Files in this item
A first look at the privacy harms of the public suffix list
Item metadata
| dc.contributor.author | McQuistin, Stephen | |
| dc.contributor.author | Snyder, Peter | |
| dc.contributor.author | Perkins, Colin | |
| dc.contributor.author | Haddadi, Hamed | |
| dc.contributor.author | Tyson, Gareth | |
| dc.date.accessioned | 2023-10-25T15:30:06Z | |
| dc.date.available | 2023-10-25T15:30:06Z | |
| dc.date.issued | 2023-10-24 | |
| dc.identifier | 295070433 | |
| dc.identifier | a8e8b910-9304-47d8-9da9-28691dab6a54 | |
| dc.identifier | 85177617219 | |
| dc.identifier.citation | McQuistin , S , Snyder , P , Perkins , C , Haddadi , H & Tyson , G 2023 , A first look at the privacy harms of the public suffix list . in IMC '23: Proceedings of the 2023 ACM on Internet Measurement Conference . ACM , New York, NY , pp. 383–390 , ACM Internet Measurement Conference 2023 , Montreal , Canada , 24/10/23 . https://doi.org/10.1145/3618257.3624836 | en |
| dc.identifier.citation | conference | en |
| dc.identifier.isbn | 9798400703829 | |
| dc.identifier.other | ORCID: /0000-0002-0616-2532/work/141228256 | |
| dc.identifier.uri | https://hdl.handle.net/10023/28567 | |
| dc.description | Funding: This work was supported in part by the UK Engineering and Physical Sciences Research Council under grant EP/S036075/1. | en |
| dc.description.abstract | The public suffix list is a community-maintained list of rules that can be applied to domain names to determine how they should be grouped into logical organizations or companies. We present the first large-scale measurement study of how the public suffix list is used by open-source software on the Web and the privacy harm resulting from projects using outdated versions of the list. We measure how often developers include out-of-date versions of the public suffix list in their projects, how old included lists are, and estimate the real-world privacy harm with a model based on a large-scale crawl of the Web. We find that incorrect use of the public suffix list is common in open-source software, and that at least 43 open-source projects use hard-coded, outdated versions of the public suffix list. These include popular, security-focused projects, such as password managers and digital forensics tools. We also estimate that, because of these out-of-date lists, these projects make incorrect privacy decisions for 1313 effective top-level domains (eTLDs), affecting 50,750 domains, by extrapolating from data gathered by the HTTP Archive project. | |
| dc.format.extent | 8 | |
| dc.format.extent | 733542 | |
| dc.language.iso | eng | |
| dc.publisher | ACM | |
| dc.relation.ispartof | IMC '23: Proceedings of the 2023 ACM on Internet Measurement Conference | en |
| dc.subject | Web privacy | en |
| dc.subject | Domain boundaries | en |
| dc.subject | QA75 Electronic computers. Computer science | en |
| dc.subject | DAS | en |
| dc.subject | MCC | en |
| dc.subject.lcc | QA75 | en |
| dc.title | A first look at the privacy harms of the public suffix list | en |
| dc.type | Conference item | en |
| dc.contributor.institution | University of St Andrews. School of Computer Science | en |
| dc.identifier.doi | https://doi.org/10.1145/3618257.3624836 | |
| dc.identifier.url | https://doi.org/10.1145/3618257 | en |
This item appears in the following Collection(s)
Items in the St Andrews Research Repository are protected by copyright, with all rights reserved, unless otherwise indicated.