From e69849591ceaddea7b2bb12215a65353efebcf4a Mon Sep 17 00:00:00 2001
From: Joel Purra <code+github@joelpurra.com>
Date: Sun, 19 Oct 2014 09:28:43 +0200
Subject: [PATCH] Create a new methodology chapter structure, based on examiner
 feedback, move details to appendix

---
 report/report.lyx | 6973 +++++++++++++++++++++++----------------------
 1 file changed, 3544 insertions(+), 3429 deletions(-)

diff --git a/report/report.lyx b/report/report.lyx
index 130951a..85dd066 100644
--- a/report/report.lyx
+++ b/report/report.lyx
@@ -655,6 +655,204 @@ Based on a list of domains, the front page of each domain is downloaded
  These aggregates are then compared between datasets.
 \end_layout
 
+\begin_layout Section
+High level overview
+\end_layout
+
+\begin_layout Standard
+\begin_inset Note Greyedout
+status open
+
+\begin_layout Plain Layout
+Previous expected results, methodology and software chapters trimmed down
+ into a more compact format; refer to appendix for software/script details.
+\end_layout
+
+\end_inset
+
+
+\end_layout
+
+\begin_layout Section
+Domain categories
+\end_layout
+
+\begin_layout Standard
+\begin_inset Note Greyedout
+status open
+
+\begin_layout Plain Layout
+Use of domain names and suffix lists.
+\end_layout
+
+\end_inset
+
+
+\end_layout
+
+\begin_layout Section
+Capturing domain blocking
+\end_layout
+
+\begin_layout Standard
+\begin_inset Note Greyedout
+status open
+
+\begin_layout Plain Layout
+Use of blocking lists.
+\end_layout
+
+\end_inset
+
+
+\end_layout
+
+\begin_layout Section
+Data collection
+\end_layout
+
+\begin_layout Standard
+\begin_inset Note Greyedout
+status open
+
+\begin_layout Plain Layout
+Variation of the old retrieving websites and resources chapter, including
+ parallelization.
+\end_layout
+
+\end_inset
+
+
+\end_layout
+
+\begin_layout Section
+Data analysis and validation
+\end_layout
+
+\begin_layout Standard
+\begin_inset Note Greyedout
+status open
+
+\begin_layout Plain Layout
+Variation of the old analyzing resources chapter.
+\end_layout
+
+\end_inset
+
+
+\end_layout
+
+\begin_layout Section
+High level summary of datasets
+\end_layout
+
+\begin_layout Standard
+\begin_inset Note Greyedout
+status open
+
+\begin_layout Plain Layout
+Write high level summary of datasets.
+\end_layout
+
+\end_inset
+
+
+\end_layout
+
+\begin_layout Section
+Limitations
+\end_layout
+
+\begin_layout Standard
+\begin_inset Note Greyedout
+status open
+
+\begin_layout Plain Layout
+Write about limitations.
+\end_layout
+
+\end_inset
+
+
+\end_layout
+
+\begin_layout Section
+Direction and scope
+\end_layout
+
+\begin_layout Standard
+Emphasis for the thesis will be on technical analysis, producing aggregate
+ numbers regarding domains and external resources.
+ Social aspects and privacy concerns are considered out of scope.
+\end_layout
+
+\begin_layout Standard
+The thesis will primarily be written from a Swedish perspective.
+ This is in part because .SE has access to the full list of Swedish .se domains,
+ and part because of their previous work with the 
+\emph on
+.SE Health Status
+\emph default
+ reports.
+ Focus is to analyze .se domains in the reports, as they have already been
+ deemed important and results can be incorporated in future reports.
+ The main non-technical grouping is also based on the same reports; government,
+ media, financial institutions and other nation-wide publicly relevant organizat
+ion groups.
+\end_layout
+
+\begin_layout Standard
+One assumption is that all external resources can act as trackers, even
+ for static (non-script) resources with no capabilities to dynamically survey
+ the user's browser, collecting data and tracking users across domains using
+ for example the 
+\begin_inset Flex Code
+status collapsed
+
+\begin_layout Plain Layout
+Referer
+\end_layout
+
+\end_inset
+
+ HTTP header 
+\begin_inset CommandInset citation
+LatexCommand cite
+key "Krishnamurthy:2006:CMC:1135777.1135829"
+
+\end_inset
+
+.
+ While there are lists of known trackers, used by browser privacy tools,
+ they are not 100% effective 
+\begin_inset CommandInset citation
+LatexCommand cite
+key "Malandrino:2013:PAI:2517840.2517868,Krishnamurthy:2006:CMC:1135777.1135829"
+
+\end_inset
+
+.
+ The lists will instead optionally be used to emphasize those external resources
+ as 
+\emph on
+confirmed
+\emph default
+ trackers.
+ While cookies used for tracking have been a concern for many, they are
+ not necessary in order to identify most users upon return, even uniquely
+ on a global level 
+\begin_inset CommandInset citation
+LatexCommand cite
+key "Eckersley2009unique"
+
+\end_inset
+
+.
+ Cookies will not be considered to be an indicator of tracking, as it can
+ be assumed that a combination of other server and client side techniques
+ can achieve the same goal as a tracking cookie.
+\end_layout
+
 \begin_layout Section
 Document style
 \end_layout
@@ -801,22 +999,16 @@ end{futurework}
 
 \end_layout
 
-\begin_layout Section
-Data sources
-\end_layout
-
-\begin_layout Subsection
-Domains
+\begin_layout Chapter
+Discussion and conclusions
 \end_layout
 
 \begin_layout Standard
-Statistics regarding each list of domains is presented in an appendix.
- 
 \begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-Generate domain list tables or tables in this chapter?
+Compare with expected results.
 \end_layout
 
 \end_inset
@@ -824,26 +1016,21 @@ Generate domain list tables or tables in this chapter?
 
 \end_layout
 
-\begin_layout Subsubsection
+\begin_layout Standard
+\begin_inset Note Greyedout
+status open
 
+\begin_layout Plain Layout
+Write about the 
 \emph on
-.SE Health Status
+Follow the Money: Understanding Economics of Online Aggregation and Advertising
 \emph default
- domains
+ report findings.
 \end_layout
 
-\begin_layout Standard
-When .SE performs their annual 
-\emph on
-.SE Health Status
-\emph default
- report measurements, they use an in-house curated list of domains of national
- interest.
- These domains are mostly from the .se zone and cover government, county,
- municipality, higher education, government-owned corporations, financial
- service, internet service provider (ISP), domain registrar, and media domains.
- Some domains overlap both within and between categories; domains have been
- deduplicated.
+\end_inset
+
+
 \end_layout
 
 \begin_layout Standard
@@ -851,7 +1038,11 @@ When .SE performs their annual
 status open
 
 \begin_layout Plain Layout
-Write a summary with examples from each dataset.
+Write about 
+\emph on
+Third-party Identity Management Usage on the Web
+\emph default
+ report findings.
 \end_layout
 
 \end_inset
@@ -859,79 +1050,104 @@ Write a summary with examples from each dataset.
 
