In the age of the General Data Protection Regula-tion (GDPR) and the California Consumer Privacy Act (CCPA),privacy and consent control have become even more apparent forevery-day web users. Privacy banners in all shapes and sizes askfor permission through more or less challenging designs and makeprivacy control more of a struggle than they help users’ privacy.In this paper, we present a novel solution expanding the AdvancedData Protection Control (ADPC) mechanism to bridge currentgaps in user data and privacy control. Our solution moves theconsent control to the browser interface to give users a seamlessand hassle-free experience, while at the same time offering contentproviders a way to be legally compliant with legislation. Throughan extensive review, we evaluate previous works and identifycurrent gaps in user data control. We then present a blueprintfor future implementation and suggest features to support privacycontrol online for users globally. Given browser support, thesolution provides a tangible path to effectively achieve legallycompliant privacy and consent control in a user-oriented mannerthat could allow them to again browse the web seamlessly.

The demand and usage of 360°video services are expected to increase. However, despite these services being highly bandwidth intensive, not much is known about the potential value that basic bandwidth saving techniques such as server or edge-network on-demand caching (e.g., in a CDN) could have when used for delivery of such services. This problem is both important and complicated as client-side solutions have been developed that split the full 360°view into multiple tiles, and adapt the quality of the downloaded tiles based on the user’s expected viewing direction and bandwidth conditions. This paper presents new trace-based analysis methods that incorporate users’ viewports (the area of the full 360°view the user actually sees), a first characterization of the cross-user similarities of the users’ viewports, and a trace-based analysis of the potential bandwidth savings that caching-based techniques may offer under different conditions. Our analysis takes into account differences in the time granularity over which viewport overlaps can be beneficial for resource saving techniques, compares and contrasts differences between video categories, and accounts for uncertainties in the network conditions and the prediction of the future viewing direction when prefetching. The results provide substantial insight into the conditions under which overlap can be considerable and caching effective, and inform the design of new caching system policies tailored for 360°video.

The reliability and political bias differ substantially between news articles published on the Internet. Recent research has examined how these two variables impact user engagement on Facebook, reflected by measures like the volume of shares, likes, and other interactions. However, most of this research is based on the ratings of publishers (not news articles), considers only bias or reliability (not combined), focuses on a limited set of user interactions, and ignores the users engagement dynamics over time. To address these shortcomings, this paper presents a temporal study of user interactions with a large set of labeled news articles capturing the temporal user engagement dynamics, bias, and reliability ratings of each news article. For the analysis, we use the public Facebook posts sharing these articles and all user interactions observed over time for those posts. Using a broad range of bias/reliability categories, we then study how the bias and reliability of news articles impact users engagement and how it changes as posts become older. Our findings show that the temporal interaction level is best captured when bias, reliability, time, and interaction type are evaluated jointly. We highlight many statistically significant disparities in the temporal engagement patterns (as seen across several interaction types) for different bias-reliability categories. The shared insights into engagement dynamics can benefit both publishers (to augment their temporal interaction prediction models) and moderators (to adjust efforts to post category and lifecycle stage).

Most state-of-the-art facial recognition systems (FRS:s) use face embeddings. In this paper, we present the IdDecoder framework, capable of effectively synthesizing realistic-neutralized face images from face embeddings, and two effective attacks on state-of-the-art facial recognition models using embeddings. The first attack is a black-box version of a model inversion attack that allows the attacker to reconstruct a realistic face image that is both visually and numerically (as determined by the FRS:s) recognized as the same identity as the original face used to create a given face embedding. This attack raises significant privacy concerns regarding the membership of the gallery dataset of these systems and highlights the importance of both the people designing and deploying FRS:s paying greater attention to the protection of the face embeddings than currently done. The second attack is a novel attack that performs the model inversion, so to instead create the face of an alternative identity that is visually different from the original identity but has close identity distance (ensuring that it is recognized as being of the same identity). This attack increases the attacked system's false acceptance rate and raises significant security concerns. Finally, we use IdDecoder to visualize, evaluate, and provide insights into differences between three state-of-the-art facial embedding models.

The use of wildcard certificates and multi-domain certificates can impact how sensitive a certificate is to attacks and how many (sub)domains and machines may be impacted if a private key is compromised. Unfortunately, there are no globally agreed-upon best practices for these certificate types and the recommendations have changed many times over the years. In this paper, we present a 10-year longitudinal analysis of the usage of wildcard certificates and multi-domain certificates on the internet. Our analysis captures and highlights substantial differences in the heterogenous wildcard and multi-domain certificate practices. The results also show that there are several ways that CAs and domain owners have chosen to improve their practices, with many appearing to reduce the number of domains (and subdomains) for which each certificate is responsible.

