Title:
Building Trust In the Online Ecosystem through Empirical Evaluations of Web Security and Privacy Concerns
Building Trust In the Online Ecosystem through Empirical Evaluations of Web Security and Privacy Concerns
Author(s)
Kuchhal, Dhruv
Advisor(s)
Li, Frank
Editor(s)
Collections
Supplementary to
Permanent Link
Abstract
Security and privacy concerns for the Web can manifest in practice due to inadvertent misconfigurations, or intentionally be considered an acceptable risk to promote better usability or compatibility. Our community needs to monitor when these concerns become realistic threats that erode trust in the ecosystem, so that appropriate defenses can be adopted to mitigate the threats while minimizing the decline in usability. To take a meaningful next step towards improving the state of trust and safety for users on the Web, it is imperative to first bridge the gap between theory and practice by corroborating with evidence the extent to which such weaknesses exist on the Web today. This dissertation demonstrates how large-scale empirical studies help uncover such gaps in real-world implementations.
Trust and safety go both ways between users and online platforms. To study the security and privacy concerns for platforms, I present measurement techniques to (i) analyze the practical security provided by passwordless authentication to securely authenticate users when deployed in the real world, and (ii) evaluate the efficacy of YouTube's anti-abuse measures to protect their content from manipulation by malicious actors in terms of organically produced fake engagement. On the other hand, for users to trust online services with their data, they too expect a certain level of privacy when online. To that end, my work explores the privacy implications of (i) local network communications by popular websites, and (ii) invasive access to a user's Web activity on popular Android apps.
Through the studies presented in this dissertation, I find that measurement methods, such as the ones I present, are effective at highlighting the gaps between secure configurations that exist in theory, and real-world implementations which seldom follow best practices. Across various contexts, I learnt that the gaps exist because Web services optimize for lower user friction, without taking full cognizance of the risks involved. Ultimately, I demonstrate that for broader adoption of recommendations made by security practitioners in theory, our community needs increased operational insights of real-world systems.
Sponsor
Date Issued
2023-07-24
Extent
Resource Type
Text
Resource Subtype
Dissertation