Exploring and mitigating privacy threats of HTML5 geolocation API

The HTML5 Geolocation API realizes location-based services via theWeb by granting web sites the geographical location information of user devices. However, the Geolocation API can violate a user's location privacy due to its coarse-grained permission and location models. The API provides either exact location or nothing to web sites even when they only require approximate location. In this paper, we first conduct case studies on numerous web browsers and web sites to explore how they implement and utilize the Geolocation API. We detect 14 vulnerable web browsers and 603 overprivileged web sites that can violate a user's location privacy. To mitigate the privacy threats of the Geolocation API, we propose a novel scheme that (1) supports fine-grained permission and location models, and (2) recommends appropriate privacy settings to each user by inspecting the location sensitivity of each web page. Our scheme can accurately estimate each web page's necessary geolocation degree (estimation accuracy: ~93.5%). We further provide suggestions to improve the Geolocation API.

[1]  Jing Xu,et al.  A Method for Privacy Protection in Location Based Services , 2009, 2009 Ninth IEEE International Conference on Computer and Information Technology.

[2]  Umesh Shankar,et al.  Doppelganger: Better browser privacy without the bother , 2006, CCS '06.

[3]  Jong Kim,et al.  Protecting location privacy using location semantics , 2011, KDD.

[4]  Jing Liu,et al.  Survey of Wireless Indoor Positioning Techniques and Systems , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[5]  Zhenkai Liang,et al.  I Know Where You've Been: Geo-Inference Attacks via the Browser Cache , 2015, IEEE Internet Computing.

[6]  Panos Kalnis,et al.  PRIVE: anonymous location-based queries in distributed mobile systems , 2007, WWW '07.

[7]  Chuan Qin,et al.  Progressive Authentication: Deciding When to Authenticate on Mobile Phones , 2012, USENIX Security Symposium.

[8]  Ling Liu,et al.  Supporting anonymous location queries in mobile environments with privacygrid , 2008, WWW.

[9]  Marco Gruteser,et al.  USENIX Association , 1992 .

[10]  Mahesh Balakrishnan,et al.  Where's that phone?: geolocating IP addresses on 3G networks , 2009, IMC '09.

[11]  David Wetherall,et al.  Privacy oracle: a system for finding application leaks with black box differential testing , 2008, CCS.

[12]  Christian Platzer,et al.  A View to a Kill: WebView Exploitation , 2013, LEET.

[13]  Ying Cai,et al.  Feeling-based location privacy protection for location-based services , 2009, CCS.

[14]  Heng Yin,et al.  Attacks on WebView in the Android system , 2011, ACSAC '11.

[15]  Markus Jakobsson,et al.  Implicit Authentication through Learning User Behavior , 2010, ISC.

[16]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[17]  Jianliang Xu,et al.  Non-Exposure Location Anonymity , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[18]  Edward W. Felten,et al.  Timing attacks on Web privacy , 2000, CCS.

[19]  Ling Liu,et al.  Location Privacy in Mobile Systems: A Personalized Anonymization Model , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[20]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[21]  Anthony T. Holdener HTML5 Geolocation , 2011 .

[22]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[23]  Jesse D. Kornblum Identifying almost identical files using context triggered piecewise hashing , 2006, Digit. Investig..

[24]  Hua Lu,et al.  SpaceTwist: Managing the Trade-Offs Among Location Privacy, Query Performance, and Query Accuracy in Mobile Services , 2008, 2008 IEEE 24th International Conference on Data Engineering.