Cluster-analysis attack against a PRivAte Web solution (PRAW)

Yuval Elovici, Bracha Shapira, Adlay Meshiach

Research output: Contribution to journalArticlepeer-review

12 Scopus citations


Purpose - The purpose of this paper is to prove the ability of PRivAte Web (PRAW) - a system for private web browsing - to stand possible attacks. Design/methodology/approach - Attacks on the systems were simulated, manipulating systems variables. A privacy measure was defined to evaluate the capability of the systems to stand the attacks. Analysis of results was performed. Findings - It was shown that, even if the attack is optimised to provide the attacker's highest utility, the similarity between the user profile and the approximated profile is pretty low and does not enable the eavesdropper to derive an accurate estimation of the user profile. Research limitations/implications - One limitation is the "cold start" problem - in the current version, an observer might detect the first transaction, which is always a real user transaction. As a remedy for this problem, the first transaction will be randomly delayed and a random number of fake transactions played before the real one (according to Tr). Another limitation is that PRAW supports only link browsing, originated in search engine interactions (since it is the most common interaction on the web. It should be extended to include concealment of browsing to links originating in the "Favourites" list, that users tend to browse regularly (even a few times a day) for professional or personal reasons. Practical implications - PRAW is feasible and preserves the privacy of web browsers. It is now undergoing commercialisation to become a shelf tool for privacy preservation. Originality/value - The paper presents a practical statistical method for privacy preservation and proved that it is standing possible attacks. Methods usually proposed for this problem are not statistical, but cryptography oriented, and are too expensive in processing-time to be practical.

Original languageEnglish
Pages (from-to)624-643
Number of pages20
JournalOnline Information Review
Issue number6
StatePublished - 1 Dec 2006


  • Cluster analysis
  • Privacy
  • User studies
  • Worldwide web

ASJC Scopus subject areas

  • Information Systems
  • Computer Science Applications
  • Library and Information Sciences


Dive into the research topics of 'Cluster-analysis attack against a PRivAte Web solution (PRAW)'. Together they form a unique fingerprint.

Cite this