 \end_layout
 
-\begin_layout Subsubsection
-Random .se domains
+\begin_layout Section
+
+\emph on
+.SE Health Status
+\emph default
+ comparison
+\begin_inset CommandInset label
+LatexCommand label
+name "sec:.SE-Health-Status-comparison"
+
+\end_inset
+
+
 \end_layout
 
 \begin_layout Standard
-The thesis was written in collaboration with .SE, which runs the .se TLD,
- and the work focusing on the state of Swedish domains.
- Early script development was done using a sample of 
-\begin_inset ERT
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-
-
-\backslash
-numprint{10000}
+Write about the 
+\emph on
+.SE Health Status
+\emph default
+ report findings.
 \end_layout
 
 \end_inset
 
- random domains, most often tested in groups of 
-\begin_inset ERT
-status open
 
-\begin_layout Plain Layout
+\end_layout
 
-
-\backslash
-numprint{100}
+\begin_layout Subsection
+Google Analytics
 \end_layout
 
+\begin_layout Standard
+One of the reasons this thesis subject was chosen was the inclusion of a
+ Google Analytics coverage analysis in previous reports.
+ The reports shows overall Google Analytics usage in the curated dataset
+ of 44% 2010, 58% in 2011 and 62% in 2012 
+\begin_inset CommandInset citation
+LatexCommand cite
+key "Lowinder:2010:healthstatus,Lowinder:2011:healthstatus,Lowinder:2012:healthstatus"
+
 \end_inset
 
 .
- A final sample of 
-\begin_inset ERT
-status open
-
-\begin_layout Plain Layout
+ Today, in 2014, usage in the category with the least coverage (financial
+ services) is 58% while most are above 70% 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:Top-domains"
 
+\end_inset
 
-\backslash
-numprint{100000}
-\end_layout
+.
+ The highest coverage category (government owned corporations) is even above
+ 90%.
+ Since Google Analytics can now be used from the DoubleClick domain as well,
+ looking only at the Google Analytics domain makes little sense - instead
+ it might make more sense to look at the organization Google as a whole.
+ The coverage jumps quite a bit, with most categories landing above 85%
+ 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:Top-organizations"
 
 \end_inset
 
- domains was also provided.
- The .se TLD is to be considered Sweden-centric.
-\end_layout
-
-\begin_layout Subsubsection
-Random .dk domains
+.
 \end_layout
 
 \begin_layout Standard
-The Danish .dk TLD organization, DK Hostmaster A/S
-\begin_inset Foot
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://www.dk-hostmaster.dk/"
+
+
+\backslash
+begin{futurework}
+\end_layout
 
 \end_inset
 
 
 \end_layout
 
-\end_inset
+\begin_layout Standard
+It is possible to extract the exact coverage for both Google Analytics and
+ DoubleClick from the current dataset.
+ Google Analytics already uses a domain of its own, and by writing a custom
+ question separating DoubleClick's ad and analytics resource URLs analytics
+ on that domain can be found as well.
+\end_layout
 
-, helped out with a sample of 
+\begin_layout Standard
 \begin_inset ERT
 status open
 
@@ -939,107 +1155,128 @@ status open
 
 
 \backslash
-numprint{10000}
+end{futurework}
 \end_layout
 
 \end_inset
 
- domains, chosen at random from the database of active domains in the zone.
- The .dk TLD is to be considered Denmark-centric.
+
 \end_layout
 
-\begin_layout Subsubsection
-Random .com, .net domains
+\begin_layout Subsection
+Reachability
 \end_layout
 
 \begin_layout Standard
-The maintainers of the .com, .net and .name TLDs, Verisign, allow downloading
- of the complete zone file under an agreement.
- The .com zone is the largest one by far, and the .net zone is in the top
- 4.
-\begin_inset Foot
-status open
+The random zone domain lists (.se, .dk, .com, .net) have download failures for
+ 22-28% of all domains when it comes to 
+\begin_inset Flex Code
+status collapsed
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://www.keepalert.com/top-extension-ranking-july-2014-newgtlds"
+http://
+\end_layout
 
 \end_inset
 
+ and 
+\begin_inset Flex Code
+status collapsed
 
+\begin_layout Plain Layout
+http://www.
 \end_layout
 
 \end_inset
 
- This allows for a random selection of sites from around the world, even
- though usage is not geographically uniform - both in terms of registrations
- and actual usage.
-\end_layout
+ variations, where www has fewer failures.
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sec:Failed-versus-non-failed"
 
-\begin_layout Subsubsection
-Alexa Top 
-\begin_inset ERT
+\end_inset
+
+ The HTTP result for .se is consistent with results from the 
+\emph on
+.SE Health Status
+\emph default
+ reports, according to Patrik Wallström, where they only download www variations.
+ 
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-
-
-\backslash
-numprint{1000000}
+Ask .SE about hard numbers?
 \end_layout
 
 \end_inset
 
-
-\begin_inset Foot
-status open
+ Curated 
+\emph on
+.SE Health Status
+\emph default
+ lists have fewer failures for both HTTP, generally below 10% for the 
+\begin_inset Flex Code
+status collapsed
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://alexa.com/"
+http://www.
+\end_layout
 
 \end_inset
 
-
-\end_layout
+ variation - perhaps explained by the thesis software and network setup
+ 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sec:Failed-domains"
 
 \end_inset
 
+.
+ Several prominent media sites with the same parent company respond as expected
+ when accessed with a normal desktop browser - but not automated requests,
+ suggesting that they detect and block some types of traffic.
+\end_layout
 
+\begin_layout Subsection
+HTTPS usage
 \end_layout
 
 \begin_layout Standard
-Alexa, owned by Amazon, is a well-known source of top sites
-\begin_inset Foot
-status open
-
-\begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://www.alexa.com/topsites"
+.SE have measured HTTPS coverage among curated health status domains since
+ at least 2007 
+\begin_inset CommandInset citation
+LatexCommand cite
+key "Lowinder:2008:healthstatus,Lowinder:2009:healthstatus,Lowinder:2010:healthstatus,Lowinder:2011:healthstatus,Lowinder:2012:healthstatus,Lowinder:2013:healthstatus"
 
 \end_inset
 
-
-\end_layout
+.
+ The reports are a bit unclear about some numbers as measurement methodology
+ and focus has shifted over the years, but the general results seem to line
+ up with the results in this thesis 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sec:Failed-versus-non-failed"
 
 \end_inset
 
- in the world.
- It is used in many research papers, and can be seen as the standard dataset.
+.
  
 \begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-List referenced research papers using it.
+Verify results when all datasets have been downloaded.
 \end_layout
 
 \end_inset
 
- Their daily 1-month average traffic rank top 
+
+\end_layout
+
+\begin_layout Standard
 \begin_inset ERT
 status open
 
@@ -1047,125 +1284,117 @@ status open
 
 
 \backslash
-numprint{1000000}
+tsvtable{se.health-status.https.tsv}{.SE Health Status HTTPS coverage 2008-2013}{}{f
+ixed, display columns/0/.style={string type, column type=l}, display columns/1/.st
+yle={string type, column type=i}, display columns/2/.style={string type,
+ column type=i}, display columns/3/.style={string type, column type=i}}
 \end_layout
 
 \end_inset
 
- list is freely available for download.
-\begin_inset Foot
-status open
-
-\begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://alexa.zendesk.com/hc/en-us/articles/200449834-Does-Alexa-have-a-list-of-its-top-ranked-websites-"
 
-\end_inset
+\end_layout
 
+\begin_layout Standard
+Measurements changed in 2009, so they might not be fully comparable.
+ No HTTPS measurements were performed in 2012.
+ 
+\begin_inset Note Greyedout
+status open
 
+\begin_layout Plain Layout
+Ask .SE about exact numbers?
 \end_layout
 
 \end_inset
 
- As Alexa distinguishes between a site and a domain, some domains with several
- popular sites are listed more than once.
- URL paths have been stripped and domains have been deduplicated before
- downloading.
+
 \end_layout
 
-\begin_layout Subsubsection
-Reach50
-\begin_inset Foot
+\begin_layout Standard
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://reach50.com/"
+Write a comparison with own results per category?
+\end_layout
 
