OWASP AppSec USA 2011 Conference
Minneapolis, MN | September 20 – 23, 2011
In this talk, Gerrit Padgham and I talked about the current state of online tracking and highlight current practices such as “cookie respawning” and non-cookie based tracking that popular websites and mobile applications engage in. We discussed theories on why the platforms we use do not adequately protect users from these threats and highlight the proposed solutions, such as additional transparency tools and Do-Not-Track that are intended to help mitigate these issues. We also demonstrated MobileScope, a technical solution we have been developing to give the end user ultimate visibility into the traffic their device is sending. Finally, we discussed open questions surrounding the ability to adequately assess risk drawing from behavioral economics and risk management theories for cues as to potential outcomes in this space.