Third - party cookies - Hur mycket vet du om third - party cookies?

Vera, Luis

January 2020

Ett sätt att samla information på är genom third – party cookies. Denna studie vill diskutera hur personlig information samlas in genom third – party cookies och dess påverkan på användares personliga integritet. Denna studie vill svara på hur personlig information som samlas in genom third – party cookies kan diskuteras ur ett användarperspektiv. Studien vill även framföra svar på hur medvetna studenter på Malmö universitet är angående third – party cookies och vad deras åsikt är om third – party cookies. Metoden som har valts är en litteraturstudie som kommer att fungera som en grund för en enkätundersökning.Denna studies slutsats är att third – party cookies kan bryta mot den personliga integriteten hos en användare på nätet. Third – party cookies är reglerad av lagar men det finns fortfarande sätt som företag kan profilera och spåra användare, därför bryter den mot den personliga integriteten. Även efter introduktionen av GDPR finns det fortfarande hemsidor som inte fullt ut följer lagarna. Denna studie har även som slutsats att studenter på Malmö unviersitet inte är särskilt medvetna om third – party cookies. Dem känner även att personlig integritet väldigt viktigt. Därför håller dem inte med den datainsamling som sker genom third – party cookies. / One way to gather information is the use of third-party cookies. This study wants to discuss personal data collected through third-party cookies and its impact on the users personal integrity. This study wants to answer how personal data collected through third-party cookies can be discussed from a user perspective. The study also wants to provide answers to how aware students at Malmo University are about third-party cookies and what their opinion is on third - party cookies. The method of choice is a literature study that will work as a foundation for a survey. This study has concluded that third-party cookies can breach personal integrity when the user is on the internet. Third-party cookies are regulated by laws but there still are several ways that companies can profile and track the users, thereby breaching personal integrity. Even after the introduction of GDPR there are still some websites that does not fully comply with the rules. The study also concluded that the participants, students at Malmo University, are not widely aware of what third-party cookies are. They also think that personal integrity is of utter importance. Thereby they do not agree with personal data being collected through third-party cookies.

Third - party cookies

Cookies

Personal integrity online

GDPR

Web tracking

Engineering and Technology

Teknik och teknologier

Online Users’ Attitude Towards Web Tracking & Its Potential Effects On Future Web Analytics Tools

Lam, Ida, Börtz, Mathilda

January 2022

The topic of the thesis was proposed by the company X. The purpose of the thesis is to gather an understanding of how online users perceive web tracking and web analytics. The goal of the thesis is to answer the questions regarding online users’ attitude towards web tracking and web analytics and to further study how users' attitude towards web tracking could impact the future of web analytics tools and their features. To be able to understand what online users feel, a survey was conducted to be able to identify how users feel about their online privacy, sharing personal data as well as other types of data that web analytics tools collect. The results from the survey were then analyzed to identify patterns and understand how the different questions  intertwine together. To be able to answer the first research question, “How does web tracking & web analytics affect online users?”, the answers from the survey were used. The material found underneath the “related work” heading was used to support and verify the result of the analysis.  A qualitative research method called grounded theory was partially followed to be able to answer the second research question: “Which common features of web analytics tools could possibly remain in future web analytics tools?”. The results from the first research question were used to be able to form a hypothesis of how the future of web analytics tools may look like. The qualitative research method was adapted to the context of the thesis and therefore some steps were modified or skipped to be able to answer what the future of web analytics tools will look like based on the opinions of the online users'. It was found that the individuals who do not want a tailored experience on the web are also the ones who trust companies/organizations the least with their personal data. They are also the ones who are the most concerned about their privacy. It was also found that these individuals do the least to protect their privacy whereas the ones least concerned about their privacy were the ones who did the most to protect their privacy online. Participants of the survey were mostly aware of GDPR and the majority of online users do not read the terms and conditions when visiting a website. Lastly the question of which feature would remain in the future web analytics tools was answered. The features in the categories visual maps, user behavior and real-time activity are likely to remain. The categories acquisition tracking, individual user behavior and geolocation is likely to be deemed as irrelevant since they do not align with the beliefs of online users regarding privacy.

web tracking

web analytics

online users

online ethics

Övrig annan teknik

Utveckling och utvärdering av mikroservicetjänster för att stärka web cookies i webbanalysverktyg / Development and evaluation of microservices to strengthen web cookies in web analytics tools

