Abstract
The news articles we read online can reveal a lot about us. Privacy aware groups have therefore long pushed for the use of HTTPS (encrypted end-to-end communication). In this paper, we present the design and evaluation of a lightweight framework that can (1) successfully identify individual news articles even when the articles are delivered over encrypted connections, and (2) separate between articles associated with different news websites even when the websites are delivered over the same infrastructure. Our results demonstrate that naive use of HTTPS is not enough to prevent attackers monitoring a user's connections from identifying articles that the user reads on the most popular news website. We also provide insights into what makes some websites more/less resilient to our attack, and we use Twitter data to evaluate the effectiveness of an example attack that in addition incorporates the popularity of individual news articles. We are the first to demonstrate and evaluate the practical effectiveness of this type of attack when applied on modern news websites, and our multi-website-based evaluation provides valuable insights into how websites can best protect themselves against this type of attacks. These insights are important for websites that want to help protect the privacy of their users.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
