Individuals lack proper means to supervise the services they contact and the information they exchange when surﬁng the web. This security task has become challenging due to the complexity of the modern web, of the data delivering technology, and even to the adoption of encryption, which, while improving privacy, makes innetwork services ineffective. The implications are serious, from a person contacting undesired services or unwillingly exposing private information, to a company being unable to control the ﬂow of its information to the outside world. To empower transparency and the capability of taking informed choices in the web, we propose CROWDSURF, a system for comprehensive and collaborative auditing of data exchanged with Internet services. Similarly to crowdsourced efforts, we enable users to contribute in building awareness, supported by the semi-automatic analysis of data offered by a cloud-based system. The result is the creation of “suggestions” that individuals can transform in enforceable “rules” to customize their web browsing policy. CROWDSURF provides the core infrastructure to let individuals and enterprises regain visibility and control on their web activity. Preliminary results obtained executing a prototype implementation demonstrate the feasibility and potential of CROWDSURF.
Users are often unaware of their sensitive information being sent to a third party when browsing the web. Hence, this paper proposes a system called CrowdSurf, which audits data flows from a browser and informs users of privacy concerns. To do so, regular expressions are used to determine if certain flows should be blocked, redirected, allowed, modified, or simply logged. CrowdSurf also allows users to contribute to a cloud-based system to infer which flows are harmful. CrowdSurf is evaluated on a live trace from an Internet Service Provider and shown to perform reliably with min- imal data required.