 \end_inset
 
 
 \end_layout
 
+\begin_layout Standard
+24% of HTTPS sites redirect from HTTPS back to HTTP in 2013 - see also 
+\begin_inset CommandInset ref
+LatexCommand vref
+reference "sec:HTTP,-HTTPS-and-redirects"
+
 \end_inset
 
+.
+\end_layout
 
+\begin_layout Section
+Cat and Mouse: Content Delivery Tradeoffs in Web Access
 \end_layout
 
 \begin_layout Standard
-The top 50 sites in Sweden are presented by Webmie
-\begin_inset Foot
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://webmie.com/"
+Is this comparison relevant?
+\end_layout
 
 \end_inset
 
 
 \end_layout
 
-\end_inset
+\begin_layout Standard
+\begin_inset Note Greyedout
+status open
 
-, who base their list on data from a user panel.
- The panelists have installed an extension into their browser, tracking
- their browsing habits by automated means.
- They also have results grouped by panelists categories: women, men, age
- 16-34, 35-54, 55+ but only the unfiltered top list is publicly available.
+\begin_layout Plain Layout
+Describe the report.
 \end_layout
 
-\begin_layout Subsubsection
-Datasets in use
-\begin_inset CommandInset label
-LatexCommand label
-name "sub:Datasets-in-use"
-
 \end_inset
 
 
 \end_layout
 
 \begin_layout Standard
-These are the final domain lists in use, including full dataset size
-\begin_inset Foot
+The report looks the top 
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://www.iis.se/domaner/statistik/tillvaxt/?chart=active"
-
-\end_inset
 
 
+\backslash
+numprint{100}
 \end_layout
 
 \end_inset
 
-
-\begin_inset Foot
+ English language sites from 12 categories in Alexa's top list, plus another
+ 
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://stats.dk-hostmaster.dk/domains/total_domains/"
-
-\end_inset
 
 
+\backslash
+numprint{100}
 \end_layout
 
 \end_inset
 
- and selection method.
-\end_layout
-
-\begin_layout Standard
+ sites from a political list.
+ These sites come from 
 \begin_inset ERT
 status open
 
@@ -1173,32 +1402,15 @@ status open
 
 
 \backslash
-tsvtable{domains.datasets.tsv}{Datasets in use}{}{display columns/0/.style={string
- type, column type=l}, display columns/1/.style={string type, column type=l},
- display columns/3/.style={string type, column type=l}}
-\end_layout
-
-\end_inset
-
-
+numprint{1116}
 \end_layout
 
-\begin_layout Subsubsection
-TLD distribution
-\begin_inset CommandInset label
-LatexCommand label
-name "sub:TLD-distribution"
-
 \end_inset
 
-
-\end_layout
-
-\begin_layout Standard
-These are the top TLDs in the list of unique domains.
-\end_layout
-
-\begin_layout Standard
+ domains.
+ They used a local proxy server to gather URLs, which means that HTTPS requests
+ were lost.
+ A total of 
 \begin_inset ERT
 status open
 
@@ -1206,42 +1418,25 @@ status open
 
 
 \backslash
-tsvtable{domains.tlds.tsv}{TLDs in dataset in use}{}{display columns/2/.style={stri
-ng type, column type=l},}
+numprint{1113}
 \end_layout
 
 \end_inset
 
+ pages were downloaded from that set, plus 
+\begin_inset ERT
+status open
 
-\end_layout
-
-\begin_layout Subsection
-External datasets
-\end_layout
-
-\begin_layout Subsubsection
-Disconnect's blocking list
-\begin_inset CommandInset label
-LatexCommand label
-name "sub:Disconnect's-blocking-list"
-
-\end_inset
+\begin_layout Plain Layout
 
 
+\backslash
+numprint{457}
 \end_layout
 
-\begin_layout Standard
-One of the most popular privacy tools is Disconnect, which blocks tracking
- sites by running as a browser plugin.
- Disconnect was started by ex-Google engineers, and still seems to have
- close ties to Google as the own domain disconnect.me is listed as a Google
- content domain in the blocking list.
-\end_layout
+\end_inset
 
-\begin_layout Standard
-The Disconnect software lets users block/unblock loading resources from
- specific third-party domains.
- A list of 
+ pages from Alexa's top 
 \begin_inset ERT
 status open
 
@@ -1249,13 +1444,13 @@ status open
 
 
 \backslash
-numprint{2149}
+numprint{500}
 \end_layout
 
 \end_inset
 
- domains is used as the basis from the blocking.
- Each entry belongs to one of 
+ in a secondary list.
+ The overlap was 
 \begin_inset ERT
 status open
 
@@ -1263,25 +1458,20 @@ status open
 
 
 \backslash
-numprint{980}
+numprint{180}
 \end_layout
 
 \end_inset
 
- organizations, which come with a link to their webpage.
- There is also a grouping into categories, here shown with some examples.
- Worth noting is that the content category is not blocked by default.
+ pages.
 \end_layout
 
 \begin_layout Standard
-\begin_inset ERT
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-
-
-\backslash
-begin{futurework}
+Fill in numbers.
 \end_layout
 
 \end_inset
@@ -1290,18 +1480,16 @@ begin{futurework}
 \end_layout
 
 \begin_layout Standard
-There are other open source alternatives to Disconnect's blocking list,
- but they use data formats that are not as easy to parse.
- The most popular ones also do not contain information about which organization
- each blocking rule belongs to.
- See 
-\begin_inset CommandInset ref
-LatexCommand vref
-reference "sec:Ad-and-privacy-blocking-lists"
+\begin_inset Note Greyedout
+status open
+
+\begin_layout Plain Layout
+Does a new dataset need to be downloaded?
+\end_layout
 
 \end_inset
 
-.
+
 \end_layout
 
 \begin_layout Standard
@@ -1312,7 +1500,12 @@ status open
 
 
 \backslash
-end{futurework}
+tsvtable{krishnamurthy-2006-cmc-1135777.1135829_ad_coverage.tsv}{Ad coverage}{}{fi
+xed, display columns/0/.style={string type, column type=l}, display columns/1/.sty
+le={string type, column type=i}, display columns/2/.style={string type, column
+ type=i}, display columns/3/.style={string type, column type=i}, display
+ columns/4/.style={string type, column type={|i}}, display columns/5/.style={strin
+g type, column type=i}, display columns/6/.style={string type, column type=i}}
 \end_layout
 
 \end_inset
@@ -1320,11 +1513,11 @@ end{futurework}
 
 \end_layout
 
-\begin_layout Paragraph
-Categories
+\begin_layout Section
+Trackers which deliver content
 \begin_inset CommandInset label
 LatexCommand label
-name "sub:Disconnect-Categories"
+name "sec:Trackers-which-deliver-content"
 
 \end_inset
 
@@ -1332,128 +1525,152 @@ name "sub:Disconnect-Categories"
 \end_layout
 
 \begin_layout Standard
-Summary of Disconnect's categories.
- Most domains and organizations by far are in the advertisement category.
- The reason the Disconnect category has so few organizations, is that it
- is treated as a special category 
+In Disconnect's blocking list, there's a category called content 
 \begin_inset CommandInset ref
 LatexCommand eqref
-reference "sub:Disconnect-category"
+reference "sub:Disconnect-Content"
 
