Towards a privacy-preserving web

Modern web applications are built by combining functionality from external third parties; with the caveat that the website developers trust them. However, third parties come from various sources and website developers are often unaware of their origin and their complete functionality. Thus, the presence of “trusted” third parties has lead to many security and privacy abuses on the web, with one of the most severe consequence being privacy-invasive cross-site tracking without the knowledge or consent of users.

In this thesis, I aim to tackle the cross-site tracking menace to make the web more secure and private. Specifically, I build novel privacy-enhancing systems using system instrumentation, machine learning, program analysis, and internet measurements techniques. At a high level, my research process involves: instrumenting web browsers to capture detailed execution of webpages, conducting rigorous measurements of privacy and security abuses, and using insights from the measurement studies to build machine learning based approaches that counter the privacy and security abuses.

In the first half of this thesis, I build privacy-enhancing systems that counter third party cross-site tracking by blocking both stateful tracking, commonly referred to as cookie based tracking, and stateless tracking, commonly referred to as browser fingerprinting. In the second half of this thesis, I build privacy-enhancing systems that counter retaliation by third party circumvention services that evade blocking, by either detecting and removing them or by stealthily concealing the traces of blocking. At the end of the thesis, I highlight the research contributions made by this thesis and some of the open research problems.