SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking
Citation: Michael Smith, Pete Snyder, Benjamin Livshits, Deian Stefan SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking.
Internet Archive Scholar (search for fulltext): SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking
Wikidata (metadata): Q109764075
Tagged:
Summary
SugarCoat allows filter list authors to automatically generate privacy-preserving replacements for arbitrary JavaScript scripts, eliminating the need for manual analysis and implementation of resource replacements is to focus on and intercept accesses to the sources of privacy-sensitive data (e.g., Web APIs like document.cookie and localStorage). SugarCoat instruments JavaScript resources and the resources they create to restrict their access to sensitive data sources according to a custom policy (e.g., “load script 𝑈 , but prevent it from accessing storage”). SugarCoat generates resource replacements in two steps. First, we use dynamic analysis to identify code points where JavaScript code uses Web APIs (e.g., functions, constructors, objects, and object properties) that expose sensitive data sources. Then, we repair the code at these code points to instead use “mock” implementations of the same APIs, which expose the same interfaces but enforce privacy policies specified by filter list authors.