skip to main content
research-article

Utilizing Web Trackers for Sybil Defense

Published:22 April 2021Publication History
Skip Abstract Section

Abstract

User tracking has become ubiquitous practice on the Web, allowing services to recommend behaviorally targeted content to users. In this article, we design Alibi, a system that utilizes such readily available personalized content, generated by recommendation engines in real time, as a means to tame Sybil attacks. In particular, by using ads and other tracker-generated recommendations as implicit user “certificates,” Alibi is capable of creating meta-profiles that allow for rapid and inexpensive validation of users’ uniqueness, thereby enabling an Internet-wide Sybil defense service.

We demonstrate the feasibility of such a system, exploring the aggregate behavior of recommendation engines on the Web and demonstrating the richness of the meta-profile space defined by such inputs. We further explore the fundamental properties of such meta-profiles, i.e., their construction, uniqueness, persistence, and resilience to attacks. By conducting a user study, we show that the user meta-profiles are robust and show important scaling effects. We demonstrate that utilizing even a moderate number of popular Web sites empowers Alibi to tame large-scale Sybil attacks.

References

  1. Black Enterprise. 2012. New Facebook Privacy Policy Ruffles Feathers. Retrieved February 22, 2021 from http://www.blackenterprise.com/technology/new-facebook-privacy-pollicy/.Google ScholarGoogle Scholar
  2. Associated Press. 2012. New Google privacy policy allows even more access to personal information. Fox News. Retrieved February 22, 2021 from https://www.foxnews.com/tech/new-google-privacy-policy-allows-even-more-access-to-personal-information.Google ScholarGoogle Scholar
  3. Robert J. Mullins. 2012. New Microsoft privacy policy expands its user data mining rights. eWeek. Retrieved February 22, 2021 from http://www.eweek.com/enterprise-apps/new-microsoft-privacy-policy-expands-its-user-data-mining-rights/.Google ScholarGoogle Scholar
  4. BBC News. 2015. Amazon Targets 1,114 Fake Reviewers in Seattle Lawsuit. Retrieved February 22, 2021 from http://www.bbc.com/news/technology-34565631.Google ScholarGoogle Scholar
  5. Maeve Shearlaw. 2015. From Britain to Beijing: How governments manipulate the Internet. The Guardian. Retrieved February 22, 2021 from http://www.theguardian.com/world/2015/apr/02/russia-troll-factory-kremlin-cyber-army-comparisons.Google ScholarGoogle Scholar
  6. ABP. 2016. AdBlock. Retrieved February 22, 2021 from http://adblockplus.org/en/.Google ScholarGoogle Scholar
  7. Alexa. 2017. Home Page. Retrieved February 22, 2021 from http://www.alexa.com/.Google ScholarGoogle Scholar
  8. M. Backes, A. Kate, M. Maffei, and K. Pecina. 2012. ObliviAd: Provably secure and practical online behavioral advertising. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP’12). 257--271. DOI:https://doi.org/10.1109/SP.2012.25 Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. E. Balsa, C. Troncoso, and C. Diaz. 2012. OB-PWS: Obfuscation-based private web search. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP’12). 491--505. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Fabrício Benevenuto, Gabriel Magno, Tiago Rodrigues, and Virgílio Almeida. 2010. Detecting spammers on Twitter. In Proceedings of the 7th Annual Collaboration, Electronic Messaging, Anti-Abuse, and Spam Conference (CEAS’10).Google ScholarGoogle Scholar
  11. S. Chen, R. Wang, X. Wang, and K. Zhang. 2010. Side-channel leaks in web applications: A reality today, a challenge tomorrow. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (SP’10). Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Josep Domingo-Ferrer, Agusti Solanas, and Jordi Castella-Roca. 2009. h(k)-Private information retrieval from privacy-uncooperative queryable databases. Online Information Review 33, 4 (2009), 720--744.Google ScholarGoogle ScholarCross RefCross Ref
  13. J. Douceur. 2002. The Sybil attack. In Proceedings of the International Workshop on Peer-to-Peer Systems (IPTPS’02). Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Federal Trade Commission. 2012. Protecting Consumer Privacy in an Era of Rapid Change. Federal Trade Commission.Google ScholarGoogle Scholar
  15. M. Fredrikson and B. Livshits. 2011. RePriv: Re-imagining content personalization and in-browser privacy. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (SP’11). Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Google. 2012. How It Works: Ads Help. Retrieved February 22, 2021 from http://support.google.com/ads/bin/answer.py?hl=en&answer=2662749.Google ScholarGoogle Scholar
