@InProceedings{LePochat2019_tranco,
author = {{Le Pochat}, Victor and {Van Goethem}, Tom and Tajalizadehkhoob, Samaneh and Korczy\'{n}ski, Maciej and Joosen, Wouter},
title = {Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation},
booktitle = {Proceedings of the 26th Annual Network and Distributed System Security Symposium},
year = {2019},
series = {NDSS 2019},
month = 2,
doi = {10.14722/ndss.2019.23386},
}
@InProceedings{ruth2022_toppling,
author = {Ruth, Kimberly and Kumar, Deepak and Wang, Brandon and Valenta, Luke and Durumeric, Zakir},
title = {Toppling Top Lists: Evaluating the Accuracy of Popular Website Lists},
booktitle = {Proceedings of the 22nd ACM Internet Measurement Conference},
year = {2022},
series = {IMC '22},
pages = {374–387},
address = {New York, NY, USA},
publisher = {Association for Computing Machinery},
doi = {10.1145/3517745.3561444},
isbn = {9781450392594},
location = {Nice, France},
numpages = {14},
url = {https://doi.org/10.1145/3517745.3561444},
}
@inproceedings{xie2024_crawling,
title={Crawling to the Top: An Empirical Evaluation of Top List Use},
author={Xie, Qinge and Li, Frank},
booktitle={International Conference on Passive and Active Network Measurement},
pages={277--306},
year={2024},
organization={Springer}
}
@inproceedings{scheitle2018_long,
author = {Scheitle, Quirin and Hohlfeld, Oliver and Gamba, Julien and Jelten, Jonas and Zimmermann, Torsten and Strowes, Stephen D. and Vallina-Rodriguez, Narseo},
title = {A Long Way to the Top: Significance, Structure, and Stability of Internet Top Lists},
year = {2018},
isbn = {9781450356190},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3278532.3278574},
doi = {10.1145/3278532.3278574},
booktitle = {Proceedings of the Internet Measurement Conference 2018},
pages = {478–493},
numpages = {16},
location = {Boston, MA, USA},
series = {IMC '18}
}
@inproceedings{xie2022_building,
title={Building an Open, Robust, and Stable Voting-Based Domain Top List},
author={Xie, Qinge and Tang, Shujun and Zheng, Xiaofeng and Lin, Qingran and Liu, Baojun and Duan, Haixin and Li, Frank},
booktitle={31st USENIX Security Symposium (USENIX Security 22)},
pages={625--642},
year={2022}
}
@inproceedings{vallina2020_misshapes,
author = {Vallina, Pelayo and Le Pochat, Victor and Feal, \'{A}lvaro and Paraschiv, Marius and Gamba, Julien and Burke, Tim and Hohlfeld, Oliver and Tapiador, Juan and Vallina-Rodriguez, Narseo},
title = {Mis-shapes, Mistakes, Misfits: An Analysis of Domain Classification Services},
year = {2020},
isbn = {9781450381383},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3419394.3423660},
doi = {10.1145/3419394.3423660},
abstract = {Domain classification services have applications in multiple areas, including cybersecurity, content blocking, and targeted advertising. Yet, these services are often a black box in terms of their methodology to classifying domains, which makes it difficult to assess their strengths, aptness for specific applications, and limitations. In this work, we perform a large-scale analysis of 13 popular domain classification services on more than 4.4M hostnames. Our study empirically explores their methodologies, scalability limitations, label constellations, and their suitability to academic research as well as other practical applications such as content filtering. We find that the coverage varies enormously across providers, ranging from over 90\% to below 1\%. All services deviate from their documented taxonomy, hampering sound usage for research. Further, labels are highly inconsistent across providers, who show little agreement over domains, making it difficult to compare or combine these services. We also show how the dynamics of crowd-sourced efforts may be obstructed by scalability and coverage aspects as well as subjective disagreements among human labelers. Finally, through case studies, we showcase that most services are not fit for detecting specialized content for research or content-blocking purposes. We conclude with actionable recommendations on their usage based on our empirical insights and experience. Particularly, we focus on how users should handle the significant disparities observed across services both in technical solutions and in research.},