Content-delivery applications can achieve scalability and reduce wide-area network traffic using geographically distributed caches. However, each deployed cache has an associated cost, and under time-varying request rates (e.g., a daily cycle) there may be long periods when the request rate from the local region is not high enough to justify this cost. Cloud computing offers a solution to problems of this kind, by supporting dynamic allocation and release of resources. In this paper, we analyze the potential benefits from dynamically instantiating caches using resources from cloud service providers. We develop novel analytic caching models that accommodate time-varying request rates, transient behavior as a cache fills following instantiation, and selective cache insertion policies. Within the context of a simple cost model, we then develop bounds and compare policies with optimized parameter selections to obtain insights into key cost/performance tradeoffs. We find that dynamic cache instantiation can provide substantial cost reductions, that potential reductions strongly dependent on the object popularity skew, and that selective cache insertion can be even more beneficial in this context than with conventional edge caches. Finally, our contributions also include accurate and easy-to-compute approximations that are shown applicable to LRU caches under time-varying workloads.

The prevalence of phishing domains is steadily rising as attackers exploit toolkits to create phishing websites. As web development expertise is no longer a prerequisite, phishing attacks have become more widespread, outpacing many existing detection methods. Developing novel techniques to identify malicious domains is crucial to safeguard potential victims online. While most current methods emphasize the visual aspects of phishing websites, in this paper, we investigate the underlying structure by collecting data on style sheets and certificates from both verified phishing domains and benign domains. Using a token-based similarity algorithm, we group the phishing domains into three categories and identify shared characteristics of these domains. Our work demonstrates the feasibility of using structural similarities to identify a website created using a phishing kit. By employing such detection, users would be able to browse the web with a reduced risk of falling victim to malicious activities.

To capture that not all goals are of the same importance, a new performance metric called the Game Points Importance Value (GPIV) was recently proposed. While this metric takes into account the expected impact that a goal has on the outcome of a game based on the context when the goal was scored, it relies on a relatively fine-grained state space. To address this problem, this paper presents simplified and more practical variations of the GPIV metric. Motivated by our analysis of the relative importance of different dimensions of the state space, we present two metrics that capture the most important component(s) of GPIV. Our evaluation shows that the metrics are relatively stable and capture most of the relative differences between GPIV and traditional metrics (e.g., goals, assist, points, and +/-). These results suggest that these simple and practical metrics are intuitive, capture most of the desirable variations that GPIV captures, and that the value of a goal can be well estimated using GPIV data based on historic data.

Privacy of machine learning models is one of the remaining challenges that hinder the broad adoption of Artificial Intelligent (AI). This paper considers this problem in the context of image datasets containing faces. Anonymization of such datasets is becoming increasingly important due to their central role in the training of autonomous cars, for example, and the vast amount of data generated by surveillance systems. While most prior work de-identifies facial images by modifying identity features in pixel space, we instead project the image onto the latent space of a Generative Adversarial Network (GAN) model, find the features that provide the biggest identity disentanglement, and then manipulate these features in latent space, pixel space, or both. The main contribution of the paper is the design of a feature-preserving anonymization framework, StyleID, which protects the individuals’ identity, while preserving as many characteristics of the original faces in the image dataset as possible. As part of the contribution, we present a novel disentanglement metric, three complementing disentanglement methods, and new insights into identity disentanglement. StyleID provides tunable privacy, has low computational complexity, and is shown to outperform current state-of-the-art solutions.

This paper explores the significance of special teams, particularly powerplay, in ice hockey. Despite the commonly held perception of their importance, little research has examined the impact of powerplay and penalty kill performance on overall team success. The paper uses several seasons of NHL data to characterize goal-scoring and manpower opportunities, and perform analysis from several perspectives. The results indicate that individual even strength goals and powerplay goals have similar value, but the larger share of even strength goals scored over a season makes even strength play a more important contributor to team success. The paper also finds a high correlation between teams that perform above/below average during even strength and powerplay. This study provides insights into the dynamics of ice hockey gameplay and the role of special teams in determining team success.

Many websites offer users to authenticate using third-party identity providers (IDPs) such as Facebook or Google. As part of the signup process, these websites often ask the user to give them additional permissions with the IDP (e.g., some data sharing or authorize some actions) that can have significant privacy implications. Motivated by the increased scrutiny of Facebook and other popular IDPs (e.g., due to the 2018 Cambridge Analytica scandal), we present a longitudinal analysis of the IDP usage and permissions changes over the past nine years (2012–2021) as well as a large-scale characterization of the current state. Our longitudinal analysis identifies trends and characterizes changes in both the IDP usage and permission agreements of different subsets of websites. For our large-scale analysis, we develop and share a Selenium-based measurement framework that we use to collect datasets. Using this data, we study the IDP usage across popularity ranges, the permissions used in the wild, and highlight differences between websites using different IDPs and those that do not. Our analysis shows increased IDP usage, especially among the most popular websites, and that the permission requests on average are becoming more modest but also brings forward significant exceptions that may need further scrutiny.

Certificates are the foundation of secure communication over the internet. However, not all certificates are created and managed in a consistent manner and the certificate authorities (CAs) issuing certificates achieve different levels of trust. Furthermore, user trust in public keys, certificates, and CAs can quickly change. Combined with the expectation of 24/7 encrypted access to websites, this quickly evolving landscape has made careful certificate management both an important and challenging problem. In this paper, we first present a novel server-side characterization of the certificate replacement (CR) relationships in the wild, including the reuse of public keys. Our data-driven CR analysis captures management biases, highlights a lack of industry standards for replacement policies, and features successful example cases and trends. Based on the characterization results we then propose an efficient solution to an important revocation problem that currently leaves web users vulnerable long after a certificate has been revoked.

The news articles we read online can reveal a lot about us. Privacy aware groups have therefore long pushed for the use of HTTPS (encrypted end-to-end communication). In this paper, we present the design and evaluation of a lightweight framework that can (1) successfully identify individual news articles even when the articles are delivered over encrypted connections, and (2) separate between articles associated with different news websites even when the websites are delivered over the same infrastructure. Our results demonstrate that naive use of HTTPS is not enough to prevent attackers monitoring a user's connections from identifying articles that the user reads on the most popular news website. We also provide insights into what makes some websites more/less resilient to our attack, and we use Twitter data to evaluate the effectiveness of an example attack that in addition incorporates the popularity of individual news articles. We are the first to demonstrate and evaluate the practical effectiveness of this type of attack when applied on modern news websites, and our multi-website-based evaluation provides valuable insights into how websites can best protect themselves against this type of attacks. These insights are important for websites that want to help protect the privacy of their users.

Not all ad blockers achieve the same blocking success and, depending on their implementation, they can either improve or hurt the web performance experienced by users. Borgolte and Feamster (2020) recently provided the first extensive evaluation of how privacy-focused browser extensions affect a users web performance. However, while their work provides a nice comparison of the performance impact that different extensions may have, their evaluation only considered landing pages of a single set of websites. In this paper, we focus specifically on performance comparisons when considering different sets of webpages. For example, we study the impact of whether a page is a landing page or an internal page, whether a page is popular or less popular, as well as the impact of in which country/region the company registering the website is operating (used as a proxy for the primary target market). For our evaluations, we use pairs of webpages carefully selected from the recently proposed Hispar list (Aqeel et al. 2020) and compare the performance of the most popular blocking extensions (Adblock Plus, uBlock Origin, Ghostery, and Private Badger) considered by Borgolte and Feamster with a baseline case in which we do not use any extension. While we observe clear differences in the distribution statistics of the metrics considered, several observations were consistent across all dimensions, including whether we consider landing pages or internal pages. The paper highlights some of these invariants and discusses their implications. In addition, our measurements (and the differences observed by different adblockers) also reveal new insights into how internal vs. landing pages of different webpage categories (e.g., based on popularity or region) differ in their composition and resource usage.

The evaluation of player performance is an important topic in sports analytics and is used by coaches for team management, in scouting and in sports broadcasts. When evaluating the performance of ice hockey players, many metrics are used, including traditional metrics such as goals, assists, points and modern metrics such as Corsi. One weakness of such metrics is that they do not consider the context in which the value for the metric was assigned. Other advanced metrics have been introduced, but as they are not easily explainable to practitioners, they may not make it into the hockey discourse. In this paper we introduce new goal-based metrics that (i) are based on traditional and well-known metrics, and thus easily understandable, (ii) take context into account in the form of time, manpower differential and goal differential and (iii) add a new aspect by taking into account the importance of the goals regarding their contribution to team wins and ties. We describe the intuitions behind the metrics, give formal definitions, evaluate the metrics using the eye test and show correlations to the traditional metrics. We have used data from the NHL seasons 2007-2008 to 2013-2014 and show which players stand out with respect to the number of goals and the importance of goals.

n/a

n/a

Predicting game or season outcomes is important for clubs as well as for the betting industry. Understanding the critical factors of winning games and championships gives clubs a competitive advantage when selecting players for the team and implementing winning strategies. In this paper, we work with NBA data from 10 seasons and propose an approach for predicting game outcomes that is then used for predicting which team will be champion and which stages a team will reach in the playoffs. We show that our approach has a similar performance as the odds from betting companies and does better than ELO.

Dual Connectivity (DC) is an important lower-layer feature accelerating the transition from 4G to 5G that also is expected to play an important role in standalone 5G radio networks. However, even though the packet reordering introduced by DC can significantly impact the performance of upper-layer protocols, no prior work has studied the impact of DC on QUIC. In this paper, we present the first such performance study. Using a series of throughput and fairness experiments, we show how QUIC is affected by different DC parameters, network conditions, and whether the DC implementation aims to improve throughput or reliability. Results for two QUIC implementations (aioquic, ngtcp2) and two congestion control algorithms (NewReno, CUBIC) are presented under both static and highly time-varying network conditions Our findings provide network operators with insights and understanding into the impacts of splitting QUIC traffic in a DC environment. With reasonably selected DC parameters and increased UDP receive buffers, QUIC over DC performs similarly to TCP over DC and achieves optimal fairness under symmetric link conditions when DC is not used for packet duplication. The insights can help network operators provide modern users with better end-to-end service when deploying DC.

