Beyond Third-Party Cookies: Safeguarding User Data from Storage and Exfiltration with CookieGraph and PURL

4 Dec

Shaoor Munir, PhD Student at the University of California, Davis, USA

External Presentation (External Speaker)

The online tracking ecosystem has grown increasingly sophisticated in response to anti-tracking browser countermeasures and emerging privacy regulations. The central thesis of my research is that regardless of the tracking technique employed, it inevitably involves at least one of two core actions: (1) storing user information within the browser or (2) exfiltrating user data to a remote server.

In this talk, I will discuss my research addressing these critical aspects. First, I’ll introduce CookieGraph, a system designed to detect and combat the misuse of first-party cookies for data storage by trackers. This work highlights the widespread abuse of first-party cookies and provides effective detection and mitigation.

Next, I’ll present PURL, a system engineered to identify the exfiltration of tracking information within URLs. PURL analyses URL structure to uncover and prevent attempts to siphon user information using link decorations.

To conclude, I will highlight the need and the work done to integrate CookieGraph and PURL into browsers or browser extensions, making them accessible tools for mitigating online tracking. These solutions are essential in safeguarding user privacy within the dynamic landscape of online tracking.

About Shaoor Munir

Shaoor Munir is a third-year Ph.D. student at the University of California, Davis, working under the guidance of Professor Zubair Shafiq. His research centers on privacy-enhancing technologies and policies, with a specific emphasis on understanding and mitigating data collection methods used by advertisers and trackers. Shaoor aims to develop robust solutions that enhance user privacy and restore control over their data in the evolving digital landscape. Shaoor’s vision is to create a secure, transparent, and accessible Internet ecosystem where user autonomy over personal data is not merely a possibility but a fundamental right.

This event will be conducted in English

  • Location: MR-A1 [Ramón] & MR-A2 [Cajal], IMDEA Networks Institute, Avda. del Mar Mediterráneo 22, 28918 Leganés – Madrid
  • Organization: IMDEA Networks Institute; NETCOM Research Group (Telematics Engineering Department, UC3M)
  • Time: 13:00
  • Add to Calendar: iCalendar Outlook Google