 \end_inset
 
- with only Google, Facebook and Twitter.
+.
+ While all other categories are blocked by default, this one is not as it
+ represents external resources deemed 
+\emph on
+desirable
+\emph default
+ to Disconnect's users.
+ So while they are known tracker domains, they are allowed to pass 
+\begin_inset Quotes eld
+\end_inset
+
+by popular demand.
+\begin_inset Quotes erd
+\end_inset
+
+ This brings an advantage to companies that can deliver content, as they
+ can just as well use content usage data as pure web bug/tracker usage data
+ when analyzing patterns.
 \end_layout
 
 \begin_layout Standard
-\begin_inset ERT
+Google has several popular embeddable services in the content category,
+ including Google Maps
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://developers.google.com/maps/documentation/embed/"
+
+\end_inset
 
 
-\backslash
-tsvtable{disconnect.categories.tsv}{Disconnect's categories (2014-09-08)}{}{displa
-y columns/0/.style={string type, column type=l},}
 \end_layout
 
 \end_inset
 
+, Google Translate
+\begin_inset Foot
+status open
 
-\end_layout
-
-\begin_layout Paragraph
-Domains per organization
-\begin_inset CommandInset label
-LatexCommand label
-name "sub:Disconnect-Domains-per-organization"
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://translate.google.com/manager/website/"
 
 \end_inset
 
 
 \end_layout
 
-\begin_layout Standard
-Many organizations have more than one domain.
- One organization stands out, with 
-\begin_inset ERT
+\end_inset
+
+ and least but not least YouTube
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://developers.google.com/youtube/player_parameters"
+
+\end_inset
 
 
-\backslash
-numprint{271}
 \end_layout
 
 \end_inset
 
- domains - Google.
- The biggest reason is that they own top level domains such as google.se
- and google.ch from over 200 TLDs.
- Yahoo comes in second with 
-\begin_inset ERT
+.
+ Lesser known examples include Recaptcha
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://developers.google.com/recaptcha/"
+
+\end_inset
 
 
-\backslash
-numprint{71}
 \end_layout
 
 \end_inset
 
- domains, many of which are service-specific subdomains to yahoo.com, such
- as finance.yahoo.com and travel.yahoo.com.
-\end_layout
-
-\begin_layout Standard
-\begin_inset ERT
+ which is an embeddable service to block/disallow web crawlers/bots access
+ to web page features.
+ Those are visible examples, which users interact with.
+ Google Fonts
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://www.google.com/fonts"
+
+\end_inset
 
 
-\backslash
-tsvtable{disconnect.domains-per-organization.tsv}{Domains per organization
- (2014-09-08)}{}{}
 \end_layout
 
 \end_inset
 
+ which serves modern web fonts for easy embedding, is still visible but
+ not branded.
+ Google Hosted Libraries
+\begin_inset Foot
+status open
 
-\end_layout
-
-\begin_layout Paragraph
-Organizations in more than one category
-\begin_inset CommandInset label
-LatexCommand label
-name "sub:Disconnect-Organizations-in-more-than-one-category"
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://developers.google.com/speed/libraries/"
 
 \end_inset
 
 
 \end_layout
 
-\begin_layout Standard
-Some organizations are represented in more than one of the five Disconnect
- categories.
- Yahoo has several ad services, several social services, several content
- services and a single analytics service, putting them in four categories.
+\end_inset
+
+ which serves popular javascript libraries from Google's extensive CDN network
+ instead of the local server for site speed/performance gains are not visible
+ as components, but they cannot be removed without affecting functionality.
+ Especially the two latter, served from the googleapis.com domain, are prevalent
+ in several of the datasets - and they are usually loaded on every single
+ page on a web site, and thus gain full (but passive, as opposed to for
+ example Google Analytics) insight on users' click paths and web history.
 \end_layout
 
 \begin_layout Standard
-\begin_inset ERT
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-
-
-\backslash
-tsvtable{disconnect.organizations-in-more-than-one-category.tsv}{Organizations
- in more than one category (2014-09-08)}{}{display columns/0/.style={string
- type, column type=l},}
+Extract a data table with popular content domains.
 \end_layout
 
 \end_inset
@@ -1461,8 +1678,12 @@ tsvtable{disconnect.organizations-in-more-than-one-category.tsv}{Organizations
 
 \end_layout
 
-\begin_layout Paragraph
-Advertising
+\begin_layout Section
+Other notable results
+\end_layout
+
+\begin_layout Standard
+Some results differ from my own assumptions.
 \end_layout
 
 \begin_layout Standard
@@ -1470,7 +1691,7 @@ Advertising
 status open
 
 \begin_layout Plain Layout
-Add technorati.com, wpp.com?
+Write more about notable results.
 \end_layout
 
 \end_inset
@@ -1478,61 +1699,61 @@ Add technorati.com, wpp.com?
 
 \end_layout
 
-\begin_layout Description
-overture.com Yahoo's ad network.
-\end_layout
-
-\begin_layout Description
-omniture.com Adobe's ad network.
-\end_layout
-
-\begin_layout Description
-amazon-adsystem.com Amazon's ad delivery network.
-\end_layout
-
-\begin_layout Paragraph
-Analytics
-\end_layout
-
-\begin_layout Description
-alexa.com Amazon's web statistics service, considered an authority in web
- measurement.
-\end_layout
-
-\begin_layout Description
-comscore.com Analytics service that also publishes statistics.
+\begin_layout Section
+Automated, scalable data collection and repeatable analysis
 \end_layout
 
-\begin_layout Description
-gaug.es GitHub's analytics service.
+\begin_layout Standard
+One of the prerequisites for the type of analysis performed in this thesis
+ was that all collection should be automated, repeatable and be able to
+ handle tens of thousands of domains at a time.
+ This goal has been achieved, and a specialized framework for analyzing
+ web pages's HTTP requests has been built.
+ While most of the code has been tailored to answer questions posed in this
+ thesis, it is also built to be extendable, both in and between all data
+ processing steps.
+ More data can be included, additional datasets can be mixed in, separate
+ questions can be written to query data from any stage in the data preparation
+ or analysis.
+ Tools have been written to easily download and compare separate lists of
+ domains, and by default data is kept in its original downloaded form so
+ that historical analysis can be performed.
 \end_layout
 
-\begin_layout Description
-coremetrics.com Part of IBM's enterprise marketing services.
-\end_layout
+\begin_layout Standard
+It might be hard to convince other researchers to use code, as it might
+ not fulfill all of their wishes at once on top of any 
+\begin_inset Quotes eld
+\end_inset
 
-\begin_layout Description
-newrelic.com A suite of systems monitoring and analytics software, up to
- and including browsers.
-\end_layout
+not invented here
+\begin_inset Quotes erd
+\end_inset
 
-\begin_layout Description
-nielsen.com Consumer studies.
+ mentality.
+ Fortunately, the code is easy to run, and with proper documentation other
+ groups should be able to at least test simple theories regarding web sites.
+ Some of the lists of domains used as input are publicly available, and
+ thus results can also be shared.
+ This should encourage other groups, as looking at example data might spark
+ interest.
 \end_layout
 
-\begin_layout Description
-statcounter.com Web statistics tool.
+\begin_layout Section
+Contributions to other open source projects
 \end_layout
 
-\begin_layout Description
-webtrends.com Digital marketing analytics and optimization across channels.
+\begin_layout Standard
+During the development of code for this thesis, other projects have been
+ utilized.
+ In good open source manners, those projects should be improved when possible.
 \end_layout
 
-\begin_layout Paragraph
-Content
+\begin_layout Subsection
+The HAR specification
 \begin_inset CommandInset label
 LatexCommand label
-name "sub:Disconnect-Content"
+name "sub:The-HAR-specification"
 