The discussions on social-media forums can impact the sentiment of a company, and consequently also its stock price. As we show here, some of the most shorted companies have provided some of the clearest examples of this relationship. In light of these observations, this paper presents a longitudinal study of the cross-forum dynamics of ten highly shorted stocks that saw significant discussions on the popular forums Reddit, Twitter, and Seeking Alpha. Using the posts from these forums, their sentiments, and the daily snapshots of the stock price of each company, we use a combination of qualitative case studies and quantitative hypothesis testing to derive new insights. Through a combination of time-series analysis, clustering, and domain-optimized sentiment analysis, we study the relationship between the times that discussions peak on the different forums, the changes in sentiment, and the stock price movements. We find that all three forums are likely to experience peaks in their activity close to each other, that Reddit is most likely to peak first, and that the sentiment of Twitter discussions were more sensitive to the current derivative of the stock price than the sentiment observed on the other forums.

Despite the X509 public key infrastructure (PKI) being essential for ensuring the trust we place in our communication with web servers, the revocation of the trust placed in individual X509 certificates is neither transparent nor well-studied, leaving many unanswered questions. In this paper, we present a temporal analysis of 36 million certificates, whose revocation statuses we followed for 120 days since first being issued. We characterize the revocation rates of different certificate authorities (CAs) and how the rates change over the lifetime of the certificates. We identify and discuss several instances where the status changes from "revoked" to "good", "unauthorized" or "unknown", respectively, before the certificates expiry. This complements prior work that has observed such inconsistencies in some CAs behavior after expiry but also highlight a potentially more severe problem. Our results highlight heterogeneous revocation practices among the CAs.

Recently, researchers have modeled how reliability and political bias of news may affect Facebook users' engagement, as measured using interaction metrics such as the number of shares, likes, etc. However, the temporal dynamics of Facebook users' engagement with news of varying degrees of bias and reliability is less studied. In light of the COVID-19 pandemic, it is also important to quantify how the pandemic changed user engagement with various news. This paper presents the first temporal study of Facebook users' interaction dynamics, accounting for both the bias and reliability of the publishers. We consider a dataset of 992 U.S. publishers, and the study spans the period from Jan. 2018 to July 2022. This allows us to accurately assess the effect of the covid outbreak on the temporal dynamics of Facebook users' interactions with different classes of news. Our study examines these two parameters' effect on Facebook user engagement using both per-publisher and aggregated statistics. Several findings are revealed by our analysis, including that publishers in different bias and reliability classes experienced significantly different levels of engagement dynamics during and following the covid outbreak. For example, we show that the least reliable news exhibited the most considerable growth of followers during the covid period and the most reliable news sources exhibited the greatest growth rate of followers during the post-covid period. We also show that the interaction rate (number of interactions normalized over the number of followers) with Facebook news posts during the post-covid period is smaller than it was even before the outbreak. Furthermore, we demonstrate how the COVID-19 outbreak caused statistically significant structural breaks in the temporal dynamics of engagement with several types of news, and quantify this effect. With social media becoming a popular news source during crises, the observed temporal dynamics provide important insights into how information was consumed over the recent years, benefiting both researchers and public sectors.

The streaming content that we choose to watch canreveal much about our thoughts, opinions, and interests. Anadversary capable of determining what users watch thereforepresents a significant privacy threat. In this paper, we presentand evaluate the first fingerprinting attack on Twitch that allowsviewers of individual live streams to be identified despite thetraffic being encrypted. The attack targets the traffic patternsassociated with chat messages associated with each stream. Ourresults show that high accuracy can be achieved by eavesdroppingonly for a short time (e.g., 90 seconds) and that the accuracy canbe increased even further by interacting with the stream. We alsotake a closer look at how the accuracy and activity level differbetween different Twitch channels and provide insights into theaccuracy that attackers using different strategies for selectingtarget channels may have. Finally, we study countermeasures toprotect against such attacks and demonstrate that the naive use ofVPN is not enough. We instead present countermeasures alteringpacket timing and sizes. Our large-scale evaluation of differentcountermeasures provides important insights that help both thestreaming providers and users better protect their privacy.

With interactive branched video, the storyline is typically determined by branch choices made by the user during playback. Despite putting users in control of their viewing experiences, prior work has not considered how to best help users that may want to quickly navigate, explore, or skip parts of the branched video. Such functionalities are important for both impatient users and those rewatching the video. To address this void, we present the design, implementation and evaluation of interface solutions that help users effectively navigate the video, and to identify and explore previously unviewed storylines. Our solutions work with large, general video structures and allow users to effectively forward/rewind the branched structures. Our user study demonstrates the added value of our novel designs, presents promising tradeoffs, provides insights into the pros/cons of different design alternatives, and highlights the features that best address specific tasks and design aspects.  

The evaluation of player performance is an important topic in sport analytics and is used by coaches for team management, in scouting and in sports broadcasts. When evaluating the performance of ice hockey players many metrics are used, including traditional metrics such as goals, assists, points and modern metrics such as Corsi. One weakness of such metrics is that they do not take into consideration the context in which the value for the metric was assigned. For instance, when a player scores a goal, then the value of the goals metric for that player is raised by one, regardless of the importance of the goal. In this paper, we introduce new variants of classical metrics based on the importance of the goals regarding their contribution to team wins and ties. Further, we investigate using play-by-play data from the 2013-2014 NHL season how these new metrics relate to the classical metrics and which players stand out with respect to important goals.

