Graduate School and Research Center in Digital Sciences

Dirty clicks: A study of the usability and security implications of click-related behaviors on the Web

Sanchez-Rola, Iskander; Balzarotti, Davide; Kruegel, Christopher; Vigna, Giovanni; Santos, Igor

WWW 2020, The Web Conference, 20-24 April 2020, Taipei, Taiwan

Web pages have evolved into very complex dynamic applications, which are often very opaque and difficult for non-experts to understand. At the same time, security researchers push for more transparent web applications, which can help users in taking important security-related decisions about which information to disclose, which link to visit, and which online service to trust. In this paper, we look at one of the most simple but also most representative aspects that captures the struggle between these opposite demands: a mouse click. In particular, we present the first comprehensive study of the possible security and privacy implications that clicks can have from a user perspective, analyzing the disconnect that exists between what is shown to users and what actually happens after. We started by identifying and classifying possible problems. We then implemented a crawler that performed nearly 2.5M clicks looking for signs of misbehavior. We analyzed all the interactions created as a result of those clicks, and discovered that the vast majority of domains are putting users at risk by either obscuring the real target of links or by not providing sufficient information for users to make an informed decision. We conclude the paper by proposing a set of countermeasures.

Document Bibtex

Title:Dirty clicks: A study of the usability and security implications of click-related behaviors on the Web
Keywords:browser click; web security; usability
Type:Conference
Language:English
City:Taipei
Country:TAIWAN, PROVINCE OF CHINA
Date:
Department:Digital Security
Eurecom ref:6174
Copyright: © ACM, 2020. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in WWW 2020, The Web Conference, 20-24 April 2020, Taipei, Taiwan
Bibtex: @inproceedings{EURECOM+6174, year = {2020}, title = {{D}irty clicks: {A} study of the usability and security implications of click-related behaviors on the {W}eb}, author = {{S}anchez-{R}ola, {I}skander and {B}alzarotti, {D}avide and {K}ruegel, {C}hristopher and {V}igna, {G}iovanni and {S}antos, {I}gor}, booktitle = {{WWW} 2020, {T}he {W}eb {C}onference, 20-24 {A}pril 2020, {T}aipei, {T}aiwan}, address = {{T}aipei, {TAIWAN}, {PROVINCE} {OF} {CHINA}}, month = {04}, url = {http://www.eurecom.fr/publication/6174} }
See also: