@article{jueckstock_snyder_sarker_kapravelos_livshits_2022, title={Measuring the Privacy vs. Compatibility Trade-off in Preventing Third-Party Stateful Tracking}, DOI={10.1145/3485447.3512231}, abstractNote={Despite active privacy research on sophisticated web tracking techniques (e.g., fingerprinting, cache collusion, bounce tracking, CNAME cloaking), most tracking on the web is basic “stateful” tracking enabled by classical browser storage policies sharing per-site storage across all HTTP contexts. Alternative, privacy-preserving storage policies, especially for third-party contexts, have been proposed and even deployed, but these can break websites that presume traditional, non-partitioned storage. Such breakage discourages privacy-preserving experimentation, cementing the dismal status quo. Our work measures the privacy vs. compatibility trade-offs of representative third-party storage policies to enable design of browsers that are both compatible and privacy respecting. Our contributions include web-scale measurements of page behaviors under multiple third-party storage policies inspired by production browsers. We define metrics for measuring aggregate effects on web privacy and compatibility, including a novel system for quantitatively estimating aggregate website breakage under different policies. We find that making third-party storage partitioned by first-party, and lifetimes by site-session achieves the best privacy and compatibility trade-off. We provide complete measurement datasets and storage policy implementations.}, journal={PROCEEDINGS OF THE ACM WEB CONFERENCE 2022 (WWW'22)}, author={Jueckstock, Jordan and Snyder, Peter and Sarker, Shaown and Kapravelos, Alexandros and Livshits, Benjamin}, year={2022}, pages={710–720} }
 @article{zhang_oest_cho_sun_johnson_wardman_sarker_kapravelos_bao_wang_et al._2021, title={CrawlPhish: Large-Scale Analysis of Client-Side Cloaking Techniques in Phishing}, ISSN={["1558-4046"]}, DOI={10.1109/MSEC.2021.3129992}, abstractNote={Phishing websites with advanced evasion techniques are a critical threat to Internet users because they delay detection by current antiphishing systems. We present CrawlPhish, a framework for automatically detecting and categorizing the client-side (e.g., JavaScript) evasion used by phishing websites.}, journal={IEEE SECURITY & PRIVACY}, author={Zhang, Penghui and Oest, Adam and Cho, Haehyun and Sun, Zhibo and Johnson, R. C. and Wardman, Brad and Sarker, Shaown and Kapravelos, Alexandros and Bao, Tiffany and Wang, Ruoyu and et al.}, year={2021}, month={Dec} }
 @article{jueckstock_sarker_snyder_beggs_papadopoulos_varvello_livshits_kapravelos_2021, title={Towards Realistic and Reproducible Web Crawl Measurements}, DOI={10.1145/3442381.3450050}, abstractNote={Accurate web measurement is critical for understanding and improving security and privacy online. Such measurements implicitly assume that automated crawls generalize to typical web user experience. But anecdotal evidence suggests the web behaves differently when seen via well-known measurement endpoints or measurement automation frameworks, for various reasons. Our work improves the state of web privacy and security by investigating how key measurements differ when using naive crawling tool defaults vs. careful attempts to match “real” users across the Tranco top 25k web domains. We find web privacy and security measurements significantly affected by vantage point and browser configuration. We conclude that unless researchers ensure their web measurement tools match real world user experience, the research community is likely missing important signals systematically. For example, we find browser configuration alone causing shifts in 19% of known ad and tracking domains encountered and altering the loading frequency of up to 10% of distinct JavaScript code units executed. We find network vantage point having similar, though less dramatic, effects on the same web metrics. To ensure reproducibility, we carefully document our methodology and publish both our code and collected data.}, journal={PROCEEDINGS OF THE WORLD WIDE WEB CONFERENCE 2021 (WWW 2021)}, author={Jueckstock, Jordan and Sarker, Shaown and Snyder, Peter and Beggs, Aidan and Papadopoulos, Panagiotis and Varvello, Matteo and Livshits, Benjamin and Kapravelos, Alexandros}, year={2021}, pages={80–91} }