Karel Kubicek: Automating Cookie Consent and GDPR Violation Detection
https://media.ccc.de/v/gpn20-49-automating-cookie-consent-and-gdpr-violation-detection
The European Union’s General Data Protection Regulation (*GDPR*) requires websites to inform users about personal data collection and request consent for cookies. Yet the majority of websites do not give users any choices, and others attempt to deceive them into accepting all cookies. We document the severity of this situation through an analysis of potential GDPR violations in cookie banners in almost 30k websites. We identify six novel violation types, such as incorrect category assignments and misleading expiration times, and we find at least one potential violation in a surprising 94.7% of the analyzed websites.
We address this issue by giving users the power to protect their privacy. We develop a browser extension, called CookieBlock, that uses machine learning to enforce GDPR cookie consent at the client. It automatically categorizes cookies by usage purpose using only the information provided in the cookie itself. At a mean validation accuracy of 84.4%, our model attains a prediction quality competitive with expert knowledge in the field. Additionally, our approach differs from prior work by not relying on the cooperation of websites themselves. We empirically evaluate CookieBlock on a set of 100 randomly sampled websites, on which it filters roughly 90% of the privacy-invasive cookies without significantly impairing website functionality.
Karel Kubicek
https://cfp.gulas.ch/gpn20/talk/EDN8N9/
#gpn20 #Security
Видео Karel Kubicek: Automating Cookie Consent and GDPR Violation Detection канала media.ccc.de
The European Union’s General Data Protection Regulation (*GDPR*) requires websites to inform users about personal data collection and request consent for cookies. Yet the majority of websites do not give users any choices, and others attempt to deceive them into accepting all cookies. We document the severity of this situation through an analysis of potential GDPR violations in cookie banners in almost 30k websites. We identify six novel violation types, such as incorrect category assignments and misleading expiration times, and we find at least one potential violation in a surprising 94.7% of the analyzed websites.
We address this issue by giving users the power to protect their privacy. We develop a browser extension, called CookieBlock, that uses machine learning to enforce GDPR cookie consent at the client. It automatically categorizes cookies by usage purpose using only the information provided in the cookie itself. At a mean validation accuracy of 84.4%, our model attains a prediction quality competitive with expert knowledge in the field. Additionally, our approach differs from prior work by not relying on the cooperation of websites themselves. We empirically evaluate CookieBlock on a set of 100 randomly sampled websites, on which it filters roughly 90% of the privacy-invasive cookies without significantly impairing website functionality.
Karel Kubicek
https://cfp.gulas.ch/gpn20/talk/EDN8N9/
#gpn20 #Security
Видео Karel Kubicek: Automating Cookie Consent and GDPR Violation Detection канала media.ccc.de
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![#rC3 - RAMN: Resistant Automotive Miniature Network](https://i.ytimg.com/vi/_Rhi48dzk8k/default.jpg)
![Text Embeddings für Neulinge](https://i.ytimg.com/vi/9QaMdSB9zlg/default.jpg)
![Smart City / Country Projekte selber betreiben und per IoT offene Daten erzeugen!](https://i.ytimg.com/vi/VwKxGSw4Hx4/default.jpg)
![Welcome to FPV](https://i.ytimg.com/vi/GxzYT3iL8kQ/default.jpg)
![Cedi: Modern Observability - Scalable Observability with the LGTM Stack: Harnessing the Power of Lok](https://i.ytimg.com/vi/hcxxO9ic8HQ/default.jpg)
![History of the mainframe - from S/360 to Linux](https://i.ytimg.com/vi/5386GSX_9Bc/default.jpg)
![Thorsten Sick: Purple Dome - Kein Schwein greift mich an](https://i.ytimg.com/vi/pkjAC3akTLY/default.jpg)
![The Moon and European Space Exploration (33c3)](https://i.ytimg.com/vi/xMm1g8RPR8E/default.jpg)
![Gemeinsamkeiten systematisch erschließen: Muster des Commoning](https://i.ytimg.com/vi/Jggxs3akgQU/default.jpg)
![Till Harbaum: Aus neu mach' alt: Mini-Retro-Arcade auf ESP32-Basis](https://i.ytimg.com/vi/s7kZmB4fsLA/default.jpg)
![34C3 - Briar - deutsche Übersetzung](https://i.ytimg.com/vi/_ukpjeqU5rI/default.jpg)
![Robin Dunn: Rückengesundheit für Nerds](https://i.ytimg.com/vi/dff9VPia_HU/default.jpg)
![How to become an OpenStreetMap pro](https://i.ytimg.com/vi/7x_i1cYBMis/default.jpg)
![Ekki Plicht: SDR - Software Defined Radio, eine Einführung](https://i.ytimg.com/vi/O7UfpTDnRiU/default.jpg)
![36C3 ChaosWest: Programmieren Lernen für Kids - in Minecraft](https://i.ytimg.com/vi/O2EV5uMk6kQ/default.jpg)
![OsmoDevCall - Osmocom SIMtrace2 Tutorial - SIM protocol tracing: how & why](https://i.ytimg.com/vi/VZrpKQOBUBc/default.jpg)
![35C3 - How Facebook tracks you on Android](https://i.ytimg.com/vi/y0vlD7r-kTc/default.jpg)
![The Ultimate Game Boy Talk (33c3)](https://i.ytimg.com/vi/HyzD8pNlpwI/default.jpg)
![mc.fly: Perimeter security is dead, get over it.](https://i.ytimg.com/vi/erJoeVPeRrs/default.jpg)
![35C3 - The Layman's Guide to Zero-Day Engineering](https://i.ytimg.com/vi/WbuGMs2OcbE/default.jpg)