Engineer explains how to avoid digital tracking

Franziska Roesner, assistant professor of Computer Science and Engineering at the UW, addresses computer security and privacy issues, the process of developing new defensive tools, and recommendations to users in the first in a series of College of Engineering lectures.

People of all ages filtered into Kane Hall on Wednesday night to hear about tracking in the digital age. 

The engineering department held a seminar with speaker Franziska Roesner, who discussed the length of which tracking pervades people’s devices.

Roesner’s work centers on the concept of user-driven access control (UAC), which takes the control out of automated applications and webpages, and places it into the hands of the user. The focus is privacy and transparency.

Via The Daily

Roesner described UAC as the ways in which phone applications ask a user if they want to “allow” a certain type of tracking, like location, constant camera access, or messaging.

But the real problem arises within the phone’s operating system, as it cannot recognize the difference between a user consciously pushing a button or sending information to a third party.

“So the challenge we were facing was to design a system such that the [operating system] actually can understand the user’s interactions with arbitrary buttons and arbitrary applications,” Roesner said.

Since 2011, Roesner has been working on a team to solve these types of problems and determine how tracking happens. Her research, however, goes as far back as 2007. 

“Once you say ‘yes,’ applications have the ability to use those permissions however and whenever they want,” Roesner said. 

Roesner and her colleague have created an application for Android called LayerCake, which prevents this from happening.

“We take these user interface elements, and make them special,” Roesner said. “We give control of those buttons to the operating system, and now we call them access control gadgets.” …

This allows the operating system in the phone to understand what the buttons mean and to detect when the users actually click on them. 

Tracking also occurs through browsers. You can eliminate this by blocking third-party cookies and enabling do-not-track in browser settings.

This, however, doesn’t eliminate every facet of information-gathering online. 

Sixty-nine-year-old Bonnie Ashleman said she realized just how careful she needs to be, especially with apps on mobile devices.

“You never think of what’s going on with your browser,” Ashleman said. “This whole third-party thing is very interesting.”

Ashlemen has been retired for 10 years, but she still considers herself “a little tech savvy.”

Roesner also discussed widgets, and revealed just what these applications do. The most frequent widgets users experience are social media ones, like Twitter, Google, and Facebook that show up on practically every article, video, and photo so users can share it with their friends.

The widgets can track, give information to third parties, and create profiles of people through their browsing history even without clicking on their share button. It happens automatically as soon as the browser loads the buttons on the page.

To help prevent this automated tracking issue, Roesner has also contributed to the development of ShareMeNot, an extension for Firefox and Chrome that works as a tracking blocker and filter. 

“We can change the way our systems and technology work to automatically meet user expectations rather than putting the burden on users for them to manage and access these applications themselves,” Roesner said. “We really have the opportunity to positively influence designs.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s