Repositioning privacy concerns: Web servers controlling URL metadata

Abstract

Uniform Resource Locators reveal a significant amount of metadata about user actions, in ways that inherently violate our natural expectations of privacy. Adequately protecting this information is an important issue tackled (sometimes partially) in areas such as secure transport protocols, terminal encryption and caching strategies. A different (and complementary) approach would be to design the application namespace to minimise privacy leakage. Our goal is to develop a different practical concept of this approach, where service providers enforce fully transient URL namespaces that intentionally conceal data through encryption. We aim to determine what would be the design challenges and required compromises to make this a feasible technique to protect data privacy. For starters, we gather requirements from the constraints of URLs in general and compatibility issues seen in web applications, and propose a mapping process for a namespace of encrypted URLs. We implement this approach over an existing web development framework, and analyse the outcome workload from different popular websites to measure its impact in various conditions. Based on our results, we discuss critical design and implementation choices, consider deployment issues that were encountered, and what compromises can be made to address them, if the web service providers want to embed user privacy in their services. Based on this analysis it can be concluded that this type of privacy approach is expensive, with a significant impact in performance and deployment costs that increases with the expected degree of privacy, but there is also room for improvement in various areas. Furthermore, privacy implemented in this way is not a replacement for other types of privacy solutions, but rather a complementary or even conflicting approach, driven by entirely different motives.