Congestion-aware scheduling in case of downlink cellular communication has ignored the distribution of diverse content to different clients with heterogeneous secrecy requirements. Other possible application areas that encounter the preceding issue are secure offloading in mobile-edge computing, and vehicular communication. In this paper, we extend the work in Arvanitaki et al. (SN Comput Sci 1(1):53, 2019) by taking into consideration congestion and random access. Specifically, we study a two-user congestion-aware broadcast channel with heterogeneous traffic and different security requirements. We consider two randomized policies for selecting which packets to transmit, one is congestion-aware by taking into consideration the queue size, whereas the other one is congestion-agnostic. We analyse the throughput and the delay performance under two decoding schemes at the receivers, and provide insights into their relative security performance and into how congestion control at the queue holding confidential information can help decrease the average delay per packet. We show that the congestion-aware policy provides better delay, throughput, and secrecy performance for large arrival packet probabilities at the queue holding the confidential information. The derived results also take account of the self-interference caused at the receiver for whom confidential data is intended due to its full-duplex operation while jamming the communication at the other user. Finally, for two decoding schemes, we formulate our problems in terms of multi-objective optimization, which allows for finding a trade-off between the average packet delay for packets intended for the legitimate user and the throughput for the other user under congestion-aware policy.

n/a

With 360° video streaming, the user's field of view (a.k.a. viewport) is at all times determined by the user's current viewing direction. Since any two users are unlikely to look in the exact same direction as each other throughout the viewing of a video, the frame-by-frame video sequence displayed during a playback session is typically unique. This complicates the direct comparison of the perceived Quality of Experience (QoE) using popular metrics such as the Multiscale-Structural Similarity (MS-SSIM). Furthermore, there is an absence of light-weight emulation frameworks for tiled-based 360° video streaming that allow easy testing of different algorithm designs and tile sizes. To address these challenges, we present REEFT-360, which consists of (1) a real-time emulation framework that captures tile-quality adaptation under time-varying bandwidth conditions and (2) a multi-step evaluation process that allows the calculation of MS-SSIM scores and other frame-based metrics, while accounting for the user's head movements. Importantly, the framework allows speedy implementation and testing of alternative head-movement prediction and tile-based prefetching solutions, allows testing under a wide range of network conditions, and can be used either with a human user or head-movement traces. The developed software tool is shared with the paper. We also present proof-of-concept evaluation results that highlight the importance of including a human subject in the evaluation.  

The modern Internet is highly dependent on the trust communicated via X.509 certificates. However, in some cases certificates become untrusted and it is necessary to revoke them. In practice, the problem of secure certificate revocation has not yet been solved, and today no revocation procedure (similar to Certificate Transparency w.r.t. certificate issuance) has been adopted to provide transparent and immutable history of all revocations. Instead, the status of most certificates can only be checked with Online Certificate Status Protocol (OCSP) and/or Certificate Revocation Lists (CRLs). In this paper, we present the first longitudinal characterization of the revocation statuses delivered by CRLs and OCSP servers from the time of certificate expiration to status disappearance. The analysis captures the status history of over 1 million revoked certificates, including 773K certificates mass-revoked by Lets Encrypt. Our characterization provides a new perspective on the Internets revocation rates, quantifies how short-lived the revocation statuses are, highlights differences in revocation practices within and between different CAs, and captures biases and oddities in the handling of revoked certificates. Combined, the findings motivate the development and adoption of a revocation transparency standard.

Congestion-aware scheduling in the case of traditional downlink cellular communication has neglected the heterogeneity in terms of secrecy among different clients. In this paper, we study a two-user congestion-aware broadcast channel with heterogeneous traffic and different security requirements. The traffic with security requirements is intended for a legitimate user and it has bursty nature. The incoming packets are stored in a queue at the source. Furthermore, there is a second traffic flow intended for another user, it is delay tolerant and does not have secrecy constraints. The receiver which needs to be served with confidential data has full-duplex capabilities, and it can send a jamming signal to hinder eavesdropping of its data at the other user. We consider two randomized policies for selecting which packets to transmit, one is congestion-aware by taking into consideration the queue size, whereas the other one is non-congestion-aware. We analyse the throughput and the delay performance under two decoding schemes at the receivers and provide insights into their relative security performance and into how congestion control at the queue holding confidential information can help decrease the average delay per packet. We show that the two policies have the same secrecy performance for large random access probabilities. The derived results also take account of the self-interference caused at the receiver for whom confidential data is intended due to its full-duplex operation while jamming the communication at the other user.

Twitter has proven a powerful tool to shape peoples’ opinions and thoughts. One efficient way to spread information is with the use of links. In this paper, we characterize the link sharing usage on Twitter, placing particular focus on third-party link shortener services that hide the full URL from the user. First, we present a measurement framework that combines two Twitter APIs and the Bitly API, and allows us to collect detailed statistics about tweets, their posters, their link usage, and the retweets and clicks 24 hours after the original tweet. Second, using two one-week-long datasets, collected one year apart (April 2019 and2020), we then characterize and analyze important difference in link usage among users, the domains that different users and shorteners (re)direct users too, and compare the click rates of such links with the corresponding retweet rates. The analysis provides insights into link sharing biases on Twitter, skews, and behavioral differences in usage, as well as reveal interesting observations capturing differences in how a tweet containing a link may be retweeted versus how the embedded link is clicked. Finally, we use click-based results for covid-19 tweets to discuss the importance of controlling the spread of (mis)information.

