Cluster-analysis attack against a PRivAte Web solution (PRAW)
Purpose ‐ The purpose of this paper is to prove the ability of PRivAte Web (PRAW) ‐ a system for private web browsing ‐ to stand possible attacks. Design/methodology/approach ‐ Attacks on the systems were simulated, manipulating systems variables. A privacy measure was defined to evaluate the capability of the systems to stand the attacks. Analysis of results was performed. Findings ‐ It was shown that, even if the attack is optimised to provide the attacker's highest utility, the similarity between the user profile and the approximated profile is pretty low and does not enable the eavesdropper to derive an accurate estimation of the user profile. Research limitations/implications ‐ One limitation is the "cold start" problem ‐ in the current version, an observer might detect the first transaction, which is always a real user transaction. As a remedy for this problem, the first transaction will be randomly delayed and a random number of fake transactions played before the real one (according to Tr). Another limitation is that PRAW supports only link browsing, originated in search engine interactions (since it is the most common interaction on the web. It should be extended to include concealment of browsing to links originating in the "Favourites" list, that users tend to browse regularly (even a few times a day) for professional or personal reasons. Practical implications ‐ PRAW is feasible and preserves the privacy of web browsers. It is now undergoing commercialisation to become a shelf tool for privacy preservation. Originality/value ‐ The paper presents a practical statistical method for privacy preservation and proved that it is standing possible attacks. Methods usually proposed for this problem are not statistical, but cryptography oriented, and are too expensive in processing-time to be practical.