 \end_inset
 
@@ -1540,163 +1761,207 @@ name "sub:Disconnect-Content"
 \end_layout
 
 \begin_layout Standard
-Sites that deliver content.
- There is a wide variety of content, from images and videos to A/B testing,
- comment and help desk services.
- This category is not blocked by default.
+After looking at further processing of the data, some improvements might
+ be suggested.
 \end_layout
 
-\begin_layout Description
-apis.google.com One of Google's API domains.
- 
-\begin_inset Note Greyedout
-status open
+\begin_layout Standard
+One such suggestion might be to add an absolute/resolved version of 
+\begin_inset Flex Code
+status collapsed
 
 \begin_layout Plain Layout
-Look at which services are hosted.
+response.redirectURL
 \end_layout
 
 \end_inset
 
+, as specification 1.2 seems to be unclear wether or not it should be kept
+ as-is from the HTTP 
+\begin_inset Flex Code
+status collapsed
 
+\begin_layout Plain Layout
+Location
 \end_layout
 
-\begin_layout Description
-brightcove.com Video hosting/monetization service.
-\end_layout
+\end_inset
 
-\begin_layout Description
-disqus.com A third party comment service.
-\end_layout
+ header or browser's 
+\begin_inset Flex Code
+status collapsed
 
-\begin_layout Description
-flickr.com Flickr is a photo/video hosting site, owned by Yahoo.
+\begin_layout Plain Layout
+redirectURL
 \end_layout
 
-\begin_layout Description
-googleapis.com One of Google's API domains, hosting third-party files/services
- such as Google Fonts and Google Hosted Libraries.
-\end_layout
+\end_inset
 
-\begin_layout Description
-instagram.com Facebook's photo/video sharing site.
-\end_layout
+ values - both of which possibly is relative.
+ As subsequent HTTP requests are hard to refer to without relying either
+ on exact request ordering (the executed redirect always coming exactly
+ as the next entry) or at least having the URL resolved (preferably by the
+ browser) before writing it to the HAR data.
+ Current efforts in 
+\begin_inset Flex Code
+status collapsed
 
-\begin_layout Description
-office.com Microsoft's Office suite online.
+\begin_layout Plain Layout
+netsniff.js
 \end_layout
 
-\begin_layout Description
-optimizely.com An A/B testing service.
-\end_layout
+\end_inset
 
-\begin_layout Description
-truste.com Provides certification and tools for privacy policies in order
- to gain users' trust; “enabling businesses to safely collect and use customer
- data across web, mobile, cloud and advertising channels.” This includes
- ways to selectively opt-out from cookies features; required, functional
- or advertising.
-\end_layout
+ 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:get/netsniff.js"
 
-\begin_layout Description
-tumblr.com A popular blogging platform.
-\end_layout
+\end_inset
 
-\begin_layout Description
-uservoice.com A customer support service.
+ to resolve relative URLs using a separate javascript library have proven
+ inexact when it comes to matching against the browser's executed URL, differing
+ for example in wether trailing slashes are kept for domain root requests
+ or not.
+ What would be even better, is a way to refer to the reason for the HTTP
+ request, be it an HTML tag, a script call or a HTTP redirect - but that
+ could to be highly implementation dependent per browser.
 \end_layout
 
-\begin_layout Description
-vimeo.com A video site.
+\begin_layout Subsection
+phantomjs
 \end_layout
 
-\begin_layout Description
-www.google.com Google's main domain, which also hosts services such as search.
- 
-\begin_inset Note Greyedout
-status open
+\begin_layout Standard
+While 
+\begin_inset Flex Code
+status collapsed
 
 \begin_layout Plain Layout
-Look at which services are hosted.
+netsniff.js
 \end_layout
 
 \end_inset
 
-
-\end_layout
-
-\begin_layout Description
-youtube.com One of Google's video sites.
-\end_layout
-
-\begin_layout Paragraph
-Disconnect
-\begin_inset CommandInset label
-LatexCommand label
-name "sub:Disconnect-category"
+ 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:get/netsniff.js"
 
 \end_inset
 
-
+ from the phantomjs example library has been improved in several ways, patches
+ have not yet been submitted.
+ Since it is only an example from their side, a more developed version might
+ no longer serve the same purpose - educating new users on the possibilities
+ of phantomjs.
+ An attempt to break the code down and separate pure bug fixes from other
+ improvements might help.
+ The version written for this thesis is released under the same license
+ as the original, so reuse should not be a problem for those interested.
 \end_layout
 
-\begin_layout Standard
-A special category for non-content resources from Facebook, Google and Twitter.
- It seems to initially have been designed to block their respective like/+1/twee
-t buttons which seem to belong in the social category.
- As the category now contains many other known tracking domains from the
- same organizations, unblocking the social buttons also lets many other
- types of resources trough.
+\begin_layout Subsection
+jq
 \end_layout
 
 \begin_layout Standard
-It is worth noting that this category includes google-analytics.com plus
- Google ad networks such as adwords.google.com, doubleclick.net and admob.com.
- It might have been more appropriate to have them in the analytics and advertise
-ment categories respectively.
+Using jq as the main program for data transformation and aggregation has
+ given me a fair amount of knowledge of real world usage of the jq domain-specif
+ic language (DSL).
+ Bugs and inconsistencies have been reported, and input regarding for example
+ code sharing through a package management system and (semantic) versioning
+ has been given.
+ Some of the reusable jq code and helper scripts written for the thesis
+ has been packaged for easy reuse, and more is on the way.
 \end_layout
 
-\begin_layout Paragraph
-Social
+\begin_layout Subsection
+Disconnect
 \end_layout
 
 \begin_layout Standard
-Site with an emphasis on social aspects.
- They often have buttons to vote for, recommend or share with others.
+Disconnect relies heavily on their blocking list 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:Disconnect's-blocking-list"
+
+\end_inset
+
+, as it is the base for both the service of blocking external resources
+ and presenting statistics to the user.
+ While preparing 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:classification/disconnect/prepare-service-list.sh"
+
+\end_inset
+
+ and analyzing 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:classification/disconnect/analysis.sh"
+
+\end_inset
+
+ the blocking list, a number of errors and inconsistencies were found.
+ Unfortunately, the maintainers do not seem very active in the project,
+ and even trivial data encoding errors were not patched over a month after
+ submission.
+ According to Disconnect's Eason Goodale in an email conversation 2014-08-13,
+ the team has been concentrating on a second version of Disconnect as well
+ as other projects.
+ While patches can be submitted through Disconnect's Github project pages,
+ Goodale's reply seems to indicate they will not be accepted in a timely
+ fashion and perhaps irrelevant by the time the next generation is released
+ to the public.
 \end_layout
 
-\begin_layout Description
-addthis.com A link sharing service aggregator.
+\begin_layout Subsection
+Public Suffix
 \end_layout
 
-\begin_layout Description
-digg.com News aggregator.
+\begin_layout Standard
+A tool that parses the public suffix list from its original format to a
+ JSON lookup object format has been written.
+ Using that tool an inconsistency in the data was detected - the TLD .engineering
+ being included twice instead of .engineer and .engineering separately.
+ This had already been detected and reported by others, but it can be used
+ to detect future inconsistencies in an automated manner.
 \end_layout
 
-\begin_layout Description
-linkedin.com Professional social network.
+\begin_layout Chapter
+Related work
 \end_layout
 
-\begin_layout Description
-reddit.com Social new and link sharing, and discussion.
+\begin_layout Section
+At .SE
 \end_layout
 