There is limited prior work studying how the ad personalization experienced by different users is impacted by the use of adblockers, geographic location, the user's persona, or what browser they use. To address this void, this paper presents a novel profile-based evaluation of the personalization experienced by carefully crafted user profiles. Our evaluation framework impersonates different users and captures how the personalization changes over time, how it changes when adding or removing an extension, and perhaps most importantly how the results differ depending on the profile's persona (e.g., interest, occupation, age, gender), geographic location (US East, US West, UK), what browser extension they use (none, AdBlock, AdBlock Plus, Ghostery, CatBlock), what browser they use (Chrome, Firefox), and whether they are logged in to their Google account. By comparing and contrasting observed differences we provide insights that help explain why some user groups may feel more targeted than others and why some people may feel even more targeted after having turned on their adblocker.  

Internet security and privacy stand on the trustworthiness of public certificates signed by Certificate Authorities (CAs). However, software products do not trust the same CAs and therefore maintain different root stores, each typically containing hundreds of trusted roots capable of issuing “trusted” certificates for any domain. Incidents with misissued certificates motivated Google to implement and enforce Certificate Transparency (CT). CT logs archive certificates in a public, auditable and append-only manner. The adoption of CT changed the trust landscape. As a part of this change, CT logs started to maintain their own root lists and log certificates that chain back to one of the trusted roots. In this paper, we present a first characterization of this emerging CT root store landscape, as well as the tool that we developed for data collection, visualization, and analysis of the root stores. As part of our characterization, we compare the logs’ root stores and quantify their changes with respect to both each other and the root stores of major software vendors, look at evolving vendor CT policies, and show that root store mismanagement may be linked to log misbehavior. Finally, we present and discuss the results of a survey that we have sent to the log operators participating in Apple’s and Google’s CT log programs.

Cloud computing offers an attractive solution for modern computer games. By moving the increasingly demanding graphical calculations (e.g., generation of realtime video streams) to the cloud, consumers can play games using small, cheap devices. While cloud gaming has many advantages and is increasingly deployed, not much work has been done to understand the underlying factors impacting players user experience when moving the processing to the cloud. In this paper, we study the impact of the quality of service (QoS) factors most affecting the players quality of experience (QoE) and in-game performance. In particular, these relationships are studied from multiple perspectives using complementing analysis methods applied on the data collected via instrumented user tests. During the tests, we manipulated the players network conditions and collected low-level QoS metrics and in-game performance, and after each game, the users answered questions capturing their QoE. New insights are provided using different correlation/auto-correlation/cross-correlation statistics, regression models, and a thorough break-down of the QoS metric most strongly correlated with the users QoE. We find that the frame age is the most important QoS metric for predicting in-game performance and QoE, and that spikes in the frame age caused by large frame transfers can have extended negative impact as they can cause processing backlogs. The study emphasizes the need to carefully consider and optimize the parts making up the frame age, including dependencies between the processing steps. By lowering the frame age, more enjoyable gaming experiences can be provided.

Since the advent of the Web, new Web benchmarking tools have frequently been introduced to keep up with evolving workloads and environments. The introduction of Web of Things (WoT) marks the beginning of another important paradigm that requires new benchmarking tools and testbeds. Such a WoT benchmarking testbed can enable the comparison of different WoT application configurations and workload scenarios under assumptions regarding WoT application resource demands and WoT device network characteristics. The powerful computational capabilities of modern commodity multicore servers along with the limited resource consumption footprints of WoT devices suggest the feasibility of a benchmarking testbed that can emulate the application behaviour of a large number of WoT devices on just a single multicore server. However, to obtain test results that reflect the true performance of the system being emulated, care must be exercised to detect and consider the impact of testbed bottlenecks on performance results. For example, if too manyWoT devices are emulated then performance metrics obtained from a test run, e.g., WoT device response times, would only reflect contention among emulated devices for shared multicore server resources instead of providing a true indication of the performance of the WoT system being emulated. We develop a testbed that helps a user emulate a system consisting of multiple WoT devices on a single multicore server by exploiting Docker containers. Furthermore, we devise a novel mechanism for the user to check whether shared resource contention in the testbed has impacted the integrity of test results. Our solution allows for careful scaling of experiments and enables resource efficient evaluation of a wide range of WoT systems, architectures, application characteristics, workload scenarios, and network conditions.