booktitle = {Proceedings of the ACM Internet Measurement Conference},
pages = {598–618},
numpages = {21},
location = {Virtual Event, USA},
series = {IMC '20}
}
@article{snyder2020_who,
author = {Snyder, Peter and Vastel, Antoine and Livshits, Ben},
title = {Who Filters the Filters: Understanding the Growth, Usefulness and Efficiency of Crowdsourced Ad Blocking},
year = {2020},
issue_date = {June 2020},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {4},
number = {2},
url = {https://doi.org/10.1145/3392144},
doi = {10.1145/3392144},
journal = {Proc. ACM Meas. Anal. Comput. Syst.},
month = jun,
articleno = {26},
numpages = {24},
keywords = {web privacy, web measurement, filter lists, easylist}
}
@inproceedings{iqbal2020_adgraph,
author={Iqbal, Umar and Snyder, Peter and Zhu, Shitong and Livshits, Benjamin and Qian, Zhiyun and Shafiq, Zubair},
booktitle={2020 IEEE Symposium on Security and Privacy (SP)},
title={AdGraph: A Graph-Based Approach to Ad and Tracker Blocking},
year={2020},
volume={},
number={},
pages={763-776},
keywords={Advertising;Chromium;Uniform resource locators;Browsers;Privacy;Tools;Robustness},
doi={10.1109/SP40000.2020.00005}
}
@inproceedings{siby2022_webgraph,
author = {Sandra Siby and Umar Iqbal and Steven Englehardt and Zubair Shafiq and Carmela Troncoso},
title = {{WebGraph}: Capturing Advertising and Tracking Information Flows for Robust Blocking},
booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
year = {2022},
isbn = {978-1-939133-31-1},
address = {Boston, MA},
pages = {2875--2892},
url = {https://www.usenix.org/conference/usenixsecurity22/presentation/siby},
publisher = {USENIX Association},
month = aug
}
@inproceedings{iqbal2022_khaleesi,
author = {Umar Iqbal and Charlie Wolfe and Charles Nguyen and Steven Englehardt and Zubair Shafiq},
title = {Khaleesi: Breaker of Advertising and Tracking Request Chains},
booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
year = {2022},
isbn = {978-1-939133-31-1},
address = {Boston, MA},
pages = {2911--2928},
url = {https://www.usenix.org/conference/usenixsecurity22/presentation/iqbal},
publisher = {USENIX Association},
month = aug
}
@article{mhaidli2023researchers,
title={Researchers’ Experiences in Analyzing Privacy Policies: Challenges and Opportunities},
author={Mhaidli, Abraham and Fidan, Selin and Doan, An and Herakovic, Gina and Srinath, Mukund and Matheson, Lee and Wilson, Shomir and Schaub, Florian},
journal={Proceedings on Privacy Enhancing Technologies},
issue={4},
number={},
volume={2023},
pages={287--305},
year={2023},
doi={10.56553/popets-2023-0111},
url={https://petsymposium.org/popets/2023/popets-2023-0111.php},
}
@article{hosseini2021unifying,
title={Unifying privacy policy detection},
author={Hosseini, Henry and Degeling, Martin and Utz, Christine and Hupperich, Thomas},
journal={Proceedings on Privacy Enhancing Technologies},
doi={10.2478/popets-2021-0081},
issue={4},
volume={2021},
pages={480–499},
year={2021}
}
@inproceedings{roesner2012_detecting,
author = {Franziska Roesner and Tadayoshi Kohno and David Wetherall},
title = {Detecting and Defending Against {Third-Party} Tracking on the Web},
booktitle = {9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12)},
year = {2012},
isbn = {978-931971-92-8},
address = {San Jose, CA},
pages = {155--168},
url = {https://www.usenix.org/conference/nsdi12/technical-sessions/presentation/roesner},
publisher = {USENIX Association},
month = apr
}
@article{solomos2019_clash,
title={Clash of the trackers: Measuring the evolution of the online tracking ecosystem},
author={Solomos, Konstantinos and Ilia, Panagiotis and Ioannidis, Sotiris and Kourtellis, Nicolas},
booktitle = {Measurement and Analysis Conference (TMA'20)},
publisher = {IFIP Open Digital Library},
isbn = {978-3-903176-27-0},
year={2020},
address = {Berlin, Germany},
}
@inproceedings{sanchezrola2019can,