-\begin_layout Subsubsection
-Public suffix list
-\begin_inset CommandInset label
-LatexCommand label
-name "sub:Public-suffix-list"
+\begin_layout Standard
+Part of .SE's work includes researching internet and technology, with a focus
+ on Sweden - for example, 
+\emph on
+Swedes and the internet
+\emph default
+ and broadband and cell phone bandwidth speed tests 
+\begin_inset Note Greyedout
+status open
 
-\end_inset
+\begin_layout Plain Layout
+Insert names of reports.
+\end_layout
 
+\end_inset
 
+ to the public, both in Swedish
 \begin_inset Foot
 status open
 
 \begin_layout Plain Layout
 \begin_inset CommandInset href
 LatexCommand href
-target "https://publicsuffix.org/"
+target "https://www.iis.se/lar-dig-mer/rapporter/"
 
 \end_inset
 
@@ -1705,70 +1970,48 @@ target "https://publicsuffix.org/"
 
 \end_inset
 
-
+ and English
 \begin_inset Foot
 status open
 
 \begin_layout Plain Layout
 \begin_inset CommandInset href
 LatexCommand href
-target "https://en.wikipedia.org/wiki/Public_Suffix_List"
-
-\end_inset
-
-
-\end_layout
+target "https://www.iis.se/english/reports/"
 
 \end_inset
 
 
 \end_layout
 
-\begin_layout Standard
-In the domain name system, it is not always obvious what parts of a domain
- name are a public suffix and which are open for registration by Internet
- users.
- The main example is 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-example.co.uk
-\end_layout
-
 \end_inset
 
-, where the public suffix 
-\begin_inset Flex Code
-status collapsed
+.
+ Information and statistics are also published on a separate portal, in
+ collaboration with other organizations.
+\begin_inset Foot
+status open
 
 \begin_layout Plain Layout
-co.uk
-\end_layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://www.iis.se/vad-vi-gor/internetstatistik/"
 
 \end_inset
 
- is to different from the TLD 
-\begin_inset Flex Code
-status collapsed
 
-\begin_layout Plain Layout
-uk
 \end_layout
 
 \end_inset
 
-.
- Because HTTP cookies are based on domains names, it is important to browser
- vendors to be able to recognize which parts are public suffixes to be able
- to protect users against supercookies
+ .SE's Internet Fund
 \begin_inset Foot
 status open
 
 \begin_layout Plain Layout
 \begin_inset CommandInset href
 LatexCommand href
-target "https://en.wikipedia.org/wiki/HTTP_cookie#Supercookie"
+target "http://www.internetfonden.se/"
 
 \end_inset
 
@@ -1777,85 +2020,60 @@ target "https://en.wikipedia.org/wiki/HTTP_cookie#Supercookie"
 
 \end_inset
 
-; cookies which are scoped to a public suffix, and therefore readable across
- all web sites under that public suffix.
- The same dataset is also useful for grouping domains without improperly
- counting 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-example.co.uk
-\end_layout
+ has also funded work on discussing and defining online privacy, aimed at
+ those working with or developing systems that handle personal data, often
+ with some kind of internet connection 
+\begin_inset CommandInset citation
+LatexCommand cite
+key "Bylund:2013:978-91-87379-12-3:integritet"
 
 \end_inset
 
- as a 
-\emph on
-user-owned subdomain
-\emph default
- of 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-co.uk
+.
 \end_layout
 
-\end_inset
+\begin_layout Subsection
 
-, which would then render 
-\begin_inset Flex Code
-status collapsed
+\emph on
+.SE Health Status
+\emph default
 
-\begin_layout Plain Layout
-co.uk
-\end_layout
+\begin_inset CommandInset label
+LatexCommand label
+name "sub:.SE-Health-Status"
 
 \end_inset
 
- as the most popular domain under the 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-uk
-\end_layout
-
-\end_inset
 
- TLD.
 \end_layout
 
 \begin_layout Standard
-Swedish examples include second level domains 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-pp.se
-\end_layout
-
-\end_inset
-
- for privately owned domains and 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-tm.se
-\end_layout
+While .SE themselves have written reports analyzing the technical state of
+ services connected to .se domains, 
+\emph on
+.SE Health Status
+\emph default
+ 
+\begin_inset CommandInset citation
+LatexCommand cite
+key "Lowinder:2008:healthstatus,Lowinder:2009:healthstatus,Lowinder:2010:healthstatus,Lowinder:2011:healthstatus,Lowinder:2012:healthstatus,Lowinder:2013:healthstatus"
 
 \end_inset
 
- for trademarks
+, the focus has not been on exploring the web services connected to these
+ domains.
+ The research is focused on statistics about usage and security in DNS,
+ IP, web and e-mail; the target audience is IT strategists, executives and
+ directors.
+ Data for the reports is analyzed and summarized by Anne-Marie Eklund Löwinder,
+ a world-renown DNS and security expert
 \begin_inset Foot
 status open
 
 \begin_layout Plain Layout
 \begin_inset CommandInset href
 LatexCommand href
-target "https://www.iis.se/data/barred_domains_list.txt"
+target "https://www.iis.se/bloggare/anne-marie/"
 
 \end_inset
 
@@ -1864,15 +2082,16 @@ target "https://www.iis.se/data/barred_domains_list.txt"
 
 \end_inset
 
-.
- These second level domains were more important before April 2003
+, while the technical aspects and tools are under the supervision of Patrik
+ Wallström, a well known DNSSEC expert and free and open source software
+ advocate
 \begin_inset Foot
 status open
 
 \begin_layout Plain Layout
 \begin_inset CommandInset href
 LatexCommand href
-target "https://en.wikipedia.org/wiki/.se#Pre_2003_system"
+target "https://www.iis.se/bloggare/pawal/"
 
 \end_inset
 
@@ -1881,25 +2100,38 @@ target "https://en.wikipedia.org/wiki/.se#Pre_2003_system"
 
 \end_inset
 
-, when first level domain registration rules restricted registration to
- nation-wide companies, associations and authorities.
+.
 \end_layout
 
 \begin_layout Standard
-The public suffix list (2014-07-24) contains 6278 rules, against which domains
- are checked in one of the classification steps 
+The thesis subject has been selected to be in line with the .SE reports,
+ but focusing on web issues; code may be reused and results may be included
+ in future reports.
+ The 
+\emph on
+.SE Health Status
+\emph default
+ reports do offer some groundwork in terms of selecting and grouping Swedish
+ domains, HTTPS usage and Google Analytics coverage 
+\begin_inset CommandInset citation
+LatexCommand cite
+key "Lowinder:2010:healthstatus,Lowinder:2011:healthstatus,Lowinder:2012:healthstatus"
+
+\end_inset
+
+ 
 \begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:classification/effective-tld/add.sh"
+LatexCommand ref
+reference "sec:.SE-Health-Status-comparison"
 
 \end_inset
 
 .
- It becomes the basis for the domain's division into public suffix and primary
- domain (first non-public suffix match), and subsequent grouping.
-\end_layout
-
-\begin_layout Standard
+ The report
+\emph on
+ 
+\emph default
+is based on data collected from around 
 \begin_inset ERT
 status open
 
@@ -1907,51 +2139,49 @@ status open
 
 
 \backslash
-begin{futurework}
+numprint{900}
 \end_layout
 
 \end_inset
 
-
+ .se domain names deemed of importance to the Swedish society as a whole,
+ as well as random selection of 1% of the registered .se domain names.
 \end_layout
 
