Our research group (Charlie Reis, Yoshi Kohno, and Steve Gribble from UW CSE, and Nick Weaver from ICSI) has just presented a measurement study showing that many users are receiving web pages that have been modified in-flight.\u00a0 The pages are changed between the web server and the user’s browser, either by ISPs injecting advertisements, enterprise firewalls injecting script code, or client-side proxies that block popups and ads.\u00a0 These changes are often unwanted by either publishers or users, and they can also be dangerous: we found that several types of changes introduced bugs and security vulnerabilities into otherwise safe and functional pages.<\/p>\n
To study this, we measured how often our own web page, http:\/\/vancouver.cs.washington.edu<\/a>, was modified when users visited it.\u00a0 A piece of JavaScript code that we call a “web tripwire” detected such modifications, allowing us to record the change and notify the user.\u00a0 Our study found that about 1% of the 50,000 visitors to our page received a modified version.\u00a0 While 70% of these changes were caused by client-side proxies, we did see many changes caused by ISPs and firewalls as well.<\/p>\n For more information on our study and our results, you can read our analysis at Detecting In-Flight Page Changes with Web Tripwires<\/a>, as well as our recent NSDI 2008 paper<\/a> (PDF).\u00a0 Our results have also been covered recently in the news media here<\/a>, here<\/a>, and here<\/a>.<\/p>\n If you would like to add a web tripwire to your own page, we have an open source toolkit<\/a> that you can download and host on your web server.\u00a0 We also have a web tripwire service<\/a> that is hosted by our server, which you can add to your page with a single line of JavaScript code.<\/p>\n","protected":false},"excerpt":{"rendered":" Our research group (Charlie Reis, Yoshi Kohno, and Steve Gribble from UW CSE, and Nick Weaver from ICSI) has just presented a measurement study showing that many users are receiving web pages that have been modified in-flight.\u00a0 The pages are … Continue reading