Κωνσταντίνος Σολωμός scite author profile

Κωνσταντίνος Σολωμός

5Publications

40Citation Statements Received

129Citation Statements Given

How they've been cited

How they cite others

104

124

Affiliations

University of Illinois at Chicago, FORTH Institute of Electronic Structure and Laser, University of Patras

Publications

Order By: Most citations

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting

Karami¹,

Ilia²,

Σολωμός³

et al. 2020

View full text Add to dashboard Cite

With users becoming increasingly privacy-aware and browser vendors incorporating anti-tracking mechanisms, browser fingerprinting has garnered significant attention. Accordingly, prior work has proposed techniques for identifying browser extensions and using them as part of a device's fingerprint. While previous studies have demonstrated how extensions can be detected through their web accessible resources, there exists a significant gap regarding techniques that indirectly detect extensions through behavioral artifacts. In fact, no prior study has demonstrated that this can be done in an automated fashion. In this paper, we bridge this gap by presenting the first fully automated creation and detection of behavior-based extension fingerprints. We also introduce two novel fingerprinting techniques that monitor extensions' communication patterns, namely outgoing HTTP requests and intra-browser message exchanges. These techniques comprise the core of Carnus, a modular system for the static and dynamic analysis of extensions, which we use to create the largest set of extension fingerprints to date. We leverage our dataset of 29,428 detectable extensions to conduct a comprehensive investigation of extension fingerprinting in realistic settings and demonstrate the practicality of our attack. Our in-depth analysis confirms the robustness of our techniques, as 83.6%-87.92% of our behavior-based fingerprints remain effective against a state-of-the-art countermeasure.

show abstract

Tales of Favicons and Caches: Persistent Tracking in Modern Browsers

Σολωμός¹,

Kristoff²,

Kanich³

et al. 2021

View full text Add to dashboard Cite

Statement from the NDSS 2021 Program Committee: NDSS is devoted to ethical principles and encourages the research community to ensure its work protects the privacy, security, and safety of users and others involved. While the NDSS 2021 PC appreciated the technical contributions of this paper, it was the subject of a debate in our community regarding the responsible disclosure of vulnerabilities for the Firefox web browser. The PC examined and discussed the ethics concerns raised and the authors' response. Although no harm came to users, the authors' oversight could have made a non-vulnerable browser vulnerable to the attack proposed in the paper. The PC does not believe the authors acted in bad faith. Nevertheless, we decided to add this note as well as the authors' response (in an Appendix) to the paper because the NDSS PC takes both the ethics of responsible disclosure and fairness towards the authors seriously. It is the PC's view that researchers must not engage in disclosure practices that subject users to an appreciable risk of substantial harm. NDSS will work with other conferences to further improve the transparency of vulnerability disclosure to reduce such errors in the future.

show abstract

Clash of the Trackers: Measuring the Evolution of the Online Tracking Ecosystem

Σολωμός¹,

Ilia²,

Ioannidis³

et al. 2019

Preprint

View full text Add to dashboard Cite

Websites are constantly adapting the methods used, and intensity with which they track online visitors. However, the wide-range enforcement of GDPR since one year ago (May 2018) forced websites serving EU-based online visitors to eliminate or at least reduce such tracking activity, given they receive proper user consent. erefore, it is important to record and analyze the evolution of this tracking activity and assess the overall "privacy health" of the Web ecosystem and if it is be er a er GDPR enforcement.is work makes a significant step towards this direction. In this paper, we analyze the online ecosystem of 3rd-parties embedded in top websites which amass the majority of online tracking through 6 time snapshots taken every few months apart, in the duration of the last 2 years. We perform this analysis in three ways: 1) by looking into the network activity that 3rd-parties impose on each publisher hosting them, 2) by constructing a bipartite graph of "publisher-to-tracker", connecting 3rd parties with their publishers, 3) by constructing a "tracker-to-tracker" graph connecting 3rd-parties who are commonly found in publishers. We record significant changes through time in number of trackers, traffic induced in publishers (incoming vs. outgoing), embeddedness of trackers in publishers, popularity and mixture of trackers across publishers. We also report how such measures compare with the ranking of publishers based on Alexa. On the last level of our analysis, we dig deeper and look into the connectivity of trackers with each other and how this relates to potential cookie synchronization activity.

show abstract

Automated Measurements of Cross-Device Tracking

Σολωμός

Ilia

Ioannidis

et al. 2019

View full text Add to dashboard Cite

You Shall Not Register! Detecting Privacy Leaks Across Registration Forms

Chatzimpyrros¹,

Σολωμός

Ioannidis³

2020

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.