Building Empirically-Driven Solutions for Enhancing the Security and Privacy of Popular Internet Services

Files
XIE-DISSERTATION-2025.pdf (1.63 MB)
Author(s)
Xie, Qinge
Advisor(s)
Editor(s)
Associated Organization(s)
Organizational Unit
Organizational Unit
Series
Series
Collections
Theses and Dissertations
Supplementary to:
Permanent Link
https://hdl.handle.net/1853/77926
Abstract
The Internet has become an integral part of everyday life, enabling communication, commerce, and access to information. However, as Internet users increasingly depend on online services, they are also exposed to growing risks associated with security breaches, abuse of personal information, and violations of privacy. Many popular Internet services, despite their importance, remain vulnerable to abuse and lack thorough auditing, thus posing undesirable security and privacy risks. These risks affect users by exposing their personal information and online activities, while also making it difficult for researchers to analyze or build on these services in the security, privacy, and measurement research. To contribute to the advancement of a more secure and privacy-respecting Internet, this dissertation focuses on studying three popular Internet services: Internet domain top lists, browser extensions, and web privacy policies. My work uses real-world measurements to empirically inform the design of practical and effective solutions for enhancing the security and privacy of these services. In Chapter 3, I identify several undesirable properties in widely used domain lists and build a secure and reliable alternative from scratch. In Chapter 4, I explore the privacy risks of the browser extension ecosystem by designing a dynamic taint-tracking system for Chrome extensions, enabling fine-grained analysis of how user data flows from web pages and is potentially exfiltrated. In Chapter 5, I address the growing need to evaluate web privacy policies under modern privacy regulations by developing an LLM-based framework. My LLM-based framework demonstrates improved accuracy, coverage, and adaptability compared to prior approaches. Through the studies presented in this dissertation, I find that popular online services continue to exhibit undesirable security and privacy issues, and I empirically demonstrate that my proposed solutions can effectively enhance their security and privacy. This work also highlights the need for increased auditing and the development of effective approaches to address the risks these services pose to online users.
Sponsor
Date
2025-04-29
Extent
Resource Type
Text
Resource Subtype
Dissertation
Rights Statement
Rights URI