CrowdSurf: Empowering Transparency in the Web

Hassan Metwalley, Stefano Traverso, Marco Mellia (Politecnico di Torino), Stanislav Miskovic (Symantec Corp.), Mario Baldi (Politecnico di Torino)
Appears in: 
CCR October 2015

Individuals lack proper means to supervise the services they contact and the information they exchange when surfing the web. This security task has become challenging due to the complexity of the modern web, of the data delivering technology, and even to the adoption of encryption, which, while improving privacy, makes innetwork services ineffective. The implications are serious, from a person contacting undesired services or unwillingly exposing private information, to a company being unable to control the flow of its information to the outside world. To empower transparency and the capability of taking informed choices in the web, we propose CROWDSURF, a system for comprehensive and collaborative auditing of data exchanged with Internet services. Similarly to crowdsourced efforts, we enable users to contribute in building awareness, supported by the semi-automatic analysis of data offered by a cloud-based system. The result is the creation of “suggestions” that individuals can transform in enforceable “rules” to customize their web browsing policy. CROWDSURF provides the core infrastructure to let individuals and enterprises regain visibility and control on their web activity. Preliminary results obtained executing a prototype implementation demonstrate the feasibility and potential of CROWDSURF.

Public Review By: 
Joseph Camp

Users are often unaware of their sensitive information being sent to a third party when browsing the web. Hence, this paper proposes a system called CrowdSurf, which audits data flows from a browser and informs users of privacy concerns. To do so, regular expressions are used to determine if certain flows should be blocked, redirected, allowed, modified, or simply logged. CrowdSurf also allows users to contribute to a cloud-based system to infer which flows are harmful. CrowdSurf is evaluated on a live trace from an Internet Service Provider and shown to perform reliably with min- imal data required.