Real-time privacy-preserving cobrowsing with element masking

Collaborative Web Browsing (cobrowsing) becomes more and more popular in commercial solutions. Cobrowsing allows different users to share a synchronized common view on a web page as well as sharing the interactions, such as mouse movements, highlighting text or mouse clicks, on this web page with each other. This makes it interesting for a wide range of use cases, such as customer relationship management, call center or online sales. Nevertheless existing solutions are vulnerable to man in the middle attacks by the cobrowsing server when using the secure hypertext transfer protocol (HTTPS) and they leak private data of the user to other third parties, which may potentially misuse them. We present in this paper a solution to these issues by letting a user act as proxy between the web application provider and other users. This enables the user (1) to control which web application data is propagated to whom (2) to enforce privacy policies upon private data within a cobrowse session. We present our implementation, which does not rely on browser plugins or extensions, but only on existing web standards.

[1]  Renata S. S. Guizzardi,et al.  LiCoB: Lightweight Collaborative Browsing , 2009, 2009 IEEE/WIC/ACM International Joint Conference on Web Intelligence and Intelligent Agent Technology.

[2]  Mark S. Ackerman,et al.  Privacy in e-commerce: examining user scenarios and privacy preferences , 1999, EC '99.

[3]  Roberta Lima-Gomes,et al.  A flexible architecture for collaborative browsing , 2002, Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[4]  Slim Trabelsi,et al.  Data disclosure risk evaluation , 2009, 2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009).

[5]  Lambert M. Surhone,et al.  Node.js , 2010 .

[6]  Sachin Agarwal,et al.  Enabling Co-browsing Service across Different Browsers and Devices , 2012, ESOCC.

[7]  Daniel Görgen,et al.  Co-browsing dynamic web pages , 2009, WWW '09.

[8]  Béat Hirsbrunner,et al.  Collaborative web browsing: multiple users, multiple pages, concurrent access, one display , 2012, EICS '12.

[9]  Franco Callegati,et al.  Man-in-the-Middle Attack to the HTTPS Protocol , 2009, IEEE Security & Privacy Magazine.

[10]  Haining Wang,et al.  RCB: A Simple and Practical Framework for Real-time Collaborative Browsing , 2009, USENIX Annual Technical Conference.