We describe the design and implementation of Privacy Oracle, a system that reports on application leaks of user information via the network traffic that they send. Privacy Oracle treats each application as a black box, without access to either its internal structure or communication protocols. This means that it can be used over a broad range of applications and information leaks (i.e., not only Web traffic or credit card numbers). To accomplish this, we develop a differential testing technique in which perturbations in the application inputs are mapped to perturbations in the application outputs to discover likely leaks; we leverage alignment algorithms from computational biology to find high quality mappings between different byte-sequences efficiently. Privacy Oracle includes this technique and a virtual machine-based testing system. To evaluate it, we tested 26 popular applications, including system and file utilities, media players, and IM clients. We found that Privacy Oracle discovered many small and previously undisclosed information leaks. In several cases, these are leaks of directly identifying information that are regularly sent in the clear (without end-to-end encryption) and which could make users vulnerable to tracking by third parties or providers.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	http://www.autoitscript.com/autoit3/.
	2	Marshall Beddoe. The protocol informatics project. http://www4tphi.net/~awaiters/PI/PI.html, 2004.
	3	Gerald Combs. Wireshark. http://www.wireshark.org.
	4	Weidong Cui, Vern Paxson, and Nicholas Weaver. Protocol-Independent Adaptive Replay of Application Dialog. In NDSS, 2006.
	5	Robert B. Evans , Alberto Savoia, Differential testing: a new approach to change detection, Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering, September 03-07, 2007, Dubrovnik, Croatia  [doi>10.1145/1287624.1287707]
	6	Corrado Leita , Ken Mermoud , Marc Dacier, ScriptGen: an automated script generation tool for honeyd, Proceedings of the 21st Annual Computer Security Applications Conference, p.203-214, December 05-09, 2005  [doi>10.1109/CSAC.2005.49]
	7	J. W. Hunt and M. D. McIlroy. An algorithm for differential file comparison, 1976.
	8	IEInspector Software LLC. IEInspector HTTP Analyzer -- HTTP Sniffer, HTTP Monitor, HTTP Trace, HTTP Debug. http://www.ieinspector.com/httpanalyzer/, 2007.
	9	Marc Fisher II, Sebastian Elbaum, and Gregg Rothermel. Dynamic characterization of web application interfaces. FASE 2007, LNCS, 4422:260--275, 2007.
	10	Christian Kreibich , Jon Crowcroft, Efficient sequence alignment of network traffic, Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, October 25-27, 2006, Rio de Janeriro, Brazil  [doi>10.1145/1177080.1177121]
	11	Last Bit Software. RegSnap. http://www.lastbit.com/regsnap/.
	12	Stephen McCamant , Michael D. Ernst, Quantitative information flow as network flow capacity, Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation, June 07-13, 2008, Tucson, AZ, USA
	13	Barton P. Miller , Louis Fredriksen , Bryan So, An empirical study of the reliability of UNIX utilities, Communications of the ACM, v.33 n.12, p.32-44, Dec. 1990  [doi>10.1145/96267.96279]
	14	Burkhard Morgenstern, Andreas Dress, and Thomas Werner. Multiple DNA and protein sequence alignment based on segment-to-segment comparison. PNAS, 93(22):12098--12103, October 1996.
	15	Burkhard Morgenstern, Kornelie Frech, Andreas Dress, and Thomas Werner. Dialign: finding local similarities by multiple sequence alignment. Bioinformatics, 14(3):290--294, 1998.
	16	S.B. Needleman and C.D. Wunsch. A general method applicable to the search for similarities in the amino acid sequence of two proteins. Journal of Molecular Biology, 1970.
	17	NMMI. What is my machine Windows name? http://faq.nmmi.edu/fom- serve/cache/338.html, April 2005.
	18	Objective Development. Little Snitch. http://www.obdev.at/products/littlesnitch/.
	19	Ruoming Pang , Vinod Yegneswaran , Paul Barford , Vern Paxson , Larry Peterson, Characteristics of internet background radiation, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy  [doi>10.1145/1028788.1028794]
	20	Vern Paxson, Bro: a system for detecting network intruders in real-time, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.31 n.23-24, p.2435-2463, Dec. 1999  [doi>10.1016/S1389-1286(99)00112-7]
	21	T. Scott Saponas , Jonathan Lester , Carl Hartung , Sameer Agarwal , Tadayoshi Kohno, Devices that tell on you: privacy trends in consumer ubiquitous computing, Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, p.1-16, August 06-10, 2007, Boston, MA
	22	http://yro.slashdot.org/yro/07/12/29/2120202.shtml.
	23	http://yro.slashdot.org/yro/08/01/03/1630203.shtml.
	24	Stuart Cheshire and Marc Krochmal. Multicast DNS. http://files.multicastdns.org/draft-cheshire-dnsext-multicastdns.txt, 2006.
	25	The Canadian Internet Policy and Public Interest Clinic. Digital Rights Management and Consumer Privacy. http://www.cippic.ca, September 2007.
	26	VIP Defense: privacy and anonymity keeping company. VIP Privacy. http://www.vipdefense.com/.
	27	http://www.vmware.com/.
	28	WebSense. WebSense Content Protection Suite. http://www.websense.com/, 2008.
	29	Heng Yin , Dawn Song , Manuel Egele , Christopher Kruegel , Engin Kirda, Panorama: capturing system-wide information flow for malware detection and analysis, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA  [doi>10.1145/1315245.1315261]
	30	Aydan R. Yumerefendi, Benjamin Mickle, and Landon P. Cox. Tightlip: Keeping applications from spilling the beans. In NSDI, 2007.