The modern web is home to many online services that request and handle sensitive private information from their users. Previous research has shown how websites may leak user information, either due to poor programming practices, or through the intentional outsourcing of functionality to third-party service.
Despite the magnitude of this problem, users today have few, if any, options, for protecting their PII against accidental and intentional leakage. Generic anti-tracking extensions are based on manually-curated blacklists which, due to their reactive nature, are destined to be always out of date. Moreover, these anti-tracking extensions only account for domains belonging to tracking companies and thus cannot account for non-tracking-related third-party domains which happen to receive a user’s PII due to the poor programming practices of the first-party website with which the user interacts.
To effectively inform users about the privacy consequences of visiting particular websites, we propose to design, implement, and evaluate PrivacyMeter, a browser extension that, on-the-fly, computes a relative privacy score for any website that a user is visiting. This score will be computed based on each website’s privacy practices and how these compare to the privacy practices of pre-analyzed websites. In addition to a numeric score, PrivacyMeter will also provide users with contextual information about the discovered privacy issues (e.g., “many aggressive trackers”, or “many inputs are submitted to third parties”), and what actions are advised. The privacy practices that PrivacyMeter will be assessing go above and beyond the state of the art, thereby offering users a much more accurate view of a website’s privacy practices, compared to existing tools.