摘要(英) |
On May 25, 2018, the European Union implemented the General Data Protection Regulation (GDPR), which regulates that websites related to Europe must inform users and obtain their consent to utilize their personal data, including cookies, on web pages.
While this regulation may seem reasonable, the method of obtaining consent has resulted in users having to click on the "Accept" buttons on every new website to achieve the best website experience. However, inadvertently developing a habit of automatically agreeing without fully understanding the implications may lead to unknowingly consenting to malicious activities perpetrated by individuals with deceptive intentions on the internet.
Therefore, we developed a browser extension utilizing OCR technology to provide the Chrome browser with visual perception capabilities. This extension allows the browser, which traditionally relies solely on listener actions, to simulate the visual content perceived by users. By analyzing the text on the buttons, we aim to detect inconsistencies between the observed behavior and the intended purpose of webpage components, and subsequently implement preventive measures. |
參考文獻 |
[1] Gustav Rydstedt, Wichers, Jmanico, MichaelCoates, Till Maas, Ajay, Michael Monsivais, Arun Kumar V, Abhinav, Neil Smithline, kingthorin, Shai Alon, "Clickjacking," OWASP, [Online]. Available: https://owasp.org/www-community/attacks/Clickjacking. [Accessed 07 2023].
[2] Lin-Shung Huang, Alex Moshchuk, Helen J. Wang, Stuart Schecter, & Collin Jackson, "Clickjacking: Attacks and Defenses," 21st USENIX Security Symposium (USENIX Security 12), pp. 413--428, aug 2012.
[3] U. U. Rehman, W. A. Khan, N. A. Saqib and M. Kaleem, "On Detection and Prevention of Clickjacking Attack for OSNs," 2013 11th International Conference on Frontiers of Information Technology, pp. 160-165, 2013.
[4] Shamsi, Jawwad A. and Hameed, Sufian and Rahman, Waleed and Zuberi, Farooq and Altaf, Kaiser and Amjad, Ammar, "Clicksafe: Providing Security against Clickjacking Attacks," 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering, pp. 206-210, 2014.
[5] Mingxue Zhang and Wei Meng and Sangho Lee and Byoungyoung Lee and Xinyu Xing, "All Your Clicks Belong to Me: Investigating Click Interception on the Web," 28th USENIX Security Symposium (USENIX Security 19), pp. 941--957, aug 2019.
[6] "What Is OCR (Optical Character Recognition)?," Amazon, [Online]. Available: https://aws.amazon.com/what-is/ocr/?nc1=h_ls. [Accessed 07 2023].
[7] European Parliament and Council, "Directive 2002/22/EC of the European Parliament and Council," European Parliament and Council, 2002. [Online]. Available: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32002L0022.
[8] European Parliament and Council, "Directive 2002/58/EC of the European Parliament and Council," European Parliament and Council, 2002. [Online]. Available: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32002L0058. [Accessed 07 2023].
[9] European Parliament and Council, "Directive 2009/136/EC of the European Parliament and Council," European Parliament and Council, 2009. [Online]. Available: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32009L0136.
[10] E. P. a. Council, "Regulation (EU) 2016/679 of the European Parliament and of the Council," European Parliament and Council, 2016. [Online]. Available: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02016R0679-20160504.
[11] CloudFare, What is the ePrivacy Directive?.
[12] CloudFare, What is the General Data Protection Regulation (GDPR)?.
[13] The European Commission, "Proposal for an ePrivacy Regulation," The European Commission, 2022. [Online]. Available: https://digital-strategy.ec.europa.eu/en/policies/eprivacy-regulation.
[14] Chrome Developers, "API reference," [Online]. Available: https://developer.chrome.com/docs/extensions/reference/.
[15] Google, Tesseract OCR, GitHub, 2008.
[16] Amazon Alexa, "Alexa Top Websites - Last Save," ExpiredDomains.net, [Online]. Available: https://www.expireddomains.net/alexa-top-websites/. |