O. Braun, M. Große-Kampmann, J. Hörnemann, Prof. Norbert Pohlmann (Institut für Internet-Sicherheit), D. Theis, T. Urban:
“Exploring the Effects of Cybersecurity Awareness and Decision-Making Under Risk”,
in: Zhao, J., Meng, W. (eds) Science of Cyber Security. SciSec 2024. Lecture Notes in Computer Science, vol 15441.
Springer, Singapore
Abstract
Filter lists are used by various users, tools, and researchers to identify tracking technologies on the Web. These lists are created and maintained by dedicated communities. Aside from popular blocking lists (e.g., EasyList), the communities create region-specific blocklists that account for trackers and ads that are only common in these regions. The lists aim to keep the size of a general blocklist minimal while protecting users against region-specific trackers. In this paper, we perform a large-scale Web measurement study to understand how different region-specific filter lists (e.g., a blocklist specifically designed for French users) protect users when visiting websites. We define three privacy scenarios to understand when and how users benefit from these regional lists and what effect they have in practice. The results show that although the lists differ significantly, the number of rules they contain is unrelated to the number of blocked requests. We find that the lists’ overall efficacy varies notably. Filter lists also do not meet the expectation that they increase user protection in the regions for which they were designed. Finally, we show that the majority of the rules on the lists were not used in our experiment and that only a fraction of the rules would provide comparable protection for users. Keywords
user tracking, tracking protection, filter lists, web privacy, adblocker 1 Introduction
Ads are central to today’s Web ecosystem, primarily serving as a revenue source for online businesses, content creators, services, and other entities. For many websites, especially those that offer free content, advertising is the primary means of monetization. This model leads to considerable security and privacy problems. One of the significant issues is the pervasive tracking that underpins targeted advertising: to maximize the effectiveness of advertising, advertisers and third-party networks often use tracking technologies such as cookies [25, 28, 54, 55] and fingerprinting [22, 33, 40].
Such security and privacy concerns lead to use of ad blocking and tracking blocking techniques. Such blockers use filter lists to identify and block requests to known ad servers and remove website advertising elements based on predefined rules. A filter list is a collection of rules and patterns designed to detect and block unwanted website content, such as advertising, tracking scripts, and other intrusive elements. When a user visits a website, the ad blocker compares the page’s content with the filter list and dynamically blocks elements that match the specified patterns. Popular lists such as EasyList [19 ] are maintained by a community of volunteers who continually update them to keep up with evolving advertising techniques and new tracking methods. Ad blocker users can subscribe to these lists to ensure their browsing experience remains free from unwanted interruptions and privacy intrusions. Regional filter lists are specialized rules tailored to block ads and tracking scripts specific to certain geographic regions, languages, or cultural norms [ 20]. These lists address the unique advertising practices, ad networks, and tracking mechanisms prevalent worldwide that global filter lists may not comprehensively cover. Popular blockers like AdBlock [2 ] or uBlock [44 ] recommend using regional filter lists if you browse non-English websites. For instance, a regional filter list for Japan would contain rules for blocking advertising from Japanese advertising networks and content in Japan. Ad-blocking software can potentially provide more effective and localized ad blocking by including regional filter lists, ensuring that users in different regions enjoy a cleaner and more relevant browsing experience. These lists are often maintained by local communities or experts who know the regional advertising landscape.
In this paper, we analyze the effects associated with regional filter lists in different scenarios. To this end, we conduct a largescale measurement study to understand how these lists affect users’ browsing experience and privacy. More specifically, we analyze nine country-specific filter lists provided by the EasyList community and study three privacy scenarios to understand when and how users benefit from regional lists. Using our measurement framework, we visited over 1.8 million pages, collected over 207 million HTTP requests, and stored over 579 GB of data for analysis. We found that most of the used region-specific filter lists only block a minimal number of requests and that lists designed for other regions may outperform specialized lists even in a local setting. Furthermore, we find that lists do not meet the expectation that they perform well when users visit websites that belong to the region the list was designed for, questioning the need for localized blocking lists. Our results show that most rules (93%) in the filter lists are not used. In summary, we make the following contributions: - Large-scale measurement to understand the impact of localized filter lists: We collect regional filter lists (n=9) that intersect with measurement locations worldwide. We provide a real-world measurement framework that allows researchers to analyze the impact of regional filter lists on security and privacy.
