A. Contribution

  1. Problem addressed by the paper

Preventing a tracking server from identifying private information of the user while preserving personalization functionality.

  1. Solution proposed in the paper. Why is it better than previous work?

Previous works either disable setting tracking identifiers or blacklist third party requests to certain servers. However, neither of them can completely block stateful web tracking. This paper proposes TrackingFree, the first anti-tracking browser by mitigating unique identifiers. Instead of disabling those unique identifiers, TrackingFree isolates them into different browser principals so that the identifiers still exist but are not unique among different web sites.

  1. The major results.

TrackingFree browser cuts off the tracking chain for third-party web tracking. The authors’ evaluation shows that TrackingFree can invalidate all the 647 trackers found in Alexa Top 500 web sites, and formally verified that in TrackingFree browser, a single tracker can at most correlate user’s activities on three web sites by Alloy.

B. Basic idea and approach. How does the solution work?

TrackingFree adopts profile mechanism to isolate client-side state. All the navigation and communication related events will be permitted and determined by principal manager and message policy enforcer resided in TrackingFree’s kernel.


C. Strengths

  1. It provides good balance between functionality and privacy protection.

D. Weaknesses

  1. Users need to use special browser, TrackingFree. It may be missing many useful features from common browsers such as Google Chrome or Mozilla Firefox. Users may not use TrackingFree if there are important features missing.
  2. The isolation mechanism in TrackingFree also isolates user’s history related data, such as browsing history, download history, and bookmark history. This will affect user experience and cause inconveniences to the user.
  3. It still need some improvement on the performance overhead. 3% to 20% latency is quite high. 25 MB memory overhead per principal is also quite high.

E. Future work, Open issues, possible improvements

  1. TrackingFree features should be incorporated into common web browsers such as Google Chrome or Mozilla Firefox.