Timing attacks on web privacy

E. W. Felten, M. A. Schneider

Research output: Contribution to journalConference articlepeer-review

234 Scopus citations


We describe a class of attacks that can compromise the privacy of users' Web-browsing histories. The attacks allow a malicious Web site to determine whether or not the user has recently visited some other, unrelated Web page. The malicious page can determine this information by measuring the time the user's browser requires to perform certain operations. Since browsers perform various forms of caching, the time required for operations depends on the user's browsing history; this paper shows that the resulting time variations convey enough information to compromise users' privacy. This attack method also allows other types of information gathering by Web sites, such as a more invasive form of Web "cookies". The attacks we describe can be carried out without the victim's knowledge, and most "anonymous browsing" tools fail to prevent them. Other simple countermeasures also fail to prevent these attacks. We describe a way of reengineering browsers to prevent most of them.

Original languageEnglish (US)
Pages (from-to)25-32
Number of pages8
JournalProceedings of the ACM Conference on Computer and Communications Security
StatePublished - 2000
Event7th ACM Conference on Computer Communications Security - Athens, Greece
Duration: Nov 1 2000Nov 4 2000

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications


Dive into the research topics of 'Timing attacks on web privacy'. Together they form a unique fingerprint.

Cite this