Battles in Online Tracking: New Security Threats and Countermeasures

Speaker:        Wei Meng
                School of Computer Science
                Georgia Institute of Technology

Title:          "Battles in Online Tracking: New Security Threats and
                 Countermeasures"

Date:           Monday, 13 March 2017

Time:           4:00pm - 5:00pm

Venue:          Lecture Theatre F (near lifts 25/26), HKUST

Abstract:

Embedding content from third parties to provide a personalized, rich and
dynamic online experience is a common practice in the development of
modern web applications. Such practice, however, can put end users at
risk. When we browse a website, data about us is collected and used by the
website we directly visit and by many we do not. Collected data usually is
used to provide us with better services. For example, by building a user
profile based on the collected data, a service provider can tailor content
to be more relevant to a particular user. On the other hand, our data may
be collected and used in ways that are out of our control and without our
consent.

In this talk I will first describe a new threat that pollutes the
collected user data to influence what we see. This new threat can trick a
trusted website to deliver content of an attacker's choice by exploiting
the design defects in online tracking and personalization. For example,
adversaries can promote a search result on Google, a video on YouTube, or
a product on Amazon. Malicious publishers can leverage similar exploits to
commit ad fraud. I will then present TrackMeOrNot, a system that provides
end users with better control of how they are tracked online. TrackMeOrNot
aims to preserve a good online experience while protecting a user's
privacy. It uses an anonymous browsing profile to intelligently and
automatically hide a user's sensitive browsing activity from online
trackers. Finally, I will also discuss other emerging threats in online
tracking and close by describing future work I plan to do toward solving
security and privacy challenges posed to end users by existing and
emerging technologies.


*******************
Biography:

Wei Meng is a Ph.D. candidate in the School of Computer Science at Georgia
Institute of Technology, advised by Prof. Wenke Lee. Meng studies web
security and privacy. He is particularly interested in building systems to
protect end users. His research shows how online tracking and
personalization can be abused to compromise the integrity and privacy of
personal data. Meng was one of the top-10 finalists in the applied
research competition of New York University's Cyber Security Awareness
Week '16 for his recent work about online tracking. He received his
Bachelor of Engineering in Computer Science from Tsinghua University in
2012.