In this paper, we consider the two-user broadcast channel with security constraints. We assume that a source broadcasts packets to two receivers, and that one of them has secrecy constraints, i.e., its packets need to be kept secret from the other receiver. The receiver with secrecy constraint has full-duplex capability, allowing it to transmit a jamming signal to increase its secrecy. We derive the average delay per packet and provide simulations and numerical results, where we compare different performance metrics for the cases when both receivers treat interference as noise, when the legitimate receiver performs successive decoding, and when the eavesdropper performs successive decoding. The results show that successive decoding provides better average packet delay for the legitimate user. Furthermore, we define a new metric that characterizes the reduction on the success probability for the legitimate user that is caused by the secrecy constraint. The results show that secrecy poses a significant amount of packet delay for the legitimate receiver when either receiver performs successive decoding. We also formulate an optimization problem, wherein the throughput of the eavesdropper is maximized under delay and secrecy rate constraints at the legitimate receiver. We provide numerical results for the optimization problem, where we show the trade-off between the transmission power for the jamming and the throughput of the non-legitimate receiver. The results provide insights into how channel ordering and encoding differences can be exploited to improve performance under different interference conditions.

The demand and usage of 360 degrees video services are expected to increase. However, despite these services being highly bandwidth intensive, not much is known about the potential value that basic bandwidth saving techniques such as server or edge-network on-demand caching (e.g., in a CDN) could have when used for delivery of such services. This problem is both important and complicated as client-side solutions have been developed that split the full 360 degrees view into multiple tiles, and adapt the quality of the downloaded tiles based on the users expected viewing direction and bandwidth conditions. To better understand the potential bandwidth savings that caching-based techniques may offer for this context, this paper presents the first characterization of the similarities in the viewing directions of users watching the same 360 degrees video, the overlap in viewports of these users (the area of the full 360 degrees view they actually see), and the potential cache hit rates for different video categories and network conditions. The results provide substantial insight into the conditions under which overlap can be considerable and caching effective, and can inform the design of new caching system policies tailored for 360 degrees video.

Short end-to-end path lengths and faster round-trip times (RTTs) are important for good client performance. While prior measurement studies related to IPv6 primarily focus on various adoption aspects, much less work have focused on performance metrics such as these. In this paper, we compare the relative end-to-end path distances and RTTs when using IPv6 and IPv4 between PlanetLab nodes in Europe and different subsets of popular domains. In addition to providing access to multiple measurement nodes, the use of PlanetLab also provides a use-case driven report of running IPv6 experiments on this previously prosperous experimental platform for academic research. In particular, the study provides a first report on performing IPv6 experiments on PlanetLab, highlights the lack of IP support among PlanetLab nodes and limitations of state-of-the-art traceroute tools used for IPv6 measurements, and provides a statistical methodology that uses hypothesis testing to derive insights while accounting for such testbed and traceroute shortcomings. Our performance analysis shows (among other things) that the relative RTTs of the IPv6 paths are currently faster than the corresponding IPv4 paths, and that the fraction of pairings for which this is the case is quickly increasing across a wide range of domain popularities and domain categories. These findings suggest that there is incentive to use IPv6, which may impact the rate of further IPv6 deployment. 

By caching content at geographically distributed servers, content delivery applications can achieve scalability and reduce wide-area network traffic. However, each deployed cache has an associated cost. As the request rate from a region varies (e.g., according to a daily cycle), there may be periods when the request rate is high enough to justify this cost, and other periods when it is not. Cloud computing offers a solution to problems of this kind, by supporting the dynamic allocation and release of resources. In this paper, we analyze the potential benefits from dynamically instantiating caches using resources from cloud service providers. We develop novel analytic caching models that accommodate time-varying request rates, transient behavior as a cache fills following instantiation, and selective cache insertion policies. Using these models, within the context of a simple cost model, we then develop bounds and compare policies with optimized parameter selections to obtain insights into key cost/performance tradeoffs. We find that dynamic cache instantiation can provide substantial cost reductions, that potential reductions strongly dependent on the object popularity skew, and that selective cache insertion can be even more beneficial in this context than with conventional edge caches.

This paper compares the performance tradeoffs of popular application-layer messaging protocols and binary serialization formats in the context of vehicle-to-cloud communication for maintaining digital twins. Of particular interest are solutions that enables emerging delay-sensitive Intelligent Transport System (ITS) features, while reducing data usage in mobile networks. The evaluated protocols are Constrained Application Protocol (CoAP), Advanced Message Queuing Protocol (AMQP), and Message Queuing Telemetry Transport (MQTT), and the serialization formats studied are Protobuf and Flatbuffers. The results show that CoAP - the only User Datagram Protocol (UDP) based protocol evaluated - has the lowest latency and overhead, but is not able to guarantee reliable transfer, even when using its confirmable message feature. For our context, the best performer that guarantees reliable transfer is MQTT. For the serialization formats, Protobuf is shown to have faster serialization speed and three times smaller serialized message size than Flatbuffers. In contrast, Flatbuffers uses less memory and has shorter deserialization time, making it an interesting alternative for applications where the vehicle is the receiver of time sensitive information. Finally, insights and implications on ITS communication are discussed.