author = {Sanchez-Rola, Iskander and Dell'Amico, Matteo and Kotzias, Platon and Balzarotti, Davide and Bilge, Leyla and Vervier, Pierre-Antoine and Santos, Igor},
title = {Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control},
year = {2019},
isbn = {9781450367523},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3321705.3329806},
doi = {10.1145/3321705.3329806},
pages = {340–351},
numpages = {12},
keywords = {GDPR, browser cookies, user privacy},
location = {Auckland, New Zealand},
series = {Asia CCS '19}
}
@article{calzavara2015supervised,
author = {Calzavara, Stefano and Tolomei, Gabriele and Casini, Andrea and Bugliesi, Michele and Orlando, Salvatore},
title = {A Supervised Learning Approach to Protect Client Authentication on the Web},
year = {2015},
issue_date = {June 2015},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {9},
number = {3},
issn = {1559-1131},
url = {https://doi.org/10.1145/2754933},
doi = {10.1145/2754933},
journal = {ACM Trans. Web},
month = jun,
articleno = {15},
numpages = {30},
keywords = {Web security, authentication cookies, classification}
}
@inproceedings{hu2021cccc,
author = {Hu, Xuehui and Sastry, Nishanth and Mondal, Mainack},
title = {CCCC: Corralling Cookies into Categories with CookieMonster},
year = {2021},
isbn = {9781450383301},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3447535.3462509},
doi = {10.1145/3447535.3462509},
booktitle = {Proceedings of the 13th ACM Web Science Conference 2021},
pages = {234–242},
numpages = {9},
keywords = {Web tracking, Third-Party Cookie, Cookie Categorisation},
location = {Virtual Event, United Kingdom},
series = {WebSci '21}
}
@inproceedings{shaoor2023cookiegraph,
author = {Munir, Shaoor and Siby, Sandra and Iqbal, Umar and Englehardt, Steven and Shafiq, Zubair and Troncoso, Carmela},
title = {CookieGraph: Understanding and Detecting First-Party Tracking Cookies},
year = {2023},
isbn = {9798400700507},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3576915.3616586},
doi = {10.1145/3576915.3616586},
pages = {3490–3504},
numpages = {15},
keywords = {cookies, machine learning, privacy, tracking, web security},
location = {Copenhagen, Denmark},
series = {CCS '23}
}
@inproceedings{bollinger2022automating,
author = {Dino Bollinger and Karel Kubicek and Carlos Cotrini and David Basin},
title = {Automating Cookie Consent and GDPR Violation Detection},
booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
year = {2022},
month = aug,
pages = {2893--2910},
isbn = {978-1-939133-31-1},
publisher = {USENIX Association},
url = {https://www.usenix.org/conference/usenixsecurity22/presentation/bollinger},
address = {Boston, MA},
}
@inproceedings{lin2024it,
author = {Kyi, Lin and Mhaidli, Abraham and Santos, Cristiana Teixeira and Roesner, Franziska and Biega, Asia J.},
title = {“It doesn’t tell me anything about how my data is used”: User Perceptions of Data Collection Purposes},
year = {2024},
isbn = {9798400703300},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3613904.3642260},
doi = {10.1145/3613904.3642260},
booktitle = {Proceedings of the 2024 CHI Conference on Human Factors in Computing Systems},
articleno = {984},
numpages = {12},
keywords = {GDPR, personal data, privacy, purposes, qualitative methods, tracking},
location = {Honolulu, HI, USA},
series = {CHI '24}
}
@article{jiwani2024crumbling,
title={Crumbling Cookie Categories: Deconstructing Common Cookie Categories to Create Categories that People Understand},
author={Jiwani, Soha and Sasheendran, Rachna and Abhyankar, Adhishree and Bouma-Sims, Elijah and Cranor, Lorrie},
journal={Proceedings on Privacy Enhancing Technologies},
year={2024},
doi={10.56553/popets-2024-0093}
}
@inproceedings{shaoor2024purl,
author = {Shaoor Munir and Patrick Lee and Umar Iqbal and Zubair Shafiq and Sandra Siby},
title = {{PURL}: Safe and Effective Sanitization of Link Decoration},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {4103--4120},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/munir},
publisher = {USENIX Association},
month = aug
}