-\begin_layout Standard
-There is also an algorithm for wildcard rules which can have exceptions;
- this thesis has not implemented wildcards and exceptions in the classification
- step.
- There are 24 TLDs with wildcard public suffixes, and 8 non-TLD wildcards.
- Out of these 8 non-TLD wildcards, 1 is *.sch.uk and 7 are Japanese geographic
- areas.
- The 24 wildcards have 10 exception rules; 7 of them are Japanese cities
- grouped by the previously mentioned geographic areas and the remaining
- 3 seem to belong to ccTLD owner organizations.
+\begin_layout Subsection
+.SE Domain Check
 \end_layout
 
 \begin_layout Standard
-\begin_inset ERT
+In order to facilitate repeatable and improvable analysis, tools will be
+ developed to perform the collection and aggregation steps automatically.
+ .SE already has a set of tools that run monthly; integration and interoperabilit
+y will smooth the process and continuous usage.
+ There is also a public .SE tool to allow web site owners to test their own
+ sites, 
+\emph on
+Domain Check
+\emph default
+ 
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-
-
-\backslash
-end{futurework}
+Add link to Domain Check.
 \end_layout
 
 \end_inset
 
-
+, which might benefit from some of the code developed within the scope of
+ this thesis.
 \end_layout
 
 \begin_layout Standard
-\begin_inset ERT
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-
-
-\backslash
-begin{futurework}
+Write about .SE's abuse work?
 \end_layout
 
 \end_inset
@@ -1959,303 +2189,270 @@ begin{futurework}
 
 \end_layout
 
-\begin_layout Standard
-Apart from ICANN domains, which have been implemented, there are also private
- domains considered public suffixes listed as rules.
- They are domains which have subdomains controlled by users/customers, for
- example joelpurra.github.io which is controlled by me but hosted by the code
- hosting service github.com.
- Other examples include cloud hosting/CDN services such as cloudfront.net,
- amazonaws.com, azurewebsites.net, fastly.net, herokuapp.com, blogs from several
- blogspot.TLD domains and dyndns.com's wide choice of dynamic domains.
- One example that looks like a technical choice in order to hinder accidental
- or malicious setting of cookies is googleapis.com, which is listed despite
- being (presumably) completely under Google's control.
+\begin_layout Section
+Other research
 \end_layout
 
 \begin_layout Standard
-\begin_inset ERT
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
+Write about the results of the research, not that there is research.
+\end_layout
+
+\end_inset
 
 
-\backslash
-end{futurework}
 \end_layout
 
+\begin_layout Standard
+Some research has been done surrounding ad networks, trackers and their
+ spread on globally popular sites, as well as what kind of private data
+ users can expect to more or less inadvertently share in the course of normal
+ internet usage.
+ Those papers show both some of the problems and solutions in trying to
+ analyze external resources.
+ The Association for Computing (ACM)
+\begin_inset Foot
+status open
+
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://acm.org/"
+
 \end_inset
 
 
 \end_layout
 
-\begin_layout Section
-Retrieving websites and resources
-\end_layout
+\end_inset
 
-\begin_layout Standard
-Web sites based on lists of domains were downloaded using har-heedless,
- see 
-\begin_inset CommandInset ref
-LatexCommand vref
-reference "sub:har-heedless"
+ group SIGCOMM
+\begin_inset Foot
+status open
+
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://sigcomm.org/"
 
 \end_inset
 
-.
+
 \end_layout
 
-\begin_layout Subsection
-Computer machines
-\begin_inset CommandInset label
-LatexCommand label
-name "sec:Computer-machines"
+\end_inset
+
+ has a yearly Internet Measurement Conference (IMC)
+\begin_inset Foot
+status open
+
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://sigcomm.org/events/imc-conference"
 
 \end_inset
 
 
 \end_layout
 
-\begin_layout Standard
-Two computers were used to download web pages - one laptop machine and one
- server machine.
- The server is significantly more powerful than the laptop, and they downloaded
- a different number of web pages at a time.
-\end_layout
+\end_inset
 
-\begin_layout Standard
-\begin_inset ERT
+, where some papers of interest have been presented.
+ The Passive and Active Measurements (PAM) Conference
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://pam2014.cs.unm.edu/"
+
+\end_inset
 
 
-\backslash
-tsvtable{computer-machines.tsv}{Machine specifications}{}{display columns/0/.style
-={string type, column type=l}, display columns/1/.style={string type, column
- type=l}, display columns/2/.style={string type, column type=l}, }
 \end_layout
 
 \end_inset
 
+ might also have interesting papers, as well as for example ACM's archives.
+ As for individuals, one of the most connected researchers in this field
+ is Balachander Krishnamurthy
+\begin_inset Foot
+status open
 
-\end_layout
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://www2.research.att.com/~bala/papers/"
 
-\begin_layout Subsection
-Network connection
-\end_layout
+\end_inset
 
-\begin_layout Standard
-The laptop machine was connected by ethernet to the .SE office network, which
- is shared with employees' computers.
- The server machine was connected to server co-location network, which is
- shared with other servers.
- The .SE network technicians said load was kept very low, and only a few
- percent of the dedicated 100 Mbps per location was used.
- Both locations are in Stockholm city, and should therefore be well placed
- in regard to web sites hosted in Sweden.
-\end_layout
 
-\begin_layout Subsection
-Software considerations
 \end_layout
 
-\begin_layout Standard
-To expedite an automated and repeatable process, a custom set of scripts
- were written as the project har-heedless.
- The scripts are written using standard tools, available as open source
- and on multiple platforms.
-\end_layout
+\end_inset
 
-\begin_layout Subsubsection
-Dynamic web pages
+, who has worked with several groups looking at privacy in both online social
+ networks (OSNs) and general websites.
 \end_layout
 
 \begin_layout Standard
-Previous efforts to download and analyze web pages by .SE used a static approach,
- analyzing the HTML by means of simple searches for 
-\begin_inset Flex Code
-status collapsed
+Media have made reports regarding mass surveillance, especially by the United
+ States intelligence agency National Security Agency (NSA)
+\begin_inset Foot
+status open
 
 \begin_layout Plain Layout
-http://
-\end_layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://www.nsa.gov/"
 
 \end_inset
 
- and 
-\begin_inset Flex Code
-status collapsed
 
-\begin_layout Plain Layout
-https://
 \end_layout
 
 \end_inset
 
- strings in HTML and CSS.
- It had proven hard to maintain, and the software project was abandoned
- before the thesis was started, but had not yet been replaced.
- In order to better handle the dynamic nature of modern web pages, the headless
- browser phantomjs 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:phantomjs"
-
-\end_inset
-
- was chosen, as it would also download and execute javascript - a major
- component in both user interfaces as well as active trackers and ads.
+, but so far few papers seem to have been written.
+ There are also reports on what data private companies are collecting, in
+ part by their online efforts, and how they are packaging it for resale.
+ While media reports are not academic papers, they provide an up to date
+ source of information needed in explaining parts of the thesis subject.
 \end_layout
 
-\begin_layout Subsubsection
-Cached content
+\begin_layout Subsection
+Cookie syncing
 \end_layout
 
 \begin_layout Standard
-Many of the external resources will be overlapping between web sites and
- domains, and downloading them multiple times can be avoided by caching
- the file the first time in a run.
- Keeping cached content would, depending on per-response cache settings
- and timeout, result in a different HTTP request and potentially different
- response.
- A file that has not changed on the server would generate a HTTP response
- status of 304 with no data, saving bandwidth and lowering transfer delays,
- where a changed file would generate a status 200 response with the latest
- version.
-\end_layout
+A recent large-scale study 
+\begin_inset CommandInset citation
+LatexCommand cite
+key "G.-Acar:persistent:2014aa"
 
