| 1. |
- Bruhner, Carl Magnus, 1988-, et al.
(författare)
-
Bridging the Privacy Gap: Enhanced User Consent Mechanisms on the Web
- 2023
-
Ingår i: Proc. NDSS Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb @NDSS). - Reston, VA : Internet Society. - 1891562878
-
Konferensbidrag (refereegranskat)abstract
- In the age of the General Data Protection Regula-tion (GDPR) and the California Consumer Privacy Act (CCPA),privacy and consent control have become even more apparent forevery-day web users. Privacy banners in all shapes and sizes askfor permission through more or less challenging designs and makeprivacy control more of a struggle than they help users’ privacy.In this paper, we present a novel solution expanding the AdvancedData Protection Control (ADPC) mechanism to bridge currentgaps in user data and privacy control. Our solution moves theconsent control to the browser interface to give users a seamlessand hassle-free experience, while at the same time offering contentproviders a way to be legally compliant with legislation. Throughan extensive review, we evaluate previous works and identifycurrent gaps in user data control. We then present a blueprintfor future implementation and suggest features to support privacycontrol online for users globally. Given browser support, thesolution provides a tangible path to effectively achieve legallycompliant privacy and consent control in a user-oriented mannerthat could allow them to again browse the web seamlessly.
|
|
| 2. |
- Bruhner, Carl Magnus, 1988-, et al.
(författare)
-
Changing of the Guards: Certificate and Public Key Management on the Internet
- 2022
-
Ingår i: Passive and active measurement (PAM 2022). - Cham : Springer International Publishing. - 9783030987855 - 9783030987848 ; , s. 50-80
-
Konferensbidrag (refereegranskat)abstract
- Certificates are the foundation of secure communication over the internet. However, not all certificates are created and managed in a consistent manner and the certificate authorities (CAs) issuing certificates achieve different levels of trust. Furthermore, user trust in public keys, certificates, and CAs can quickly change. Combined with the expectation of 24/7 encrypted access to websites, this quickly evolving landscape has made careful certificate management both an important and challenging problem. In this paper, we first present a novel server-side characterization of the certificate replacement (CR) relationships in the wild, including the reuse of public keys. Our data-driven CR analysis captures management biases, highlights a lack of industry standards for replacement policies, and features successful example cases and trends. Based on the characterization results we then propose an efficient solution to an important revocation problem that currently leaves web users vulnerable long after a certificate has been revoked.
|
|
