User data is the primary input of digital advertising, fueling free Internet as we know it. As a result, web companies invest lot in elaborate tracking mechanisms to acquire user that can sell markets and advertisers. However, with same-origin policy cookies identification mechanism on web, each tracker knows same different ID. To mitigate this, Cookie Synchronization (CSync) came rescue, facilitating an information sharing channel between 3rd-parties may or not have direct access website...

During the past few years, mostly as a result of GDPR and CCPA, websites have started to present users with cookie consent banners. These banners are web forms where can state their preference declare which cookies they would like accept, if such option exists. Although requesting before storing any identifiable information is good start towards respecting user privacy, yet previous research has shown that do not always respect choices. Furthermore, considering ever decreasing reliance...

The vast majority of online services nowadays, provide both a mobile friendly website and application to their users. Both these choices are usually released for free, with developers, gaining revenue by allowing advertisements from ad networks be embedded into content. In order more personalized thus effective advertisements, deploy pervasive user tracking, raising this way significant privacy concerns. As consequence, the users do not have think only convenience before deciding which...

Fake news is an age-old phenomenon, widely assumed to be associated with political propaganda published sway public opinion. Yet, the growth of social media, it has become a lucrative business for Web publishers. Despite many studies performed and countermeasures proposed, unreliable sites have increased in last years their share engagement among top performing sources. Stifling fake impact depends on our efforts limiting (economic) incentives producers.

Digital advertisements are delivered in the form of static images, animations or videos, with goal to promote a product, service an idea desktop mobile users. Thus, advertiser pays monetary cost buy ad-space content provider»s medium (e.g., website) place their advertisement consumer»s display. However, is it only who for ad delivery? Unlike traditional mediums such as newspapers, TV radio, digital world, end-users also paying delivery. Whilst on advertiser»s side clearly monetary, end-user,...

In recent years, Header Bidding (HB) has gained popularity among web publishers, challenging the status quo in ad ecosystem. Contrary to traditional waterfall standard, HB aims give back publishers control of their inventory, increase transparency, fairness and competition advertisers, resulting higher ad-slot prices. Although promising, little is known about how this protocol works: What are HB's possible implementations, who major players, what its network UX overhead?

Accurate web measurement is critical for understanding and improving security privacy online. Such measurements implicitly assume that automated crawls generalize to typical user experience. But anecdotal evidence suggests the behaves differently when seen via well-known endpoints or automation frameworks, various reasons. Our work improves state of by investigating how key differ using naive crawling tool defaults vs. careful attempts match "real" users across Tranco top 25k domains. We...

Over the past years, advertisement companies have used various tracking methods to persistently track users across web. Such usually include first and third-party cookies, cookie synchronization, as well a variety of fingerprinting mechanisms. Facebook (FB) recently introduced new tagging mechanism that attaches one-time tag URL parameter (FBCLID) on outgoing links other websites. Although such does not seem enough information users, we demonstrate despite its ephemeral nature, when combined...

Websites with hyper-partisan, left or right-leaning focus offer content that is typically biased towards the expectations of their target audience. Such often polarizes users, who are repeatedly primed to specific (extreme) content, usually reflecting hard party lines on political and socio-economic topics. Though this polarization has been extensively studied respect it still unknown how associates online tracking experienced by browsing especially when they exhibit certain demographic...

Filter lists play a large and growing role in protecting assisting web users. The vast majority of popular filter are crowd-sourced, where number people manually label resources related to undesirable (e.g. ads, trackers, paywall libraries), so that they can be blocked by browsers extensions.

The proliferation of web applications has essentially transformed modern browsers into small but powerful operating systems.Upon visiting a website, user devices run implicitly trusted script code, the execution which is confined within browser to prevent any interference with user's system.Recent JavaScript APIs, however, provide advanced capabilities that not only enable feature-rich applications, also allow attackers perform malicious operations despite nature code execution.In this...

In recent years, and after the Snowden revelations, there has been a significant movement in web from organizations, policymakers individuals to enhance privacy awareness among users. As consequence, more publishers support TLS their websites, vendors provide anonymity tools, such as secure VPNs or Tor onions, cover need of users for privacy-preserving browsing. But is sporadic appliance tools enough privacy?

Over the past few years, microblogging social networking services have become a popular means for information sharing and communication. Besides among friends, such are currently being used by artists, politicians, news channels, providers to easily communicate with their constituency. Even though following specific channels on service enables users receive interesting in timely manner, it may raise significant privacy concerns as well. For example, is able observe all that particular user...

The recent advances of web-based cryptomining libraries along with the whopping market value cryptocoins have convinced an increasing number publishers to switch web mining as a source monetization for their websites. conditions could not be better nowadays: inevitable arms race between adblockers and advertisers is at its peak caught in crossfire. But, can next primary model post advertising era free Internet? In this paper, we respond exact question. particular, compare profitability...

Providing online content monetized via ads to users is a lucrative business. But what if the pirated or illicit, thus harming brand safety of advertiser? In this paper, we are first investigate Ad Laundering: technique with which bad actors deceive advertisers by hiding illicit within evidently lawful websites monetize generated traffic. We develop client-side detection methodology detect and analyze performing ad laundering. describe in detail techniques these use cloak content, provide...

Funding the production of quality online content is a pressing problem for producers. The most common funding method, advertising, rife with well-known performance and privacy harms, an intractable subject-agent conflict: many users do not want to see advertisements, depriving site needed funding.

Trust in SSL-based communication on the Internet is provided by Certificate Authorities (CAs) form of signed certificates. Checking validity a certificate involves three steps: (i) checking its expiration date, (ii) verifying signature, and (iii) making sure that it not revoked. Currently, Revocation checks (i.e. step above) are done either via Lists (CRLs) or Online Status Protocol (OCSP) servers. Unfortunately, both current approaches tend to incur such high overhead several browsers...

Trust in SSL-based communications is provided by Certificate Authorities (CAs) the form of signed certificates. Checking validity a certificate involves three steps: (i) checking its expiration date, (ii) verifying signature, and (iii) ensuring that it not revoked. Currently, such revocation checks are done either via Revocation Lists (CRLs) or Online Status Protocol (OCSP) servers. Unfortunately, despite existence these checks, sophisticated cyber-attackers, may trick web browsers to trust...

In this paper we describe the design and implementation of ACaZoo, a key-value store that combines strong consistency with high performance availability. ACaZoo supports popular column-oriented data model Apache Cassandra HBase. It implements strongly-consistent replication using primary-backup atomic broadcast write-ahead log, which records mutations to Log-structured Merge Tree (LSM-Tree). scales by horizontally partitioning key space via consistent primary-key hashing on available replica...

YouTube is one of the most popular social media and online video sharing platforms, users turn to it for entertainment by consuming music videos, educational or political purposes, advertising, etc. In last years, hundreds new channels have been creating videos targeting children, with themes related animation, superhero movies, comics, Unfortunately, many these found be inappropriate consumption their target audience, due disturbing, violent, sexual scenes.

Over the past decade, we have witnessed rise of misinformation on Internet, with online users constantly falling victims fake news. A multitude studies analyzed news diffusion mechanics and detection mitigation techniques. However, there are still open questions about their operational behavior such as: How old websites? Do they typically stay for long periods time? websites synchronize each other up down share similar content through Which third-parties support operations? much user traffic...