Player behaviors can have a significant impact on the outcome of individual events, as well as the game itself. The increased availability of high quality resolution spatio-temporal data has enabled analysis of player behavior and game strategy. In this paper, we present the implementation and evaluation of an imitation learning method using recurrent neural networks, which allows us to learn individual player behaviors and perform rollouts of player movements on previously unseen play sequences. The method is evaluated using a 2019 dataset from the top-tier soccer league in Sweden (Allsvenskan). Our evaluation provides insights how to best apply the method on movement traces in soccer, the relative accuracy of the method, and how well policies of one player role capture the relative behaviors of a different player role, for example.

Many teams in the NHL utilize data analysis and employ data analysts. An important question for these analysts is to identify attributes and skills that may help predict the success of individual players. This study uses detailed player statistics from four seasons, player rankings from EA’s NHL video games, and six machine learning algorithms to find predictive models that can be used to identify and predict players’ ranking tier (top 10%, 25% and 50%). We also compare and contrast which attributes and skills best predict a player’s success, while accounting for differences in player positions (goalkeepers, defenders and forwards). When comparing the resulting models, the Bayesian classifiers performed best and had the best sensitivity. The tree-based models had the highest specificity, but had trouble classifying the top 10% tier players. In general, the models were best at classifying forwards, highlighting that many of the official metrics are focused on the offensive measures and that it is harder to use official performance metrics alone to differentiate between top tier players.

Dual Connectivity (DC) is an important lower-layer feature accelerating the transition from 4G to 5G that also is expected to play an important role in standalone 5G. However, even though the packet reordering introduced by DC can significantly impact the performance of upper-layer protocols, no prior work has studied the impact of DC on QUIC. In this paper, we present the first such performance study. Using a series of throughput and fairness experiments, we show how QUIC is affected by different DC parameters, network conditions, and whether the DC implementation aims to improve throughput or reliability. Our findings provide insights into the impacts of splitting QUIC traffic in a DC environment. With reasonably selected DC parameters and increased UDP receive buffers, QUIC over DC performs similarly to TCP over DC and achieves optimal fairness under symmetric link conditions when DC is not used for packet duplication. 

Virtual reality (VR) provides many exciting new application opportunities, but also present new challenges. In contrast to 360° videos that only allow a user to select its viewing direction, in fully immersive VR, users can also move around and interact with objects in the virtual world. To most effectively deliver such services it is therefore important to understand how users move around in relation to such objects. In this paper, we present a methodology and software tool for generating run-time datasets capturing a user’s interactions with such 3D environments, evaluate and compare different object identification methods that we implement within the tool, and use datasets collected with the tool to demonstrate example uses. The tool was developed in Unity, easily integrates with existing Unity applications through the use of periodic calls that extracts information about the environment using different ray-casting methods. The software tool and example datasets are made available with this paper. 

Ice hockey is a highly popular sport that has seen significant increase in the use of sport analytics. To aid in such analytics, most major leagues collect and share increasing amounts of play-by-play data and other statistics. Additionally, some websites specialize in making such data available to the public in user-friendly forms. However, these sites fail to capture the semantic information of the data, and cannot be used to support more complex data requirements. In this paper, we present the design and development of an ice hockey ontology that provides improved knowledge representation, enables intelligent search and information acquisition, and helps when using information from multiple databases. Our ontology is substantially larger than previous ice hockey ontologies (that cover only a small part of the domain) and provides a formal and explicit representation of the ice hockey domain, supports information retrieval, data reuse, and complex performance metrics.

With client-side encryption (CSE), a users data is encrypted before being transferred to a cloud provider. This ensures that only the intended user has access to the information, but complicates effective file synchronization (between different devices and the cloud). Motivated by prior findings that empirically show that the largest performance differences between popular CSE services (CSEs) and non-CSEs typically are related to the implementation of delta encoding solutions to reduce bandwidth usage, in this paper, we evaluate and provide insights into the practical CSE-related delta encoding overheads. First, we use targeted experiments to demonstrate the delta encoding problem associated with CSE and to compare the practical overhead differences associated with three example services implementing delta encoding. Second, we develop an analytic cost model and use it to show that a simple threshold-based CSE policy can reduce the bandwidth and storage usage seen by the best CSE considered here, that such a policy has a provable worst-case overhead within a factor two of the best non-CSE, and typically performs much better. The results are highly encouraging, and show that it is possible to provide CSE at limited additional overhead compared to non-CSE services.

News and information spread over social media can have big impact on thoughts, beliefs, and opinions. It is therefore important to understand the sharing dynamics on these forums. However, most studies trying to capture these dynamics rely only on Twitters open APIs to measure how frequently articles are shared/retweeted, and therefore do not capture how many users actually read the articles linked in these tweets. To address this problem, in this paper, we first develop a novel measurement methodology, which combines the Twitter steaming API, the Bitly API, and careful sample rate selection to simultaneously collect and analyze the timeline of both the number of retweets and clicks generated by news article links. Second, we present a temporal analysis of the news cycle based on five-day-long traces (containing both clicks and retweet over time) for the news article links discovered during a seven-day period. Among other things, our analysis highlights differences in the relative timelines observed for clicks and retweets (e.g., retweet data often lags and underestimates the bias towards reading popular links/articles), and helps answer important questions regarding differences in how age-based biases and churn affect how frequently news articles shared on Twitter are accessed over time.