Browser unable to execute script; please use the site map to navigate the site.

On Privacy and the Web

Brandi and Olivier


(Citation)Citation information

W. A. Brandi and M. S. Olivier. “On Privacy and the Web”. In: Proceedings of the Fourth Annual Information Security South Africa Conference (ISSA2004). Published electronically. Midrand, South Africa, June 2004


Chor et al show that when accessing a single public database, a user is only guaranteed safety from an administrator inferring the user’s real intentions (an inference attack) when the user downloads the entire database. Although this approach is somewhat impractical, it is the only way in which to guarantee complete safety from prying eyes.

Inference attacks on a user generally assume that the attack is taking place from the perspective of the Database Administrator. It is therefore implicit that there is an intimate knowledge of the database being accessed by the user.

Given the nature of the Web and some of the Large Public Databases being accessed via the Web, we wish to determine if inference attacks launched on a user can be successful without detailed knowledge of the database.

Can we successfully violate the privacy of a user by analysing his Web queries to the Large Public Database over a period of time? If this is possible, how can one circumvent such an attack?

A search engine on the Web is a prime example of a Large Public Database. It is publicly accessible and users must abide by its usage policies. In this paper we discuss the issues involved in preparing to visualise a log of queries submitted to a Large Public Database. In particular, we discuss the environment in which the logs will be collected, analyse the states a user undergoes when submitting queries to a search engine and set the stage for future research.

(Full text)Full text

A pre- or postprint of the publication is available at

(BibTeX record)BibTeX reference

author={Wesley A Brandi and Martin S Olivier},
title={On Privacy and the Web},
booktitle={Proceedings of the Fourth Annual Information Security South Africa Conference (ISSA2004)},
address={Midrand, South Africa},
note={Published electronically} )