David Klein is a PhD Candidate since October 2018. His research interests include static and dynamic analysis, program transformations, web security, unikernels and privacy
Accept All Exploits: Exploring the Security Impact of Cookie Banners David Klein*, Marius Musch*, Thomas Barber, Moritz Kopmann, and Martin Johns To appear in the 37th Annual Computer Security Applications Conference (ACSAC), 2022
Popular messaging providers read your messages. Encrypted instant messaging has received a lot of attention since Snowden’s disclosures of 2013. However, no exhaustive work on snooping by messaging providers has been conducted. We design and implement the HoneyMessages Framework for management and supervision of automatic experimental trials to detect snooping by the service providers. In these experiments, unique closely-monitored tokens are embedded into messages which are transmitted via instrumented online messengers. The framework detected server-side requests to URLs in chats by the majority of the examined messaging services while three providers repeatedly accessed them. In order to do so, the providers analyze and process the messages beyond transmission, violating privacy assumptions.