Anmerkungen:
Diese Datenquelle enthält auch Bestandsnachweise, die nicht zu einem Volltext führen.
Beschreibung:
In this dissertation, we investigate selected privacy threats in the mobile web and present means to mitigate them. The mobile web does not mitigate preexisting privacy threats of the web. We therefore initially analyze the security of domain validation processes performed by Certificate Authorities (CAs). Vulnerabilities in this process can be used to obtain an illegitimate certificate suitable for attacking HTTPS connections. We present a methodology to probe CAs for weaknesses without jeopardizing productive systems and apply it to a large portion of commercial CAs. We show that it is possible for a network-level attacker to obtain such certificates despite availability of technical measures suited to prevent this. We provide suggestions for both CAs and domain owners to mitigate such attacks. A secure connection alone is not sufficient to guarantee privacy as transmitted data can be processed arbitrarily by the remote server. We discuss this privacy threat for online social networks (OSNs) which caused privacy debates due to accumulation of large amounts of private information at profit-oriented companies. A survey of decentralized OSN systems which aim to mitigate privacy issues is provided. Based on this, we present a privacy preserving OSN featuring end-to-end encryption and social graph obfuscation. As this hides large potions of (meta-)data from the provider, the potential for privacy breaches is substantially reduced. The mobile web introduced several additional APIs allowing unrestricted access to certain sensors without notifying the user. We discuss privacy threats arising from this in the last part of this work. First, we present an approach for identifying videos being played back in the proximity of the user. The approach relies on ambient light sensor readings perceiving minimal illumination changes caused by the playback device. As these changes can be correlated to reference signals extracted from source videos, an identification is possible. In our evaluation we demonstrate feasibility as ...