Researchers find Internet glitch that puts privacy at serious risk

Steven Schultz


Princeton computer scientists have discovered a trait of Internet technology that allows Web sites to cull private information about the recent browsing histories of visitors.

While there is no evidence that any Web sites use such a snooping tactic, the researchers believe the method could pose serious risks to privacy. The technique is undetectable and defeats nearly all available privacy measures, although design changes in future browsers could reduce the problem.

Edward Felten, professor of computer science, and his graduate student Michael Schneider described the technique in the proceedings of the Association for Computing Machinery Conference on Computer and Communications Security, a major conference held Nov. 1-4 in Athens.

The researchers have dubbed the technique a "timing attack." It works by exploring the contents of the visiting browser's "cache" of recent activities, a log all browsers compile to increase their speed. In a timing attack, a Web site times how long it takes a browser to respond to queries about other sites. Company, for example, could test how quickly visiting browsers are able to access information from competitor's site. A quick response indicates that the Web user has recently visited The test is very reliable, the researchers found.

Timing attacks could allow malicious Web site designers to create a more invasive form of Web "cookies," which are bits of data that Web sites store on visitors' browsers. Cookies are often used, for example, to allow a Web user to return to a password-restricted Web site without having to type in a password each time.

Felten and Schneider created a variation they call "cache cookies." Web sites could force a browser to store cache cookies without the permission required of normal cookies. (Web users have the option of instructing their browsers to reject conventional cookies.) Any number of unrelated Web sites could then access these cache cookies and use them as a tool for learning whether a Web user has recently visited other Web sites. The scheme presents troubling opportunities to aggregate large amounts of information about Web users who do nothing more than visit sites.

"These qualities make cache cookies very dangerous to the privacy of Web users," the authors assert.

While no countermeasures would completely protect people from such invasion, the authors propose a method for redesigning browsers to prevent the majority of timing attacks. The redesign would employ a device called "domain tagging." It would allow information to be retrieved from the browser's "cache" of recently visited Web addresses only if the information pertains to the exact site the Web user is currently viewing.

Even that solution, however, is imperfect and does not prevent maliciously designed sites from inserting some forms of dummy addresses into a Web browser's cache and looking them up later.

Nonetheless, the researchers believe that domain tagging could work sufficiently well to assure Web users a reasonable level of privacy. "We think we understand what the solution is and we now are working to implement it," Felten said.

Felten said he felt compelled to publish a description of the potential problem to encourage positive discussion about resolving it. "We believed (timing attacks) would be discovered by other people before long and they would be used," he said. "You need to talk about a problem before it can be solved."

See related story

December 11, 2000
Vol. 90, No. 12
previous   archives   next


Page 1
Humane hacker
Researchers find Internet glitch that puts privacy at serious risk
Class project brings community history to life

Page 2
Bowen honored for groundbreaking book
United Way campaign update
Spotlight / Obituary

Page 3
Joint studio with Asian universities inspires students

Page 4-5
Calendar of events

Page 7
University lends support to new public library
Discussions under way with Oxford

Page 8
Nassau notes
Health plans cover breast reconstruction
ERISA information provided

The Bulletin is published weekly during the academic year, except during University breaks and exam weeks, by the Office of Communications, Princeton University, Princeton, NJ 08544. Permission is given to adapt, reprint or excerpt material from the Bulletin for use in other media.

Deadline. In general, the copy deadline for each issue is the Friday 10 days in advance of the Monday cover date. The deadline for the Bulletin that covers Jan. 8-28 is Friday, Dec. 29. A complete publication schedule is available at deadlines or by calling (609) 258-3601.

Subscriptions. The Bulletin is distributed free to faculty, staff and students. Others may subscribe to the Bulletin for $24 for the academic year (half price for current Princeton parents and people over 65). Send a check to Office of Communications, Stanhope Hall, Princeton University, Princeton, NJ 08544.

Editor: Ruth Stevens
Staff writer: Yvonne Chiu Hays
Calendar editor: Carolyn Geller
Contributing writers: Karin Dienst, Marilyn Marks, Steven Schultz
Photographer: Denise Applewhite
Design: Mahlon Lovett,
Laurel Masten Cantor
Web edition: Mahlon Lovett