@zeitonline berichtet über die Details des ursprünglichen Plans Handy-Verkehrsdaten zur Corona-Eindämmung zu benutzen. Ich hab darüber mit @mlaaff gesprochen. Zusammenfassung in Twitter-Länge: "Die technischen Möglichkeiten werden überschätzt" zeit.de/digital/datenschutz/20

Working on human-centered security and privacy problems? Consider submitting your latest work or work in progress to the 5th European Workshop on Usable Security co-located with @IEEEEUROSP

Submission deadline March 16, 2020.
CFP: eusec20.cs.uchicago.edu

3. The last thing I want to highlight: we attempted to replicate previous work in the area to see whether our approach leads to different results. Here is a breakdown in a table, see the paper for details:

Show thread

2. Third party scripts often contact additional services. 40% request data from other companies. More importantly: In 62% of the cases, these "fourth parties" fluctuate.
That's bad news if you own a website and want to know upfront what gets send to your visitors in your name.

Show thread

1. Like the title says: when scanning websites for scripts or cookies, always look beyond the front page. We found that visiting 100 subsites is useful if you want to get a good idea of the third parties a webpage is using.

Show thread

Our upcoming paper is now available: arxiv.org/pdf/2001.10248.pdf
We measured in the depth of websites and focused on the fluctuations.
Our work has implications for website owners and future research. Here are some takeaways:

Goal for 2020: use mastodon more than twitter.
Unfortunately, it seems the academic twitterverse is not here, yet.


chaos.social – a Fediverse instance for & by the Chaos community