literature:bibliography
@InProceedings{LePochat2019_tranco, author = {{Le Pochat}, Victor and {Van Goethem}, Tom and Tajalizadehkhoob, Samaneh and Korczy\'{n}ski, Maciej and Joosen, Wouter}, title = {Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation}, booktitle = {Proceedings of the 26th Annual Network and Distributed System Security Symposium}, year = {2019}, series = {NDSS 2019}, month = 2, doi = {10.14722/ndss.2019.23386}, } @InProceedings{ruth2022_toppling, author = {Ruth, Kimberly and Kumar, Deepak and Wang, Brandon and Valenta, Luke and Durumeric, Zakir}, title = {Toppling Top Lists: Evaluating the Accuracy of Popular Website Lists}, booktitle = {Proceedings of the 22nd ACM Internet Measurement Conference}, year = {2022}, series = {IMC '22}, pages = {374–387}, address = {New York, NY, USA}, publisher = {Association for Computing Machinery}, doi = {10.1145/3517745.3561444}, isbn = {9781450392594}, location = {Nice, France}, numpages = {14}, url = {https://doi.org/10.1145/3517745.3561444}, } @inproceedings{xie2024_crawling, title={Crawling to the Top: An Empirical Evaluation of Top List Use}, author={Xie, Qinge and Li, Frank}, booktitle={International Conference on Passive and Active Network Measurement}, pages={277--306}, year={2024}, organization={Springer} } @inproceedings{scheitle2018_long, author = {Scheitle, Quirin and Hohlfeld, Oliver and Gamba, Julien and Jelten, Jonas and Zimmermann, Torsten and Strowes, Stephen D. and Vallina-Rodriguez, Narseo}, title = {A Long Way to the Top: Significance, Structure, and Stability of Internet Top Lists}, year = {2018}, isbn = {9781450356190}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3278532.3278574}, doi = {10.1145/3278532.3278574}, booktitle = {Proceedings of the Internet Measurement Conference 2018}, pages = {478–493}, numpages = {16}, location = {Boston, MA, USA}, series = {IMC '18} } @inproceedings{xie2022_building, title={Building an Open, Robust, and Stable Voting-Based Domain Top List}, author={Xie, Qinge and Tang, Shujun and Zheng, Xiaofeng and Lin, Qingran and Liu, Baojun and Duan, Haixin and Li, Frank}, booktitle={31st USENIX Security Symposium (USENIX Security 22)}, pages={625--642}, year={2022} } @inproceedings{vallina2020_misshapes, author = {Vallina, Pelayo and Le Pochat, Victor and Feal, \'{A}lvaro and Paraschiv, Marius and Gamba, Julien and Burke, Tim and Hohlfeld, Oliver and Tapiador, Juan and Vallina-Rodriguez, Narseo}, title = {Mis-shapes, Mistakes, Misfits: An Analysis of Domain Classification Services}, year = {2020}, isbn = {9781450381383}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3419394.3423660}, doi = {10.1145/3419394.3423660}, abstract = {Domain classification services have applications in multiple areas, including cybersecurity, content blocking, and targeted advertising. Yet, these services are often a black box in terms of their methodology to classifying domains, which makes it difficult to assess their strengths, aptness for specific applications, and limitations. In this work, we perform a large-scale analysis of 13 popular domain classification services on more than 4.4M hostnames. Our study empirically explores their methodologies, scalability limitations, label constellations, and their suitability to academic research as well as other practical applications such as content filtering. We find that the coverage varies enormously across providers, ranging from over 90\% to below 1\%. All services deviate from their documented taxonomy, hampering sound usage for research. Further, labels are highly inconsistent across providers, who show little agreement over domains, making it difficult to compare or combine these services. We also show how the dynamics of crowd-sourced efforts may be obstructed by scalability and coverage aspects as well as subjective disagreements among human labelers. Finally, through case studies, we showcase that most services are not fit for detecting specialized content for research or content-blocking purposes. We conclude with actionable recommendations on their usage based on our empirical insights and experience. Particularly, we focus on how users should handle the significant disparities observed across services both in technical solutions and in research.