Matthew Fredrikson and Ben Livshits
23 May 2011
In this paper, we present RePriv, a system for managing and controlling the release of private information from the browser. We demonstrate how always-on user interest mining can effectively infer user interests in a real browser. We go on to discuss an extension framework that allows third-party code to extract and disseminate more detailed information, as well as language-based techniques for verifying the absence of privacy leaks in this untrusted code. To demonstrate the effectiveness of our model, we present RePriv extensions that perform personalization for Netflix, Twitter, Bing, and GetGlue.
We evaluated several aspects of RePriv in realistic scenarios. We show that RePriv's default in-browser mining can be done with no noticeable overhead to normal browsing, and that the results it produces converge quickly. We then go on to show similar results for each of our case studies: that RePriv enables high-quality personalization, as shown by cases studies in news and search result personalization we evaluated on thousands of instances, and that the performance impact each case has on the browser is minimal. We conclude that personalized content and individual privacy on the web are not mutually exclusive.
|Published in||Proceedings of the IEEE Symposium on Security and Privacy|
|Publisher||IEEE Computer Society|
Arjun Guha, Matthew Fredrikson, Benjamin Livshits, and Nikhil Swamy. Verified Security for Browser Extensions, IEEE, 22 May 2011.
Matthew Fredrikson and Ben Livshits. RePriv: Re-Envisioning In-Browser Privacy, 27 August 2010.
Nikhil Swamy, Benjamin Livshits, Arjun Guha, and Matthew Fredrikson. Verified Security for Browser Extensions, 19 November 2010.