PDF Exploring and Mitigating Privacy Threats of HTML5 Geolocation API

Exploring and Mitigating Privacy Threats of HTML5 Geolocation API

Hyungsub Kim, Sangho Lee, Jong Kim Pohang University of Science and Technology

(POSTECH) Annual Computer Security Applications Conference

(ACSAC) 2014 Presenter: Hyungsub Kim

2014-12-11

Location-based service (LBS) background (1/4)

Use real-time geo-data to provide information

Discovering the nearest coffee chains

Are used in a variety of contexts

Travel information, proximity-based marketing, fraud prevention

2014-12-11

Dept. of CSE, POSTECH, Rep. of Korea

store-locator/search

2

Web (HTML5 Geolocation API) background (2/4)

Realize LBSs via the Web Obtain latitude, longitude, altitude, heading, speed Need to obtain permissions from users Methods: getCurrentPosition() watchPosition()

Obtain user's location





navigator.geolocation.getCurrentPosition(showPosition);

function showPosition(position) {

var latlon=position.coords.latitude+","+ position.coords.longitude;

var img_url=" api/staticmap?center="+latlon+"&zoom=13&size =500x400&maptype=hybrid&sensor=true"; }

2014-12-11

Dept. of CSE, POSTECH, Rep. of Korea

3

Web (HTML5 Geolocation API) background (3/4)

Realize LBSs via the Web Obtain latitude, longitude, altitude, heading, speed Need to obtain permissions from users Methods: getCurrentPosition() watchPosition()

Track user's location





navigator.geolocation.watchPosition(showPosition);

function showPosition(position) {

var latlon=position.coords.latitude+","+ position.coords.longitude;

var img_url=" api/staticmap?center="+latlon+"&zoom=13&size =500x400&maptype=hybrid&sensor=true"; }

2014-12-11

Dept. of CSE, POSTECH, Rep. of Korea

4

Permission model

background (4/4)

When a user grants permissions to a web site

chrome://settings

Geolocation exceptions

Hostname pattern

Behavior Allow

All web pages of the web site can access the

user's location.



. . .

Employ a per-domain permission model

2014-12-11

Dept. of CSE, POSTECH, Rep. of Korea

5

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.