}, booktitle = {Proceedings of the ACM Internet Measurement Conference}, pages = {598–618}, numpages = {21}, location = {Virtual Event, USA}, series = {IMC '20} } @article{snyder2020_who, author = {Snyder, Peter and Vastel, Antoine and Livshits, Ben}, title = {Who Filters the Filters: Understanding the Growth, Usefulness and Efficiency of Crowdsourced Ad Blocking}, year = {2020}, issue_date = {June 2020}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, volume = {4}, number = {2}, url = {https://doi.org/10.1145/3392144}, doi = {10.1145/3392144}, journal = {Proc. ACM Meas. Anal. Comput. Syst.}, month = jun, articleno = {26}, numpages = {24}, keywords = {web privacy, web measurement, filter lists, easylist} } @inproceedings{iqbal2020_adgraph, author={Iqbal, Umar and Snyder, Peter and Zhu, Shitong and Livshits, Benjamin and Qian, Zhiyun and Shafiq, Zubair}, booktitle={2020 IEEE Symposium on Security and Privacy (SP)}, title={AdGraph: A Graph-Based Approach to Ad and Tracker Blocking}, year={2020}, volume={}, number={}, pages={763-776}, keywords={Advertising;Chromium;Uniform resource locators;Browsers;Privacy;Tools;Robustness}, doi={10.1109/SP40000.2020.00005} } @inproceedings{siby2022_webgraph, author = {Sandra Siby and Umar Iqbal and Steven Englehardt and Zubair Shafiq and Carmela Troncoso}, title = {{WebGraph}: Capturing Advertising and Tracking Information Flows for Robust Blocking}, booktitle = {31st USENIX Security Symposium (USENIX Security 22)}, year = {2022}, isbn = {978-1-939133-31-1}, address = {Boston, MA}, pages = {2875--2892}, url = {https://www.usenix.org/conference/usenixsecurity22/presentation/siby}, publisher = {USENIX Association}, month = aug } @inproceedings{iqbal2022_khaleesi, author = {Umar Iqbal and Charlie Wolfe and Charles Nguyen and Steven Englehardt and Zubair Shafiq}, title = {Khaleesi: Breaker of Advertising and Tracking Request Chains}, booktitle = {31st USENIX Security Symposium (USENIX Security 22)}, year = {2022}, isbn = {978-1-939133-31-1}, address = {Boston, MA}, pages = {2911--2928}, url = {https://www.usenix.org/conference/usenixsecurity22/presentation/iqbal}, publisher = {USENIX Association}, month = aug } @article{mhaidli2023researchers, title={Researchers’ Experiences in Analyzing Privacy Policies: Challenges and Opportunities}, author={Mhaidli, Abraham and Fidan, Selin and Doan, An and Herakovic, Gina and Srinath, Mukund and Matheson, Lee and Wilson, Shomir and Schaub, Florian}, journal={Proceedings on Privacy Enhancing Technologies}, issue={4}, number={}, volume={2023}, pages={287--305}, year={2023}, doi={10.56553/popets-2023-0111}, url={https://petsymposium.org/popets/2023/popets-2023-0111.php}, } @article{hosseini2021unifying, title={Unifying privacy policy detection}, author={Hosseini, Henry and Degeling, Martin and Utz, Christine and Hupperich, Thomas}, journal={Proceedings on Privacy Enhancing Technologies}, doi={10.2478/popets-2021-0081}, issue={4}, volume={2021}, pages={480–499}, year={2021} } @inproceedings{roesner2012_detecting, author = {Franziska Roesner and Tadayoshi Kohno and David Wetherall}, title = {Detecting and Defending Against {Third-Party} Tracking on the Web}, booktitle = {9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12)}, year = {2012}, isbn = {978-931971-92-8}, address = {San Jose, CA}, pages = {155--168}, url = {https://www.usenix.org/conference/nsdi12/technical-sessions/presentation/roesner}, publisher = {USENIX Association}, month = apr } @article{solomos2019_clash, title={Clash of the trackers: Measuring the evolution of the online tracking ecosystem}, author={Solomos, Konstantinos and Ilia, Panagiotis and Ioannidis, Sotiris and Kourtellis, Nicolas}, booktitle = {Measurement and Analysis Conference (TMA'20)}, publisher = {IFIP Open Digital Library}, isbn = {978-3-903176-27-0}, year={2020}, address = {Berlin, Germany}, } @inproceedings{sanchezrola2019can, author = {Sanchez-Rola, Iskander and Dell'Amico, Matteo and Kotzias, Platon and Balzarotti, Davide and Bilge, Leyla and Vervier, Pierre-Antoine and Santos, Igor}, title = {Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control}, year = {2019}, isbn = {9781450367523}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3321705.3329806}, doi = {10.1145/3321705.3329806}, pages = {340–351}, numpages = {12}, keywords = {GDPR, browser cookies, user privacy}, location = {Auckland, New Zealand}, series = {Asia CCS '19} } @article{calzavara2015supervised, author = {Calzavara, Stefano and Tolomei, Gabriele and Casini, Andrea and Bugliesi, Michele and Orlando, Salvatore}, title = {A Supervised Learning Approach to Protect Client Authentication on the Web}, year = {2015}, issue_date = {June 2015}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, volume = {9}, number = {3}, issn = {1559-1131}, url = {https://doi.org/10.1145/2754933}, doi = {10.1145/2754933}, journal = {ACM Trans. Web}, month = jun, articleno = {15}, numpages = {30}, keywords = {Web security, authentication cookies, classification} } @inproceedings{hu2021cccc, author = {Hu, Xuehui and Sastry, Nishanth and Mondal, Mainack}, title = {CCCC: Corralling Cookies into Categories with CookieMonster}, year = {2021}, isbn = {9781450383301}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3447535.3462509}, doi = {10.1145/3447535.3462509}, booktitle = {Proceedings of the 13th ACM Web Science Conference 2021}, pages = {234–242}, numpages = {9}, keywords = {Web tracking, Third-Party Cookie, Cookie Categorisation}, location = {Virtual Event, United Kingdom}, series = {WebSci '21} } @inproceedings{shaoor2023cookiegraph, author = {Munir, Shaoor and Siby, Sandra and Iqbal, Umar and Englehardt, Steven and Shafiq, Zubair and Troncoso, Carmela}, title = {CookieGraph: Understanding and Detecting First-Party Tracking Cookies}, year = {2023}, isbn = {9798400700507}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3576915.3616586}, doi = {10.1145/3576915.3616586}, pages = {3490–3504}, numpages = {15}, keywords = {cookies, machine learning, privacy, tracking, web security}, location = {Copenhagen, Denmark}, series = {CCS '23} } @inproceedings{bollinger2022automating, author = {Dino Bollinger and Karel Kubicek and Carlos Cotrini and David Basin}, title = {Automating Cookie Consent and GDPR Violation Detection}, booktitle = {31st USENIX Security Symposium (USENIX Security 22)}, year = {2022}, month = aug, pages = {2893--2910}, isbn = {978-1-939133-31-1}, publisher = {USENIX Association}, url = {https://www.usenix.org/conference/usenixsecurity22/presentation/bollinger}, address = {Boston, MA}, } @inproceedings{lin2024it, author = {Kyi, Lin and Mhaidli, Abraham and Santos, Cristiana Teixeira and Roesner, Franziska and Biega, Asia J.}, title = {“It doesn’t tell me anything about how my data is used”: User Perceptions of Data Collection Purposes}, year = {2024}, isbn = {9798400703300}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3613904.3642260}, doi = {10.1145/3613904.3642260}, booktitle = {Proceedings of the 2024 CHI Conference on Human Factors in Computing Systems}, articleno = {984}, numpages = {12}, keywords = {GDPR, personal data, privacy, purposes, qualitative methods, tracking}, location = {Honolulu, HI, USA}, series = {CHI '24} } @article{jiwani2024crumbling, title={Crumbling Cookie Categories: Deconstructing Common Cookie Categories to Create Categories that People Understand}, author={Jiwani, Soha and Sasheendran, Rachna and Abhyankar, Adhishree and Bouma-Sims, Elijah and Cranor, Lorrie}, journal={Proceedings on Privacy Enhancing Technologies}, year={2024}, doi={10.56553/popets-2024-0093} } @inproceedings{shaoor2024purl, author = {Shaoor Munir and Patrick Lee and