HTTP referer

Abstract: This article investigates privacy risks to those visiting health- related web pages. The population of pages analyzed is derived from the 50 top search results for 1,986 common diseases. This yielded a total population of 80,124 unique pages which were analyzed for the presence of third-party HTTP requests. 91% of pages were found to make requests to third parties. Investigation of URIs revealed that 70% of HTTP Referer strings contained information exposing specific conditions, treatments, and diseases. This presents a risk to users in the form of personal identification and blind discrimination. An examination of extant government and corporate policies reveals that users are insufficiently protected from such risks.

Abstract: The majority of commercial websites provide users the ability to contact them via dedicated contact pages. In these pages, users are typically requested to provide their names, email addresses, and reason for contacting the website. This eectively makes contact pages a gateway from being anonymous or pseudony- mous, i.e., identified via stateful and stateless identifiers, to being eponymous. As such, the environment where users provide their personally identifiable information (PII) has to be trusted and free from intentional and unintentional information leaks. In this paper, we report on the first large-scale study of PII leakage via contact pages of the 100,000 most popular sites of the web. We develop a reliable methodology for identifying and in- teracting with contact forms as well as techniques that allow us to discover the leakage of PII towards third- parties, even when that information is obfuscated. Us- ing these methods, we witness the leakage of PII towards third-parties in a wide range of ways, including the leak- age through third-party form submissions, third-party scripts that collect PII information from a first-party page, and unintended leakage through a browser's Ref- erer header. To recover the lost control of users over their PII, we design and develop Formlock, a browser extension that warns the user when contact forms are using PII-leaking practices, and provides the ability to comprehensively lock-down a form so that a user's de- tails cannot be, neither accidentally, nor intentionally, leaked to third parties.

Abstract: Disclosed is a policy based method for blocking the automatic dereferencing of web beacon links in an e-mail message sent in HTML format with a minimum sacrifice in the HTML body rendering quality. HTML content that potentially contains web beacons is replaced with non-dereferencing elements prior to HTML rendering by the e-mail browser so that the remaining HTML can be rendered as complete as possible without rendering the potential web beacons. Additionally, the present invention also provides a method for removing the HTTP Referer header from referenced external links and activated images. An HTTP redirector service is implemented as a server-based link redirection evaluator application which serves to eliminate the Referer header for the URL requested. Embodiments of the present invention provide for blocking web beacons and removing HTTP Referer headers in both a “down-level” e-mail client and a client which can make programmatic use of an HTML rendering engine.

Abstract: Linked Data relies on one central concept: Typed links connect entities stored within data sets published by dierent individuals. Manual input and mapping are common techniques to create these links. We propose a novel method, where HTTP Referer information is used to create new links between Linked Data entities stored in dierent data sets. We evaluate our method using 27.86 million real-world log entries from web servers hosting Linked Data.