Roth, Benjamin

January 2020

Data klassificeras numera som världens mest värdefulla resurs. Den växande och storskaliga användningen av internet är en bidragande faktor till de enorma mängder data som genereras och florerar i våra digitala miljöer. Genom att analysera data som samlas in från internet, kan insikter och förståelse för internetanvändares beteendemönster utvinnas. Därför har datainsamling och webbanalys på senare år blivit en nyckelaktivitet för många internetaktörer. Med ett effektivt arbete kring dessa områden kan internetaktörer skapa sig fördelar gentemot sina konkurrenter, och därmed skapa sig marknadsmässiga försprång. I takt med att data blir allt mer eftertraktat ökar också kraven på att internetanvändares integritet ska prioriteras så att datainsamlingen inte bryter mot några etiska principer. Detta ämne har på senare år blivit allt mer aktuellt efter att det visat sig att internetanvändares integritet ofta åsidosätts i strävan efter att samla in data. Många webbläsare har därför börjat arbeta aktivt för att skydda sina användare i större utsträckning, bland annat genom att hantera kakor allt mer restriktivt. Detta har orsakatproblem för webbanalysverktyg, då de använder kakor för att kunna identifiera, binda samman och samla in data kring en besökares beteenden och interaktioner på en webbplats. Syftet med denna studie är att utveckla, utvärdera och jämföra metoder som stärkerde kakor som används av webbanalysverktyg. Med hjälp av de metoder som utvecklas är studiens mål att höja kvalitén på den data som samlas in av verktygen. Studien har genomförts med en kvalitativ forskningsmetod i fem olika faser. För att utvärdera de metoder som utvecklas i studien har en utvärderingsmodell introducerats. Via utvärderingsmodellen har underlag till studiens resultat kunnat genereras. Resultatet visar att det med hjälp av mikroservicetjänster, i form av en proxyserver, är möjligt att åstadkomma en markant förbättring av kvalitén i den data som samlas in av webbanalysverktyg. / Data is now classified as the world’s most valuable resource. The growing and large-scale usage of internet is a contributing factor to the huge amount of data that are generated and flourish in our digital environments. By analyzing the data that can be collected from internet, insights and understanding of internet users behavioral patterns can be extracted. In recent years, web tracking and web analytics has therefore become a key activity for many players on the internet. With an effective work in these areas, internet players can create an advantage on thier competitors. As data becomes more and more sought after, the demands on the privacy aspects for internet users are also increasing. In recent years, this topic has become even more relevant, after it has been found that the privacy of internet users is often violated in the effort of data collection. Many web browsers has therefore actively begun to protect their users, for instance by handling cookies more restrictively. This has casued problems for web analytics tools, as they use cookies to identify, bind and collect data about users interactions and behavior patterns on a website. The purpose of this study is to develop, evaluate and compare methods that strengthen cookies used by web analytic tools. Using the methods developed in the study, the goal of the study is to improve the quality of the data that are collected by the tools. The study was conducted using a qualitative research method in five different phases. In order to evaluate the methods developed in the study, an evaluation model has been introduced. Through the evaluation model, data to the study’s result have been generated. The results shows that with help of microservices, in the form of aproxy server, it is possible to achieve a significant improvement in the quality of the data collected by web analytics tools.

Web analytics

Cookies

Web tracking

Google Analytics

Microservice

Webbanalys

Kakor

Webbspårning

Google Analytics

Microservice

Computer and Information Sciences

Data- och informationsvetenskap

Informing Users About Fingerprinting

Höglund, Salomon

January 2019

In peoples hyperconnected lives, a price to pay is their internet privacy and the different risks it faces the second their browser connects to the web. One such risk comes from how web tracking collect and analyze users information. This paper explores an approach to how web browsers can inform its users about the web tracking technique Fingerprinting, and through the concept presentation of this approach see: what key key aspects of visual aesthetics that affects the users experience when being informed; and to what extent differences in technological interest and knowledge affect users reception of Fingerprinting information, and the implementation implications the differences leads to. For this purpose a high fidelity prototype was created to: represent the concept of web browsers having integrated educational pages meant to inform its users on topics such as Fingerprinting, and to; be used in a user test. The results showed: a lack of knowledge on the existence of Fingerprinting; that differences in technological interest and knowledge among users affected what aspects of visual aesthetics they valued; and that those with less technological interest and knowledge to a higher degree had their attitudes towards Internet Privacy affected by the prototype’s information. It also showed that the differences affects users approach and interactions with software, and that the design implications this brings are to be considered for future browser functionality implementations. / <p>Självständigt Examensarbete (Forskningsartikel)</p>

