I Know Where You've Been - Geo-Inference Attacks Via The Browser Cache

Explore geo-inference attacks via browser cache in this Black Hat conference talk. Delve into how websites customizing services based on user location can inadvertently leak sensitive geo-location information. Examine the widespread vulnerability affecting 62% of Alexa Top 100 websites and 11 map service sites. Learn about timing side-channel attacks that can pinpoint users' countries, cities, and neighborhoods. Discover the impact on major browsers, including Chrome, Firefox, and TorBrowser. Investigate existing defenses, their effectiveness, and additional measures needed for improved protection. Gain insights into browser cache mechanics, attack vectors, evaluation methods, and potential countermeasures. Understand the implications of geo-location leakage for user privacy and web application security.

Intro
Do You Care About your Geo-location?
Sources of Users' Geo-locations
Problem Statement
Background: Browser Cache
Directives in Response Headers to Control Cache
Browser Cache Stores Static Resources
Benefits of Browser Cache
Attack Vector (11) : Measuring Page Load Time
Time of XMLHttpRequests
Attack Vector (IV): Use img complete Property
How to Infer a User's City?
Evaluation Setup
Loading Time: Without Cache.s. With Cachel
Private Browsing Mode is not the Cure
Randomizing Timing Measurements
TorBrowser is not Perfect
Segregating Browser Cache
Take-away