W2SP 2012

Joseph Bonneau and Rubin Xu (University of Cambridge)

Character Encoding Issues of Web Passwords

Harry Halpin (W3C)

Web Authentication: The next step in the evolving identity eco-system?

Michael Hackett and Kirstie Hawkey (Dalhousie University)

Security, Privacy and Usability Requirements for Federated Identity

Jenna Kallaher, Amal Krishnan, Paul Makowski, Eric Yawei Chen, and Collin Jackson (Carnegie Mellon University)

Cruel Intentions: A Security Analysis of Web Intents (Short Paper)

Kapil Singh (IBM T.J. Watson Research Center)

Can Mobile learn from the Web? (Short Paper)

Markus Jakobsson (PayPal Inc)

The Case for Replacing Passwords with Biometrics (Short Paper)

Concerns over Web privacy increasingly draw media coverage and regulatory interest -- trends that will only increase as we share more sensitive information online. One notable example is that of Web tracking: collection of information on a user's browsing activity by the numerous parties that use it for personalization, ad targeting or other purposes. This widespread practice has inspired calls from advocates, browser vendors and regulators for a simple Do Not Track mechanism. The World Wide Web Consortium's Tracking Protection Working Group has been chartered to improve user privacy by defining mechanisms for expressing user preferences around this kind of prevalent Web tracking. For the past nine months, the group has sought to standardize both the technology (e.g., the bits on the wire) and the meaning (i.e. how to comply with the user's preference) of Do Not Track. Currently dozens of engineers, lawyers and academics are working to define an international standard that will represent the consensus of advocates, regulators and industry towards such a consumer choice mechanism. This talk will give an update on the status of the W3C Working Group's process, the proposed technical architecture and the surrounding political context. The work on Do Not Track exemplifies larger trends in the handling of Web privacy issues: signaling policy through technology and using multistakeholder processes to develop privacy codes of conduct for the Web. What lessons can we learn from this privacy debate to apply to the next Web privacy issue?

Speaker: Nick Doty works for the World Wide Web Consortium (W3C) managing the Tracking Protection Working Group and Privacy Interest Group. Nick is a PhD student at the University of California at Berkeley School of Information, working with lawyers, technologists and social-scientists on Internet privacy research. In particular, his focus is on privacy-by-design: how engineers and the technical design process affect privacy outcomes.

Keaton Mowery and Hovav Shacham (UC San Diego)

Pixel Perfect: Fingerprinting Canvas in HTML5

Rebecca Balebako, Pedro Leon, Richard Shay, Blase Ur, and Lorrie Faith Cranor (Carnegie Mellon University)

Measuring the Effectiveness of Privacy Tools for Limiting Behavioral Advertising

Emin Topalovic and Brennan Saeta (Stanford University), Lin-Shung Huang and Collin Jackson (Carnegie Mellon University), and Dan Boneh (Stanford University)

Towards Short-Lived Certificates

Sebastian Lekies and Martin Johns (SAP Research Karlsruhe)

Lightweight Integrity Protection for Web Storage-driven Content Caching

Eric Yawei Chen, Sergey Gorbaty, Astha Singhal, and Collin Jackson (Carnegie Mellon University)

Self-Exfiltration: The Dangers of Browser-Enforced Information Flow Control