  17. S. Guha, B. Cheng, and P. Francis. 2010. Challenges in measuring online advertising systems. In Proceedings of the Internet Measurement Conference IMC’10). Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. S. Guha, B. Cheng, and P. Francis. 2011. Privad: Practical privacy in online advertising. In Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation (NSDI’11). 169--182. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. K. Gummadi, B. Krishnamurthy, and A. Mislove. 2010. Addressing the privacy management crisis in online social networks. In Proceedings of the IAB Workshop on Internet Privacy.Google ScholarGoogle Scholar
  20. A. Hannak, P. Sapiezynski, A. Kakhki, B. Krishnamurthy, D. Lazer, A. Mislove, and C. Wilson. 2013. Measuring personalization of Web search. In Proceedings of the 22nd International Conference on World Wide Web (WWW’13). Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Networking Advertising Initiative. 2017. Home Page. Retrieved February 22, 2021 from http://www.networkadvertising.org.Google ScholarGoogle Scholar
  22. Ian Jolliffe. 2002. Principal Component Analysis. Wiley Online Library.Google ScholarGoogle Scholar
  23. B. Krishnamurthy and C. Wills.2008. Characterizing privacy in online social networks. In Proceedings of the 1st Workshop on Online Social Networks (WOSN’08). Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. B. Krishnamurthy and C. Wills. 2009. Privacy diffusion on the web: A longitudinal perspective. In Proceedings of the 18th International Conference on World Wide Web (WWW’09). Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. B. Krishnamurthy and C. Wills.2010. Privacy leakage in mobile online social networks. In Proceedings of the 3rd Conference on Online Social Networks (WOSN’10). Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. C. Lesniewski-Laas and F. Kaashoek. 2010. Whanau: A Sybil-proof distributed hash table. In Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation (NSDI’10). Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Ee-Peng Lim, Viet-An Nguyen, Nitin Jindal, Bing Liu, and Hady Wirawan Lauw. 2010. Detecting product review spammers using rating behaviors. In Proceedings of the 19th ACM International Conference on Information and Knowledge Management (CIKM’10). Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Abedelaziz Mohaisen, Aaram Yun, and Yongdae Kim. 2010. Measuring the mixing time of social graphs. In Proceedings of the 2010 ACM/USENIX Internet Measurement Conference. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Mummoorthy Murugesan and Chris Clifton. 2009. Providing privacy through plausibly deniable search. In Proceedings of the SIAM International Conference on Data Mining (SDM’09), 768--779.Google ScholarGoogle ScholarCross RefCross Ref
  30. A. Narayanan and V. Shmatikov. 2008. Robust de-anonymization of large sparse datasets, or how to break anonymity of the Netflix Prize dataset. In Proceedings of the 2008 IEEE Symposium on Security and Privacy (SP’08). Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Netflix. 2009. Netflix Prize. Retrieved February 22, 2021 from http://www.netflixprize.com/.Google ScholarGoogle Scholar
  32. Helen F. Nissenbaum and Howe Daniel. 2009. TrackMeNot: Resisting surveillance in web search. In Lessons fromthe Identity Trail: Anonymity, Privacy, and Identity in a Networked Society, I. Kerr, C. Lucock, and V. Steeves (Eds.). Oxford University Press, Oxford, UK, 1--23.Google ScholarGoogle Scholar
  33. J. Pang, B. Greenstein, R. Gummadi, S. Seshan, and D. Wetherall. 2007. 802.11 user fingerprinting. In Proceedings of the 13th Annual ACM International Conference on Mobile Computing and Networking (MobiCom’07). 99--110 Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Panagiotis Papadopoulos, Antonis Papadogiannakis, Michalis Polychronakis, Apostolis Zarras, Thorsten Holz, and Evangelos Markatos. 2013. k-Subscription: Privacy-preserving microblogging browsing through obfuscation. In Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC’13). 49--58. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. A. Petit, T. Cerqueus, S. B. Mokhtar, L. Brunie, and H. Kosch. 2015. PEAS: Private, efficient and accurate web search. In Proceedings of 2015 IEEE International Conference on Trust, Security, and Privacy in Computing and Communications (TrustCom’15). 571--580. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. C. Riederer, V. Erramilli, A. Chaintreau, B. Krishnamurthy, and P. Rodriguez. 2011. For sale : Your data: By : You. In Proceedings of the 10th ACM Workshop on Hot Topics in Networks (HotNets’11). Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. F. Roesner, T. Kohno, and D. Wetherall. 2012. Detecting and defending against third-party tracking on the web. In Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation (NSDI’12). Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. V. Toubiana, A. Narayanan, D. Boneh, H. Nissenbaum, and S. Barocas. 2010. Adnostic: Privacy preserving targeted advertising. In Proceedings of the 2010 17th Annual Network and Distributed System Security Symposium (NDSS’10).Google ScholarGoogle Scholar
