Doppelganger

Abstract

We introduce Doppelganger, a novel system for creating and enforcing fine-grained, privacy preserving browser cookie policies with low manual effort. Browser cookies pose privacy risks, since they can be used to track users' actions in detail, but some cookies also enable useful functionality, like personalization features. Web browsers currently lack an effective cookie management mechanism. Users must choose between two unpalatable options: a permissive, privacy-compromising policy for every site they visit, or a seemingly endless series of questions to which they must supply underinformed opinions. Doppelganger takes a big step forward: it makes automated determinations of cookies' value to enable a cost-benefit analysis, and offers an automated recovery system when that mechanism---or the user---makes an incorrect judgment. Doppelganger leverages client-side parallelism to automatically and simultaneously explore multiple cookie policies, enabling each user to create her ideal cookie policy. We tackle important and difficult subproblems along the way: mechanisms for recording and replaying web sessions; improved handling of third-party cookies; and enforcing fine-grained, per-site cookie mediation. We implemented Doppelganger as a Firefox extension; we discuss experimental results comparing it to various browser settings, as well as lessons learned from the real-world engineering challenges we faced in our implementation.