Skip to content

Latest commit

 

History

History
76 lines (40 loc) · 5.22 KB

README.md

File metadata and controls

76 lines (40 loc) · 5.22 KB

Tab Logger

The Tab Logger chrome extension helps users incrementing their productivity by raising awareness of their tab usage. Users can visualize simple statistics such as the average number of open tabs and the median lifetime of a tab, realizing the inefficiencies of their tab behavior. In addition, the Tab logger extension can reduce memory utilization by suspending tabs that have been inactive for a long time. Putting inactive tabs to sleep is especially useful for resource-constrained users who keep long lists of tabs open. For such an intensive tab usage, the Tab logger user interface provides a shortcut to close all tabs except the active one.

Users that benefit from this extension can also contribute to research on computer security by sending statistics about their tab usage. Even thoguh there already are a few studies on the usage of browser tabs, these studies have been performed from a usability point of view, and are not suitable for computer security studies. The following list provides the reader with references to previous studies on this topic.

Statistics Collection

The extension collects the following attributes:

Attribute Description
Tab ID An identifier of the tab where the event has originated.
Event Name An event related to a tab. See below for a list of events.
Time offset Time elapsed between this event and the previous one.

These are the events that are recorded:

Name Description
onCreated The user has open a new tab.
onUpdated The user has updated the tab (e.g., visited a new page with the same tab).
onRemoved The user has closed a tab.
onLoaded A resource (e.g., a script, an image, and so on), has been loaded in a tab.

Note that the URL is not collected in any case, nor any content of the visits.

Threat model

All the instances of the extension post the data to a central web server. We want to protect against inferences made on the data by network eavesdroppers and this web server. To reduce the scope of inference we minimized the data that are being collected. For instance, we record time offsets instead of absolute timestamps, in order to prevent time correlation attacks.

We use public-key cryptography to encrypt the data. The extension is shipped with the public key, and encrypts the data with it. After collecting 50 events, the extension posts these data via HTTPS to a web server. The private key is kept in a secure environment, so that not even the web server can learn the contents of these data. Only the researchers who have access to this secure enviroment can recover the original data. We used JSBN's RSA-2048 PKCSv1.5 implementation.

We use a secret generated at installation time to identify each instance of the extension. This secret is hashed (SHA256) and sent to the server, where it is hashed again and stored in the database. We also used a cookie that allows the web server for load balancing (issued by OpenShift).

The data is also stored in the HTML5 local storage associated to the extension, so that users can see them in plain text.

Links

  • The extension can be found at the Chrome store.

  • The actual stats are being processed and published automatically here.

Who we are

We are PhD students on computer security with the following affiliations:

Please, contact us if you have question or comments about either the Tab Logger extension or this study.