Fingerprinting Search Keywords over HTTPS at Scale
This work addresses a privacy threat for users of popular web search engines, but it is incremental as it builds on existing network traffic analysis with new evaluations.
The study tackled the problem of fingerprinting search keywords over HTTPS, a significant privacy threat, by analyzing factors like client platform diversity and search engine choice, and found insights from evaluations on nearly 4 million queries over three months.
The possibility of fingerprinting the search keywords issued by a user on popular web search engines is a significant threat to user privacy. This threat has received surprisingly little attention in the network traffic analysis literature. In this work, we consider the problem of keyword fingerprinting of HTTPS traffic -- we study the impact of several factors, including client platform diversity, choice of search engine, feature sets as well as classification frameworks. We conduct both closed-world and open-world evaluations using nearly 4 million search queries collected over a period of three months. Our analysis reveals several insights into the threat of keyword fingerprinting in modern HTTPS traffic.