- Impact of Regional Filter Lists on Privacy: Our findings show that regional filter lists do not significantly enhance privacy in targeted regions and are often more effective in other regions. Combined with a standard filter list EasyList, they provide benefits, suggesting that regional lists alone are insufficient.
- Effectiveness of Filter List Rules: Our analysis reveals that only 7% of the rules in filter lists are effective in identifying tracking requests, highlighting the potential of significant optimization. To aid this, we propose a master list for maintainers.
…
kostenlos downloaden
Weitere Informationen zum Thema “Exploring the Effects of Cybersecurity Awareness”
„Warum Vertrauenswürdigkeit der Grundstein für die Digitalisierung ist“
„Exploring the Effects of Cybersecurity Awareness and Decision-Making Under Risk“ „Cybersicherheit, IT-Sicherheit und Informationssicherheit – Definition und Abgrenzung“ „To trust or not to trust Was Vertrauen schafft: Anforderungen an KI-Anbieter und -Lösungen“ „Vertrauen ist gut Reputationssysteme sind besser – Kollektive Intelligenz für die Bewertung von IT-Sicherheitslösungen“
„Lehrbuch Cyber-Sicherheit“
„Übungsaufgaben und Ergebnisse zum Lehrbuch Cyber-Sicherheit“ „Bücher im Bereich Cyber-Sicherheit und IT-Sicherheit zum kostenlosen Download“ „Trusted Computing – Ein Weg zu neuen IT-Sicherheitsarchitekturen“
„Vorlesungen zum Lehrbuch Cyber-Sicherheit“
„Von der Perimeter Sicherheit zu Zero Trust“ „The European Cybersecurity Act and its impact on US companies“ „Aktuelle Cybersicherheitslage und Cyber-Sicherheitsstrategien zur Reduzierung der Risiken“ „IT-Sicherheitsrecht – Was gibt die EU vor, wie kann die Industrie die Umsetzung aktiv gestalten“
„Forschungsinstitut für Internet-Sicherheit (IT-Sicherheit, Cyber-Sicherheit)“
„Master-Studiengang Internet-Sicherheit (IT-Sicherheit, Cyber-Sicherheit)“ „Marktplatz IT-Sicherheit“ „Marktplatz IT-Sicherheit: IT-Notfall“ „Marktplatz IT-Sicherheit: IT-Sicherheitstools“ „Marktplatz IT-Sicherheit: Selbstlernangebot“ „Marktplatz IT-Sicherheit: Köpfe der IT-Sicherheit“ „Vertrauenswürdigkeits-Plattform“
„Artificial Intelligence and IT Security – More Security, More Threats“
„IT Technologies Need to Become Significantly More Robust for the Digital Future“ „Selbstlernakademie SecAware.nrw: Neues KI-Modul soll IT-Awareness in NRW nachhaltig stärken “ „IT-Sicherheitslage in Deutschland: Unternehmen sollten ihre Cyber-Sicherheitsmaßnahmen jetzt überprüfen“
„eco-Studie: Security und digitale Identitäten“
„Gaia-X-sichere und vertrauenswürdige Ökosysteme mit souveränen Identitäten“
„Cyber-Sicherheit braucht mehr Fokus“
„IT-Sicherheitsstrategie für Deutschland“
„IT-Sicherheit für NRW 4.0 – Gemeinsam ins digitale Zeitalter. Aber sicher.“ „Human-Centered Systems Security – IT Security by People for People“
„Cyber-Sicherheit“
„Cyber-Sicherheitsrisiko“ „Cyber-Sicherheitsstrategien“ „Cyber-Sicherheitsversicherungen“ „Security Awareness“ | 
