example the leaked credit card number or password). In this thesis is described and tested the functionality and reliability of several current web add-ons providing the protection on the internet. New security increasing web add-on has been designed and developed to demonstrate a technique, that redefines and wraps the original JavaScript implementation of several functions and objects, the wrapping is executed before the visited web page starts processing the source code. Running the wrapping code at this time will ensure, that no other code in loaded web page will ever have access to the original implementation. This add-on is also well-tested. The final thesis' stage provides a great amount of possibilities to improve implemented add-on.

La protection des libertés individuelles sur le réseau internet / The protection of Individuals rights on the internet

Criqui-Barthalais, Géraldine

07 December 2018

Cette étude envisage le réseau internet comme un nouvel espace invitant à réinterpréter les libertés de la personne physique. Au titre de celles-ci, sont protégées la liberté individuelle, entendue comme le fait de ne pouvoir être arbitrairement détenu et la liberté d’aller et venir. Il doit en aller de même sur le réseau. Etablissant une analogie avec ces libertés, la première partie de la thèse consacre deux libertés : la liberté d’accès au réseau et la liberté de naviguer sur le web. La première implique de définir le contenu d’un service public de l’accès. De plus, il faut affirmer que la coupure d’accès au réseau doit être envisagée comme une mesure privative de liberté ; elle ne peut donc être décidée que par le juge judiciaire. L’affirmation de la liberté de naviguer sur le web conduit à envisager le régime du blocage des sites, une mesure qui ne peut intervenir que dans le cadre d’une police administrative spéciale. Dans la seconde partie il apparaît que ces deux libertés n’ont toutefois de sens que si l’individu a accès au réseau anonymement et n’est pas surveillé arbitrairement quand il navigue sur le web. Cette étude cherche ainsi à préciser le régime devant encadrer le mécanisme d’adressage du réseau. Sont définies les conditions du contrôle de l’identité de l’internaute à partir de son adresse IP. Enfin, il est soutenu qu’un principe général d’effacement des données révélant les sites visités doit être affirmé, principe qui s’applique aux différents acteurs du réseau, notamment les moteurs de recherche. L’interception de ces données ne peut procéder que d’un pouvoir sécuritaire ou hiérarchique sur l’internaute. / This study considers the internet as a new territory where rights guaranteed to each individual in physical space can be promoted; not only free speech and privacy, but also the Habeas Corpus prerogative writ, which protects against unlawful imprisonment, and the right to freedom of movement. Thus, processing by analogy, the dissertation intends to promote two specific digital rights: the freedom to connect to the internet and the freedom to surf on the web. The freedom to connect should be part of a public service which promotes this access through public policies. Moreover, barring someone from using the internet can only be decided by a judge. The freedom to surf should protect the web users against unreasonable restrictions. Thus, measures blocking illegal websites should not come through self-regulation but through a legal framework which defines how administrative authorities are entitled to decide such restrictions. The protection of these two rights entails further obligations. Individuals must access the internet anonymously and they must be aware of how the government monitors their actions on the web. This study tries to outline the content of measures aiming to frame network addressing mechanisms. Identity checks based on the IP address should be subject to a strict legal regime. The study concludes that individuals have to be protected from surveillance when data reveal their choices among websites while they are connected. Internet access providers, but also search engines and browsers, must delete this data. Only special measures taken by a public entity or someone entitled to control the web users may lead to this kind of data retention.

Libertés publiques

Informatique et libertés

Surveillance

Données personnelles

Adresse IP

Anonymat sur le réseau

Accès au réseau

Communications électroniques

Numérique

Internet

Individuals rights

Data protection

Surveillance

IP address

Anonymity on the Internet

Freedom to connect

Electronic communications

Internet

Digital rights

Korelace dat na vstupu a výstupu sítě Tor / Correlation of Inbound and Outbound Traffic of Tor Network

Coufal, Zdeněk

January 2014

Communication in public networks based on the IP protocol is not really anonymous because it is possible to determine the source and destination IP address of each packet. Users who want to be anonymous are forced to use anonymization networks, such as Tor. In case such a user is target of lawful interception, it presents a problem for those systems because they only see that the user communicated with anonymization network and have a suspicion that the data stream at the output of anonymization network belong to the same user. The aim of this master thesis was to design a correlation method to determine the dependence of the data stream at the input and the output of the Tor network. The proposed method analysis network traffic and compares characteristics of data streams extracted from metadata, such as time of occurence and the size of packets. This method specializes in correlating data flows of protocol HTTP, specifically web server responses. It was tested on real data from the Tor network and successfully recognized dependency of data flows.