Explore the privacy implications of browser extensions in this 23-minute conference talk. Uncover potential information leakage risks associated with third-party code execution in users' browsers. Learn about the Mystique approach to taint tracking, including challenges and solutions like V8, Data Flow Graph (DFG), and control-flow dependencies. Examine real-world examples, estimate true positive rates, and understand the impact on affected users. Gain insights into popular extensions like SimilarWeb and Web of Trust. Discover the limitations of the research and the open-source availability of Mystique for further investigation.
Mystique - Uncovering Information Leakage from Browser Extensions
Association for Computing Machinery (ACM) via YouTube
Overview
Syllabus
Intro
Browser Extensions
Motivating Example
Privacy Implications
Goals
Overview
Approach
Taint Tracking: Challenges
Addressing the Challenges: V8
Data Flow Graph (DFG)
Control-Flow Dependencies
Implicit Data Flows
Completing the Example
Taint Propagation Points
Estimating True Positive Rates
Number of Affected Users
The SimilarWeb Library
Web of Trust
Limitations
Open-sourcing Mystique
Conclusion
Taught by
Association for Computing Machinery (ACM)