Umar Iqbal and Zubair Shafiq and Sandra Siby}, title = {{PURL}: Safe and Effective Sanitization of Link Decoration}, booktitle = {33rd USENIX Security Symposium (USENIX Security 24)}, year = {2024}, isbn = {978-1-939133-44-1}, address = {Philadelphia, PA}, pages = {4103--4120}, url = {https://www.usenix.org/conference/usenixsecurity24/presentation/munir}, publisher = {USENIX Association}, month = aug } @inproceedings{hantke2023you, author = {Hantke, Florian and Calzavara, Stefano and Wilhelm, Moritz and Rabitti, Alvise and Stock, Ben}, title = {You Call This Archaeology? Evaluating Web Archives for Reproducible Web Security Measurements}, year = {2023}, isbn = {9798400700507}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3576915.3616688}, doi = {10.1145/3576915.3616688}, booktitle = {Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security}, pages = {3168–3182}, numpages = {15}, keywords = {reproducibility, web measurement, web privacy, web security}, location = {Copenhagen, Denmark}, series = {CCS '23} } @article{hantke2025web, title={Web Execution Bundles: Reproducible, Accurate, and Archivable Web Measurements}, author={Hantke, Florian and Snyder, Peter and Haddadi, Hamed and Stock, Ben}, journal={arXiv preprint arXiv:2501.15911}, year={2025} } @inproceedings{lerner2016internet, title={Internet Jones and the Raiders of the lost trackers: An archaeological study of web tracking from 1996 to 2016}, author={Lerner, Ada and Simpson, Anna Kornfeld and Kohno, Tadayoshi and Roesner, Franziska}, booktitle={25th USENIX Security Symposium (USENIX Security 16)}, year={2016}, url={https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/lerner} } @article{jha2024privacy, title={Privacy Policies and Consent Management Platforms: Growth and Users' Interactions over Time}, author={Jha, Nikhil and Trevisan, Martino and Mellia, Marco and Fernandez, Daniel and Irarrazaval, Rodrigo}, journal={arXiv preprint arXiv:2402.18321}, year={2024} } @inproceedings{amos2021privacy, author = {Amos, Ryan and Acar, Gunes and Lucherini, Eli and Kshirsagar, Mihir and Narayanan, Arvind and Mayer, Jonathan}, title = {Privacy Policies over Time: Curation and Analysis of a Million-Document Dataset}, year = {2021}, isbn = {9781450383127}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3442381.3450048}, doi = {10.1145/3442381.3450048}, booktitle = {Proceedings of the Web Conference 2021}, pages = {2165–2176}, numpages = {12}, keywords = {web tracking, privacy policy, open dataset, data protection}, location = {Ljubljana, Slovenia}, series = {WWW '21} } @article{dimova2021cname, title={The CNAME of the game: Large-scale analysis of DNS-based tracking evasion}, author={Dimova, Yana and Acar, Gunes and Olejnik, Lukasz and Joosen, Wouter and Van Goethem, Tom}, journal={Proceedings on Privacy Enhancing Technologies}, doi={10.2478/popets-2021-0053}, url={https://doi.org/10.2478/popets-2021-0053}, volume={2021}, issue={3}, pages={394–412}, year={2021} } @inproceedings{pletinckx2021out, title={Out of sight, out of mind: Detecting orphaned web pages at internet-scale}, author={Pletinckx, Stijn and Borgolte, Kevin and Fiebig, Tobias}, year = {2021}, isbn = {9781450384544}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3460120.3485367}, doi = {10.1145/3460120.3485367}, booktitle = {Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security}, pages = {21–35}, numpages = {15}, keywords = {measurement, orphaned resources, web security}, location = {Virtual Event, Republic of Korea}, series = {CCS '21} } @inproceedings{roth2020complex, title={Complex security policy? A longitudinal analysis of deployed content security policies}, author={Roth, Sebastian and Barron, Timothy and Calzavara, Stefano and Nikiforakis, Nick and Stock, Ben}, booktitle={Proceedings of the 27th Network and Distributed System Security Symposium (NDSS)}, year={2020} } @inproceedings{stock2017web, title={How the Web Tangled Itself: Uncovering the History of Client-Side Web (In) Security}, author={Stock, Ben and Johns, Martin and Steffens, Marius and Backes, Michael}, booktitle = {26th USENIX Security Symposium (USENIX Security 17)}, year = {2017}, isbn = {978-1-931971-40-9}, address = {Vancouver, BC}, pages = {971--987}, url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/stock}, publisher = {USENIX Association}, month = aug } } @inproceedings{bouhoula2024automated, author = {Ahmed Bouhoula and Karel Kubicek and Amit Zac and Carlos Cotrini and David Basin}, title = {Automated Large-Scale Analysis of Cookie Notice Compliance}, booktitle = {33rd USENIX Security Symposium (USENIX Security 24)}, year = {2024}, isbn = {978-1-939133-44-1}, address = {Philadelphia, PA}, pages = {1723--1739}, url = {https://ahmedbouhoula.github.io/post/automated.html}, publisher = {USENIX Association}, month = aug } @inproceedings{khandelwal2023automated, author = {Rishabh Khandelwal and Asmit Nayak and Hamza Harkous and Kassem Fawaz}, title = {Automated Cookie Notice Analysis and Enforcement}, booktitle = {32nd USENIX Security Symposium (USENIX Security 23)}, year = {2023}, isbn = {978-1-939133-37-3}, address = {Anaheim, CA}, pages = {1109--1126}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/khandelwal}, publisher = {USENIX Association}, month = aug } @inproceedings{urban2020beyond, author = {Urban, Tobias and Degeling, Martin and Holz, Thorsten and Pohlmann, Norbert}, title = {Beyond the Front Page:Measuring Third Party Dynamics in the Field}, year = {2020}, isbn = {9781450370233}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3366423.3380203}, doi = {10.1145/3366423.3380203}, booktitle = {Proceedings of The Web Conference 2020}, pages = {1275–1286}, numpages = {12}, keywords = {cookies, privacy, third parties, web measurement}, location = {Taipei, Taiwan}, series = {WWW '20} } @inproceedings{zeber2020representativeness, author = {Zeber, David and Bird, Sarah and Oliveira, Camila and Rudametkin, Walter and Segall, Ilana and Wolls\'{e}n, Fredrik and Lopatka, Martin}, title = {The Representativeness of Automated Web Crawls as a Surrogate for Human Browsing}, year = {2020}, isbn = {9781450370233}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3366423.3380104}, doi = {10.1145/3366423.3380104}, booktitle = {Proceedings of The Web Conference 2020}, pages = {167–178}, numpages = {12}, keywords = {Browser Fingerprinting, Online Privacy, Tracking, Web Crawling, World Wide Web}, location = {Taipei, Taiwan}, series = {WWW '20} } @inproceedings{englehardt2016online, author = {Englehardt, Steven and Narayanan, Arvind}, title = {Online Tracking: A 1-million-site Measurement and Analysis}, year = {2016}, isbn = {9781450341394}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/2976749.2978313}, doi = {10.1145/2976749.2978313}, booktitle = {Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security}, pages = {1388–1401}, numpages = {14}, keywords = {web tracking, web privacy, web measurement, online advertising, measurement, device fingerprinting, browser security, browser privacy, browser fingerprinting}, location = {Vienna, Austria}, series = {CCS '16} } @inproceedings{bashir2016tracing, title={Tracing information flows between ad exchanges using retargeted ads}, author={Bashir, Muhammad Ahmad and Arshad, Sajjad and Robertson, William and Wilson, Christo}, booktitle={25th USENIX Security Symposium (USENIX Security 16)}, pages={481--496}, year={2016}, url={https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/bashir} } @inproceedings{fouad2022my, title={My Cookie is a phoenix: Detection, measurement, and lawfulness of cookie respawning with browser fingerprinting}, author={Fouad, Imane and Santos, Cristiana and Legout, Arnaud and Bielova, Nataliia}, booktitle={PETS 2022-22nd Privacy Enhancing Technologies Symposium}, year={2022}, doi={10.56553/popets-2022-0063}, url={https://doi.org/10.56553/popets-2022-0063}, }
literature/bibliography.txt · Last modified: 2025/03/19 08:55 by karelkubicek