Fingerprinting

HCI

Human-Computer Interaction

IxD

Interaction Design

Internet Privacy

Privacy

UX

User Experience

UI

User Interface

Visual Aesthetics

Web Tracking

Media and Communication Technology

Medieteknik

Log In or Sign Up

Gunnarsson, Emil

January 2020

This thesis details the theoretical framework, methods, and results of the design project “Log In or Sign up”. The result of this project is an ebook sharing the same title. It consists of short stories and poems that revolve around digital surveillance and its effects on the self and society. The writings explore how the digital sur- veillance ecosystem affects our behavior and self-image in ways that we might not even realize. The context is our digital lives in a time where we rely more and more on the internet for our daily activities. The writings attempt to portray the emo- tions we go through while using digital platforms that are designed to extract our personal data. The stories and poems are presented in an interactive layout. Along with the aforementioned topics this thesis also addresses the responsibility of design in creating advanced digital surveillance methods created by companies such as Google, Facebook, Amazon, and Microsoft. For example, through the gami- fication of social media, deceptive presentation of data protection rights, and cura- tion of content for emotional effect.

Digital Surveillance

Visual Communication

Surveillance Economy

Capitalism

Economics

Privacy

Advertising

Personal Data

Social Media

Facebook

Google

Web tracking

Dark Patterns

Design

Design

Webb-spårning eller Urspårning? : - En kvalitativ studie inom etisk marknadsföring

Johnsson, Anna, Nilsson, Mie, Uttberg, Annie

January 2014

Bakgrund: Det konsumenter oftast inte är medvetna om vid deras Internetanvändning är att de iakttas av företag. Företagen samlar avsiktligt in personlig information och spårar vilka hemsidor och produkter eller tjänster de intresserat sig av genom så kallade webb-spårningssystem. I samma takt som tekniker så som webb-spårningssystem börjat användas har också etisk marknadsföring på Internet blivit ett diskuterat och aktuellt ämne. Etisk marknadsföring på Internet handlar om vad som uppfattas som accepterat beteende av konsumenterna och företag måste ta hänsyn till konsumentens etiska koder. Syfte: Syftet med studien är att undersöka konsumenters uppfattningar om webbspårningssystem utifrån etiska koder. Forskningsfråga: Vad är etiskt accepterat användande av webb-spårningssystem från konsumentens perspektiv? Metod: I studien har en kvalitativ forskningsstrategi samt semi-strukturerade intervjuer tillämpats. Slutsats: Slutsatsen i studien är att konsumenters uppfattningar om webb-spårningssystem inte alltid uppfyller konsumentens etiska koder. Konsumenter har generellt sätt en negativ uppfattning om webb-spårningssystem men uppfattningarna skiljer sig beroende på vilken situation som konsumenten påverkas av webb-spårningssystem. Konsumenter har enbart positiva uppfattningar om webb-spårningssystem när tekniken används så att konsumenten gynnas av den.

Ethics

marketing

Internet marketing

web-tracking

privacy

cookies

information privacy concerns

online information

web-bugs

spam

pop-ups

online

Internet

tracking

method

abduction

morals

ethics manipulation

ethics integrity

ethics anonymity

ethics morality

covered marketing.

Sécurité et vie privée dans les applications web / Web applications security and privacy

