Privacy Pass: Bypassing Internet Challenges Anonymously

Davidson, Alex; Goldberg, Ian; Sullivan, Nick; Tankersley, George; Valsorda, Filippo

doi:10.1515/popets-2018-0026

Cited by 70 publications

(34 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Public Key Linkability ODoH targets may give each client a unique HPKE key for query encryption in an attempt to deanonymize them. This is a common problem with protocols of this form, including Privacy Pass [26]. Multiple mitigations exist against this type of attack.…”

Section: Denial-of-servicementioning

confidence: 99%

Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS

Singanamalla¹,

Chunhapanya²,

Hoyland³

et al. 2021

Proceedings on Privacy Enhancing Technologies

Self Cite

View full text Add to dashboard Cite

The Internet’s Domain Name System (DNS) responds to client hostname queries with corresponding IP addresses and records. Traditional DNS is unencrypted and leaks user information to on-lookers. Recent efforts to secure DNS using DNS over TLS (DoT) and DNS over HTTPS (DoH) have been gaining traction, ostensibly protecting DNS messages from third parties. However, the small number of available public large-scale DoT and DoH resolvers has reinforced DNS privacy concerns, specifically that DNS operators could use query contents and client IP addresses to link activities with identities. Oblivious DNS over HTTPS (ODoH) safeguards against these problems. In this paper we implement and deploy interoperable instantiations of the protocol, construct a corresponding formal model and analysis, and evaluate the protocols’ performance with wide-scale measurements. Results suggest that ODoH is a practical privacy-enhancing replacement for DNS.

show abstract

Section: Denial-of-servicementioning

confidence: 99%

Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS

Singanamalla¹,

Chunhapanya²,

Hoyland³

et al. 2021

Proceedings on Privacy Enhancing Technologies

Self Cite

View full text Add to dashboard Cite

show abstract

“…Many web applications do not properly protect sensitive data, such as credit cards, tax IDs, and authentication credentials. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes [30]. They believe sensitive data deserves extra protection such as encryption at rest or in transit, as well as special precautions when exchanged with the browser.…”

Section: Related Workmentioning

confidence: 99%

An Integrated Vulnerability Assessment of Electronic Commerce Websites

Baako¹,

Umar²

2020

IJIEEB

View full text Add to dashboard Cite

This paper examines the security issues on electronic commerce websites in Ghana using technical and nontechnical procedures. The study assessed e-commerce websites for the security tools employed to protect user data and other related privacy issues on the websites. It also analyzed e-commerce websites for encryption security tools that protect customer data and test e-commerce websites for the presence of security vulnerabilities that could threaten the security of the sites and their users using w3af. The study used a combination of three methods; web content analysis, information security audit and testing of the websites using w3af, a vulnerability assessment tool. Web application attack and audit framework (w3af) was used to test and identify possible vulnerabilities on the e-commerce websites that could be used by malicious users to steal customer data for fraudulent intent. The research focused to reveal the security vulnerabilities present on e-commerce websites that could affect the trust of clients, the satisfaction of clients, and patronage of e-commerce services by customers. The study found credit card number disclosures, full path disclosures vulnerabilities, cross-site request forgery vulnerabilities and social security number exposures of clients on the e-commerce websites. These security weaknesses in these e-commerce websites have been highlighted as findings in the study that would inform policy direction on electronic data collection, protection and use in the e-commerce industry in Ghana. The findings will also inform industry players in the e-commerce sector on the need to strengthen security on their websites and caution customers to be security conscious on all e-commerce websites. The major significance of the study is the fact that majority of the electronic commerce websites have a lot of vulnerabilities making them unsecure for customers to trust their private data into their care. This study as such informs the customer society and the electronic commerce industry of these security weaknesses and the urgent need to get them fixed. Some solutions have been suggested in the paper to assist in fixing these security vulnerabilities. These solutions have provided the best results. A diligent application of these methods in addressing the vulnerabilities would provide a more secure and less vulnerable e-commerce websites for users. The precautions suggested could assist protect customers and reduce cyber threats during online shopping.

show abstract

“…Thus, multiple notifications are a signal to users that the system may be generating false positive reports. Some participants may indeed see the incident notifications frequently due to false positives -e.g., caused by use of privacy enhancing technologies (VPN, private browsing) [39] or frequent travel or multiple device use, for example, VN12 explains, "Because I have like two accounts. I have never encountered such problem with one account, but with the other account, I always encounter that problem.…”

Section: B Mental Model Generationmentioning

confidence: 99%

"Should I Worry?" A Cross-Cultural Examination of Account Security Incident Response

Redmiles

2019

2019 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Digital security technology is able to identify and prevent many threats to users accounts. However, some threats remain that, to provide reliable security, require human intervention: e.g., through users paying attention to warning messages or completing secondary authentication procedures. While prior work has broadly explored people's mental models of digital security threats, we know little about users' precise, in-themoment response process to in-the-wild threats. In this work, we conduct a series of qualitative interviews (n=67) with users who had recently experienced suspicious login incidents on their real Facebook accounts in order to explore this process of account security incident response. We find a common process across participants from five countries -with differing online and offline cultures -allowing us to identify areas for future technical development to best support user security. We provide additional insights on the unique nature of incident-response information seeking, known attacker threat models, and lessons learned from a large, cross-cultural qualitative study of digital security.

show abstract

Privacy Pass: Bypassing Internet Challenges Anonymously

Cited by 70 publications

References 20 publications

Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS

Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS

An Integrated Vulnerability Assessment of Electronic Commerce Websites

"Should I Worry?" A Cross-Cultural Examination of Account Security Incident Response

Contact Info

Product

Resources

About