Abstract
The public suffix list is a community-maintained list of rules that can be applied to domain names to determine how they should be grouped into logical organizations or companies. We present the first large-scale measurement study of how the public suffix list is used by open-source software on the Web and the privacy harm resulting from projects using outdated versions of the list. We measure how often developers include out-of-date versions of the public suffix list in their projects, how old included lists are, and estimate the real-world privacy harm with a model based on a large-scale crawl of the Web. We find that incorrect use of the public suffix list is common in open-source software, and that at least 43 open-source projects use hard-coded, outdated versions of the public suffix list. These include popular, security-focused projects, such as password managers and digital forensics tools. We also estimate that, because of these out-of-date lists, these projects make incorrect privacy decisions for 1313 effective top-level domains (eTLDs), affecting 50,750 domains, by extrapolating from data gathered by the HTTP Archive project.
Original language | English |
---|---|
Title of host publication | IMC '23: Proceedings of the 2023 ACM on Internet Measurement Conference |
Place of Publication | New York, NY |
Publisher | ACM |
Pages | 383–390 |
Number of pages | 8 |
ISBN (Electronic) | 9798400703829 |
DOIs | |
Publication status | Published - 24 Oct 2023 |
Event | ACM Internet Measurement Conference 2023 - École de technologie supérieure, Montreal, Canada Duration: 24 Oct 2023 → 26 Oct 2023 https://conferences.sigcomm.org/imc/2023/ |
Conference
Conference | ACM Internet Measurement Conference 2023 |
---|---|
Abbreviated title | IMC |
Country/Territory | Canada |
City | Montreal |
Period | 24/10/23 → 26/10/23 |
Internet address |
Keywords
- Web privacy
- Domain boundaries
Fingerprint
Dive into the research topics of 'A first look at the privacy harms of the public suffix list'. Together they form a unique fingerprint.Datasets
-
A First Look at the Privacy Harms of the Public Suffix List (dataset & code)
McQuistin, S. (Creator), Snyder, P. (Creator), Perkins, C. (Creator), Haddadi, H. (Creator) & Tyson, G. (Creator), University of St Andrews, 9 Nov 2023
DOI: 10.17630/50e596c3-7537-4f74-b503-e9bcc5c8b95a
Dataset: Software
File