Privacy leakage on the Web: Diffusion and countermeasures

Protecting privacy on the Web is becoming increasingly complicated because of the considerable amount of personal and sensitive information left by users in many locations during their Web browsing and the silent actions of third party sites that collect data, aggregate information and build personal profiles of Internet users in order to provide free and personalized services. On the other hand, most of people are unaware that their information may be collected online, and that, after their aggregation from multiple sources, could be used for secondary purposes, such as linked to allow identification, without user's notice. We present, in this paper, an empirical data study in order to describe how users' privacy can be undermined because of a variety of potential privacy threats on the Web, mainly perpetrated by third party entities against unaware users, and to quantify the penetration of these third party domain servers into their online activities. Moreover, we discuss our methods and findings to protect the individuals against invasions of their privacy and to limit the diffusion of personal and sensitive information during Web browsing. Specifically, we present a supportive, comprehensive and improved approach for privacy protection to allow users to be aware of the risks of their navigation and to give them full control on feasible actions to address the risk of several privacy threats. We envisioned a comprehensive approach to face privacy leakage by adding to the traditional URL-based filtering mechanism a new filtering method which allows to address privacy threats unprecedentedly not dealt with. Our approach is validated by a Firefox extension, named NoTrace, that brings together several existing techniques in this field but also implements new improved techniques that ensure better privacy protection. We used NoTrace to broadly analyze the Web in order to inspect the potential threats contained in the most popular Web sites and inform online users about both their risk and extent. This data set was also used to test the efficiency of NoTrace for effectiveness and performances which allows us to mark a definite improvement on privacy protection for users while navigating the Web. (C) 2013 Elsevier B.V. All rights reserved.