  39. N. Tran, B. Min, J. Li, and L. Subramanian. 2009. Sybil-resilient online content voting. In Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI’09). Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. TRUSTe. 2017. Home Page. Retrieved February 22, 2021 from http://www.truste.com.Google ScholarGoogle Scholar
  41. Bimal Viswanath, Muhammad Ahmad Bashir, Mark Crovella, Saikat Guha, Krishna P. Gummadi, Balachander Krishnamurthy, and Alan Mislove. 2014. Towards detecting anomalous user behavior in online social networks. In Proceedings of USENIX Security Symposium (USENIX Security’14). Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. B. Viswanath, A. Post, K. Gummadi, and A. Misolve. 2010. An analysis of social network-based Sybil defenses. In Proceedings of the 2010 Annual Conference of the ACM Special Interest Group on Data Communication (SIGCOMM’10). Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Gang Wang, Tristan Konolige, Christo Wilson, Xiao Wang, Haitao Zheng, and Ben Y. Zhao. 2013. You are how you click: Clickstream analysis for Sybil detection. In Proceedings of the 22nd USENIX Security Symposium (Usenix Security’13). Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Gang Wang, Tianyi Wang, Haitao Zheng, and Ben Y. Zhao. 2014. Man vs. machine: Practical adversarial detection of malicious crowdsourcing workers. In Proceedings of the 23rd USENIX Security Symposium (Usenix Security’14). Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Y. Wang, D. Burgener, A. Kuzmanovic, and G. Macia. 2011. Understanding the network and user-targeting properties of web advertising networks. In Proceedings of the 2011 31st International Conference on Distributed Computing Systems (ICDCS’11). Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. N. Xia, H. Song, Y. Liao, M. Iliofotou, A. Nucci, Z. Zhang, and A. Kuzmanovic. 2013. Mosaic: Quantifying privacy leakage in mobile networks. In Proceedings of the 2013 Annual Conference of theACM Special Interest Group on Data Communication (SIGCOMM’13). Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. X. Xing, W. Meng, D. Doozan, N. Feamster, W. Lee, and A. Snoeron. 2014. Exposing inconsistent Web search results with Bobble. In Proceedings of the 2014 Passive and Active Measurement Conference. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. T.-F. Yen, Y. Xie, F. Yu, R. Yu, and M. Abadi. 2012. Host fingerprinting and tracking on the web: Privacy and security implications. In Proceedings of the 2012 19th Annual Network and Distributed System Security Symposium (NDSS’12).Google ScholarGoogle Scholar
  49. Haifeng Yu, Phillip B. Gibbons, Michael Kaminsky, and Feng Xiao. 2008. SybilLimit: A near-optimal social network defense against Sybil attacks. In Proceedings of the 2008 IEEE Symposium on Security and Privacy (SP’08). Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. H. Yu, M. Kaminsky, P. Gibbons, and A. Flaxman. 2006. SybilGuard: Defending against Sybil attacks via social networks. In Proceedings of the 2006 Annual Conference of the ACM Special Interest Group on Data Communication (SIGCOMM’06). Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Utilizing Web Trackers for Sybil Defense

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on the Web
          ACM Transactions on the Web  Volume 15, Issue 2
          May 2021
          117 pages
          ISSN:1559-1131
          EISSN:1559-114X
          DOI:10.1145/3462271
          Issue’s Table of Contents

          Copyright © 2021 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 22 April 2021
          • Accepted: 1 October 2020
          • Revised: 1 September 2020
          • Received: 1 April 2019
          Published in tweb Volume 15, Issue 2

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Research
          • Refereed
        • Article Metrics

          • Downloads (Last 12 months)15
          • Downloads (Last 6 weeks)1

          Other Metrics

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        HTML Format

        View this article in HTML Format .

        View HTML Format
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!