Thursday, August 25, 2016

Crowdsurf: Empowering Informed Choices in the Web

Presenter: Hassan Metalle

Authors: Stefano Traverso, Marco Mellia, Stanislav Miskovic, and Mario Baldi


Users are often unaware of their sensitive information being sent to a third party when browsing the web. Hence, this paper proposes a system called Crowdsurf, which allows users and companies to re-gain control on the information they exchange with web services. 

On the cloud side, CrowdSurf consists of a controller which collect traffic samples about the service users visit. It then processed user's contributed data with data analyzer to infer which flows are harmful. On the client side, CrownSurf implements a firefox plugin, which uses rules in the form of regular expressions to determine if certain flows should be blocked, redirected, allowed, modified, or simply logged. 

CrowdSurf is evaluated on a live trace from an Internet Service Provider and shown to perform reliably with little overhead on page loading time. 

Q: How do you deal with false positives?
A: We have false positives, and manually resolved them. 

Q: What looks like tracker may be required for site operation? Do you have a way to make exception?
A: Yes, users have options to opt-out our service. For example, google uses tracker to offer service, so user can choose to allow trackers from google.