Web Tracking and Privacy

Mobile devices such as smartphones account for more than half of the web traffic worldwide. Since mobile devices are more personal and ubiquitous, the information users share, search and produce on them are more sensitive compared to desktop computers. Early research shows that mobile websites use advanced tracking techniques such as browser fingerprinting, and collect and share smartphone sensor data with third parties. Moreover, countermeasures available on desktop browsers such as browser add-ons are not commonly supported by mobile browsers. With this project, we plan to fill this research gap by developing an advanced JavaScript analysis tool (Mobile Web Inspector) that can produce a complete trace of JavaScript execution with the associated context and metadata (e.g. line and column numbers, script addresses). This functionality makes it easier to conduct forensic analysis and advanced tracking techniques specific to mobile websites. The tool will be able to record HTTP requests and responses (along with all headers, metadata (e.g. timing) and stack trace), cookie operations, DOM operations such as node addition, removal, reordering, attribute. We aim to reduce the obstacles that privacy and security researchers experience while making large-scale web measurements that involve user simulation, analysis of tracking and information leakage. This study also will help understand deployed tracking techniques, design tracking countermeasures, inform policymakers and help raise public awareness. The use of the Mobile Web Inspector will not be limited to web privacy measurements: we aim for an extensible and modular tool that enables researchers to work on mobile web security, cross-device tracking, information flow analysis, and website fingerprinting.