Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore how Cascading Style Sheets (CSS) can be exploited for user tracking and privacy violations in this 39-minute Black Hat conference talk. Discover how modern browsers' restrictions on traditional tracking methods like third-party cookies have led to new fingerprinting techniques that bypass current privacy protections. Learn about the novel privacy implications of recent CSS additions and understand how this seemingly harmless styling language can enable cross-website tracking without requiring cookies or JavaScript. Examine the concerning reality that modern browser engines allow these tracking techniques in HTML emails due to their minimal requirements, creating opportunities for user profiling, targeted phishing, and spam campaigns. Understand how CSS-based tracking methods can circumvent state-of-the-art privacy mitigations while remaining enabled by default in most email clients. Gain insights into the false sense of security created by JavaScript-focused privacy protections and discover the broader implications for both web application security and email-based tracking. Presented by PhD students Leon Trampert and Daniel Weber from CISPA Helmholtz Center for Information Security, this presentation reveals critical vulnerabilities in current privacy protection strategies.