Somé, Dolière Francis

29 October 2018

Dans cette thèse, nous nous sommes intéressés aux problématiques de sécurité et de confidentialité liées à l'utilisation d'applications web et à l'installation d'extensions de navigateurs. Parmi les attaques dont sont victimes les applications web, il y a celles très connues de type XSS (ou Cross-Site Scripting). Les extensions sont des logiciels tiers que les utilisateurs peuvent installer afin de booster les fonctionnalités des navigateurs et améliorer leur expérience utilisateur. Content Security Policy (CSP) est une politique de sécurité qui a été proposée pour contrer les attaques de type XSS. La Same Origin Policy (SOP) est une politique de sécurité fondamentale des navigateurs, régissant les interactions entre applications web. Par exemple, elle ne permet pas qu'une application accède aux données d'une autre application. Cependant, le mécanisme de Cross-Origin Resource Sharing (CORS) peut être implémenté par des applications désirant échanger des données entre elles. Tout d'abord, nous avons étudié l'intégration de CSP avec la Same Origin Policy (SOP) et démontré que SOP peut rendre CSP inefficace, surtout quand une application web ne protège pas toutes ses pages avec CSP, et qu'une page avec CSP imbrique ou est imbriquée dans une autre page sans ou avec un CSP différent et inefficace. Nous avons aussi élucidé la sémantique de CSP, en particulier les différences entre ses 3 versions, et leurs implémentations dans les navigateurs. Nous avons ainsi introduit le concept de CSP sans dépendances qui assure à une application la même protection contre les attaques, quelque soit le navigateur dans lequel elle s'exécute. Finalement, nous avons proposé et démontré comment étendre CSP dans son état actuel, afin de pallier à nombre de ses limitations qui ont été révélées dans d'autres études. Les contenus tiers dans les applications web permettent aux propriétaires de ces contenus de pister les utilisateurs quand ils naviguent sur le web. Pour éviter cela, nous avons introduit une nouvelle architecture web qui une fois déployée, supprime le pistage des utilisateurs. Dans un dernier temps, nous nous sommes intéressés aux extensions de navigateurs. Nous avons d'abord démontré que les extensions qu'un utilisateur installe et/ou les applications web auxquelles il se connecte, peuvent le distinguer d'autres utilisateurs. Nous avons aussi étudié les interactions entre extensions et applications web. Ainsi avons-nous trouvé plusieurs extensions dont les privilèges peuvent être exploités par des sites web afin d'accéder à des données sensibles de l'utilisateur. Par exemple, certaines extensions permettent à des applications web d'accéder aux contenus d'autres applications, bien que cela soit normalement interdit par la Same Origin Policy. Finalement, nous avons aussi trouvé qu'un grand nombre d'extensions a la possibilité de désactiver la Same Origin Policy dans le navigateur, en manipulant les entêtes CORS. Cela permet à un attaquant d'accéder aux données de l'utilisateur dans n'importe qu'elle autre application, comme par exemple ses mails, son profile sur les réseaux sociaux, et bien plus. Pour lutter contre ces problèmes, nous préconisons aux navigateurs un système de permissions plus fin et une analyse d'extensions plus poussée, afin d'alerter les utilisateurs des dangers réels liés aux extensions. / In this thesis, we studied security and privacy threats in web applications and browser extensions. There are many attacks targeting the web of which XSS (Cross-Site Scripting) is one of the most notorious. Third party tracking is the ability of an attacker to benefit from its presence in many web applications in order to track the user has she browses the web, and build her browsing profile. Extensions are third party software that users install to extend their browser functionality and improve their browsing experience. Malicious or poorly programmed extensions can be exploited by attackers in web applications, in order to benefit from extensions privileged capabilities and access sensitive user information. Content Security Policy (CSP) is a security mechanism for mitigating the impact of content injection attacks in general and in particular XSS. The Same Origin Policy (SOP) is a security mechanism implemented by browsers to isolate web applications of different origins from one another. In a first work on CSP, we analyzed the interplay of CSP with SOP and demonstrated that the latter allows the former to be bypassed. Then we scrutinized the three CSP versions and found that a CSP is differently interpreted depending on the browser, the version of CSP it implements, and how compliant the implementation is with respect to the specification. To help developers deploy effective policies that encompass all these differences in CSP versions and browsers implementations, we proposed the deployment of dependency-free policies that effectively protect against attacks in all browsers. Finally, previous studies have identified many limitations of CSP. We reviewed the different solutions proposed in the wild, and showed that they do not fully mitigate the identified shortcomings of CSP. Therefore, we proposed to extend the CSP specification, and showed the feasibility of our proposals with an example of implementation. Regarding third party tracking, we introduced and implemented a tracking preserving architecture, that can be deployed by web developers willing to include third party content in their applications while preventing tracking. Intuitively, third party requests are automatically routed to a trusted middle party server which removes tracking information from the requests. Finally considering browser extensions, we first showed that the extensions that users install and the websites they are logged into, can serve to uniquely identify and track them. We then studied the communications between browser extensions and web applications and demonstrate that malicious or poorly programmed extensions can be exploited by web applications to benefit from extensions privileged capabilities. Also, we demonstrated that extensions can disable the Same Origin Policy by tampering with CORS headers. All this enables web applications to read sensitive user information. To mitigate these threats, we proposed countermeasures and a more fine-grained permissions system and review process for browser extensions. We believe that this can help browser vendors identify malicious extensions and warn users about the threats posed by extensions they install.

Web

Navigateurs

Applications web

Sécurité

Extensions de navigateurs

Communication inter-iframes

Confidentialité

Vie privé

Pistage

Empreinte de navigateurs

Web

Browser

Web applications

Security

Same origin policy

Content origin policy

Cross-origin resource sharing

Browser extensions

Privacy

Cross-iframe communication

Third party web tracking

Browser fingerprinting