ANALYSIS OF POTENTIAL PERSONAL DATA LEAKS IN WEB BROWSERS
DOI:
https://doi.org/10.28925/2663-4023.2024.23.199212Keywords:
network traffic analysis; web browser network traffic; personal data collection; web browser; personal data leaks in web browsers.Abstract
The distribution of the vast majority of web browsers is actively encouraged by their free use. This is a common practice of web browser developers, as it provides them with great opportunities for their distribution. The flip side of this process is the collection of personal data by web browser developers that the user does not control. The collected data is automatically transferred to leading IT companies such as Google, Microsoft, and Cloudflare, which collect, accumulate, process, and monetize the users’ data in an automated manner. This leads to the fact that any web browser user is profiled in the services of leading IT companies, which receive complete information about the user's actions on the Internet. This state of affairs contradicts Article 32 of the Constitution of Ukraine, which guarantees the right to privacy and the basic provisions of the Law of Ukraine "On Personal Data Protection". The study involved long-term recording and subsequent analysis of the network traffic of Ukraine's most popular web browsers: Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera. The peculiarity of the study was to obtain network traffic initiated by web browsers that have been active for a long time. To increase the reliability, the data on network connections of web browsers were obtained using two independent software tools for monitoring traffic on the network interface of a communication device. The analysis of network connections of web browsers made it possible to establish close ties between companies developing free web browsers and leading IT companies that monopolistically control the actions of users in the Internet space. This state of affairs contradicts the legal norms on ensuring the privacy of web browser users in the context of using their data without their knowledge and consent. This can be prevented using network screens operating at Layers 3, 4, and 7 of the TCP/IP stack OSI model.
Downloads
References
Halle, M., Demeusy, V., & Kikinis, R. (2017). The open anatomy browser: a collaborative web-based viewer for interoperable anatomy atlases. Frontiers in neuroinformatics, 11. https://doi.org/10.3389/fninf.2017.00022
Nomoto, K., et al. (2023). Understanding the Inconsistencies in the Permissions Mechanism of Web Browsers. Journal of Information Processing, 31, 620–642. https://doi.org/10.2197/ipsjjip.31.620
Pau, K., et al. (2023). The Development of a Data Collection and Browser Fingerprinting System. Sensors, 23, 3087. https://doi.org/10.3390/s23063087
Overview. Safe Browsing APIs (v4). (n.d.). Google for Developers. https://developers.google.com/safe-browsing/v4
Cai, H., et al. (2023). Toward Correlated Data Trading for Private Web Browsing History. IEEE Internet of Things Journal, 10(7), 5859–5872. https://doi.org/10.1109/JIOT.2023.3237707
Autoupdating. Apps. Chrome for Developers. (n.d.). Chrome for Developers. https://developer.chrome.com/apps/autoupdate
Google Chrome Privacy Whitepaper. (n.d.). Google. https://www.google.com/chrome/privacy/whitepaper.html
Firefox Telemetry API. (n.d.). https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/
Normandy — Normandy 0.1.0 documentation. (n.d.). https://mozilla.github.io/normandy/
Leith, D. (2021). Web Browser Privacy: What Do Browsers Say When They Phone Home? IEEE Access, 9, 41615–41627. https://doi.org/10.1109/access.2021.3065243
Bareh, C. (2022). Privacy Evaluation of Popular Web Browsers from Information Seekers’ Point of View.
Majeti, G., et al. (2023). Digital Forensic Advanced Evidence Collection and Analysis of Web Browser Activity. ICST Transactions on Scalable Information Systems, 10(5), 1–8. https://doi.org/10.4108/eetsis.3357
Golle, P., & Partridge, K. (2019). On the anonymity of home/work location pairs. Pervasive Computing: 7th International Conference, 390–397. https://doi.org/10.1007/978-3-642-01516-8_26
Caragiannis, I., & Tsitsoka, E. (2019). Deanonymizing Social Networks Using Structural Information. Twenty-Eighth Int. Joint Conf. on Artificial Intell. 19, 1213–1219. https://doi.org/10.24963/ijcai.2019/169
Shivangi, M., Lataben, G., & Harshil, J. (2023). Anomaly Detection to Prevent Sensitive Data Exposure Using GMM Clustering Model. Proceedings of World Conference on Artificial Intelligence: Advances and Applications. https://doi.org/10.1007/978-981-99-5881-8_35
Rautenstrauch, J., Pellegrino, G., & Stock, B. (2023). The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web. IEEE Symposium on Security and Privacy (SP), 2744–2760. https://doi.org/10.1109/SP46215.2023.10179311
TCPView for Windows - Sysinternals. (n.d.). Microsoft Learn: Build skills that open doors in your career. https://learn.microsoft.com/en-us/sysinternals/downloads/tcpview
Wireshark Download. (n.d.). Wireshark. https://www.wireshark.org/download.html
Ponomarenko, D. (2023). Staly vidomi naipopuliarnishi brauzery u sviti ta Ukraini u 2023 rotsi. Novyny Ukrainy - ostanni novyny Ukrainy sohodni - UNIAN. https://www.unian.ua/techno/nazvano-naypopulyarnishi-brauzeri-u-sviti-ta-ukrajini-v-2023-roci-12201777.html
Zadereiko, O., Lohinova, N., & Troianskyi, O. (2023) Analiz potentsiinykh vytokiv dannykh v prystroiakh komunikatsii. Kiberprostir v umovakh viiny ta hlobalnykh vyklykiv KhKhI stolittia: teoriia ta praktyka, 105–108.
Zadereyko, О., et al. (2022). Research of potential data leaks in information and communication systems. Radioelectronic and Computer Systems, (4), 64–84. https://doi.org/10.32620/reks.2022.4.05
What is Googleusercontent Com. (2023). Tips and Advices For technology. https://tips.msry.org/technology/what-is-googleusercontent-com/
Googleusercontent.com can trip you up, if you disable third-party cookies. (2012). Get more done, with Kerika. https://blog.kerika.com/googleusercontent-com-can-trip-you-up-if-you-disable-third-party-cookies/
Zadereiko, O., et al. (2022). Zakhyst danykh korystuvachiv v informatsiinykh systemakh. Suchasna spetsialna tekhnika, 1(68), 23–33. https://doi.org/10.36486/mst2411–3816.2022.1(68).
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Олександр Задерейко, Олена Трофименко, Наталія Логінова, Юлія Лобода, Юлія Прокоп
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