-\begin_layout Standard
-One of the technologies in determining if a locally cached file is the correct/l
-atest version includes the HTTP 
-\begin_inset Flex Code
-status collapsed
+\end_inset
+
+ included a cookie syncing privacy analysis.
+ It was shown that unique user identifiers were shared between different
+ third parties.
+ IDs can be shared in different ways.
+ If both third parties exist on the same page, they can be shared through
+ scripts or by looking for any IDs in the location URL.
+ They can also be shared by one third-party sending requests to a second
+ third-party (a fourth-party? 
+\begin_inset Note Greyedout
+status open
 
 \begin_layout Plain Layout
-Etag
+Look up term, might be defined already.
 \end_layout
 
 \end_inset
 
- 
-\begin_inset Note Greyedout
+), either by leaking the location URL as a HTTP referrer or by embedding
+ it in the request URL.
+ In crawls of Alexa's top 
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-Insert link to Etag standard.
-\end_layout
 
-\end_inset
 
- header, which is a string representation of a URL/file at a certain version.
- When content is transferred it may have an 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-Etag
+\backslash
+numprint{3000}
 \end_layout
 
 \end_inset
 
- attached; if the file is cacheable, the 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-Etag
+ domains, one third-party script in particular sends requests with synced
+ IDs to 25 domains; the IDs were eventually are shared with 43 domains.
+ They also showed that a user's browsing history reconstruction rate rose
+ from 1.4% to 11% when backend/server-to-server overlaps were modeled.
 \end_layout
 
-\end_inset
-
- is saved.
- Subsequent requests for the same, cached URL contain the 
+\begin_layout Standard
+The study used a modified Firefox browser to look at values stored in primarily
+ cookies.
+ As all HTTP requests are recorded in this thesis, including HTTP cookie
+ headers, a limited version of the same study could be performed.
+ In addition, they look at in-browser scripting utilizing for example 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-Etag
+localStorage
 \end_layout
 
 \end_inset
 
- - and the server uses it to determine if a compact 304 response is enough
- or a full 200 response is necessary.
- It has been found that the 
+, 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-Etag
+canvas
 \end_layout
 
 \end_inset
 
- header can be used for cookieless cross-site tracking by using an arbitrarily
- chosen per-browser value instead of a file-dependent value 
-\begin_inset CommandInset citation
-LatexCommand cite
-key "M.-Ayenson:2011aa"
+ fingerprinting and ID storage in external plugins like Flash.
+ While that might be possible, the modifications that would need to be made
+ to phantomjs are non-trivial, and my current scope does not allow for that.
+ With their research as a base, cookie respawning and sharing could possibly
+ be confirmed using this thesis' code as a external tool using a different
+ browser platform.
+\end_layout
 
-\end_inset
+\begin_layout Section
+HTTP Archive
+\begin_inset CommandInset label
+LatexCommand label
+name "sub:HTTP-Archive"
 
-.
- This means that keeping a local file cache might affect how trackers respond;
- a file cache has not been implemented in har-heedless, making the browser
- amnesiac.
-\end_layout
+\end_inset
 
-\begin_layout Subsubsection
-Flash files
-\end_layout
 
-\begin_layout Standard
-Flash is a scriptable proprietary cross-platform vector based web technology
- owned by Adobe.
- Several kinds of content, including video players, games and ads, use Flash
- because it has historically been better suited than javascript for in-browser
- moving graphics and video.
- Flash usage has not been considered for this thesis as the technology isn
- not available on all popular web browsing platforms, notably Apple's iPad,
- and is being phased out by HTML 5 features such as 
-\begin_inset Flex Code
-status collapsed
+\begin_inset Foot
+status open
 
 \begin_layout Plain Layout
-<canvas>
-\end_layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://httparchive.org/"
 
 \end_inset
 
- and 
-\begin_inset Flex Code
-status collapsed
 
-\begin_layout Plain Layout
-<video>
 \end_layout
 
 \end_inset
 
- elements.
-\end_layout
 
-\begin_layout Subsubsection
-Combined javascript
 \end_layout
 
 \begin_layout Standard
-A common technique for speeding up web sites is to reduce the number of
- resources the browser needs to download, by combining or concatenating
- them in different ways depending on the file format.
- Javascript is a good example where there are potential benefits
+In an effort to measure web page speed on the internet, initially developed
+ in October 2010, the HTTP Archive collects HAR data and runs analyses on
+ them.
+ Unfortunately, their data dumps are in a custom format, not the original
+ HAR files, but there are some direct comparisons to be made with their
+ 
+\emph on
+Interesting stats
+\emph default
+
 \begin_inset Foot
 status open
 
 \begin_layout Plain Layout
 \begin_inset CommandInset href
 LatexCommand href
-target "https://developers.google.com/speed/docs/best-practices/rtt#CombineExternalJS"
+target "http://httparchive.org/interesting.php"
 
 \end_inset
 
@@ -2264,188 +2461,181 @@ target "https://developers.google.com/speed/docs/best-practices/rtt#CombineExter
 
 \end_inset
 
- since functionality often is spread across several files, especially after
- the plugin style of frameworks such as jQuery
-\begin_inset Foot
-status open
-
-\begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://jquery.com/"
-
-\end_inset
-
+ aggregate data.
+\end_layout
 
+\begin_layout Itemize
+Pages Using Google Libraries API
 \end_layout
 
-\end_inset
+\begin_layout Itemize
+HTTPS Requests
+\end_layout
 
- emerged.
- One concern is whether or not script concatenation on a web page would
- affect script analysis at a later stage, by reducing the number of third-party
- requests.
- While it is hard to analyze all scripts, based on their wide spread use,
- third-party scripts stay on their respective home servers as software as
- a service (SaaS) to enable faster update cycles and tracking of HTTP requests.
+\begin_layout Itemize
+Total Requests per Page
 \end_layout
 
-\begin_layout Subsubsection
-Google Tag Manager
+\begin_layout Chapter
+Future work
 \begin_inset CommandInset label
 LatexCommand label
-name "sub:Google-Tag-Manager"
+name "chap:Future-work"
 
 \end_inset
 
 
-\begin_inset Foot
+\end_layout
+
+\begin_layout Standard
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://www.google.com/tagmanager/"
+Mention further grouping, digging into the data.
+\end_layout
 
 \end_inset
 
 
 \end_layout
 
-\end_inset
-
-
+\begin_layout Section
+Unanswered questions
 \end_layout
 
 \begin_layout Standard
-One of the concerns was Google Tag Manager (GTM), which a script aggregation
- service with asynchronous loading directed specifically to marketers.
- Google provides builtin support for their AdWords, Analytics (GA) and DoubleCli
-ck (DC) services.
- While simplifying management with only one 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-<script>
+There are further questions in line with current results which could potentially
+ be answered with additional research.
 \end_layout
 
-\end_inset
-
- tag, each part should download separately and perform the same duties,
- including “calling home” to the usual addresses.
- In order to confirm this, a query was run on one of the datasets.
+\begin_layout Itemize
+Could any external resources actually be considered internal, despite being
+ loaded from external domains?
 \end_layout
 
-\begin_layout Standard
-\begin_inset ERT
-status open
-
-\begin_layout Plain Layout
-
-
-\backslash
-tsvtable{google-tag-manager.tsv}{Google Tag Manager versus Google Analytics
- and DoubleClick, dataset	2014-07-25 100k server}{}{display columns/0/.style={str
-ing type, column type=l}, display columns/2/.style={string type, column type=r}}
+\begin_layout Itemize
+How to determine if a resource
 \end_layout
 
-\end_inset
-
-
+\begin_deeper
+\begin_layout Itemize
+Crosses Sweden's borders in transit?
 \end_layout
 
-\begin_layout Standard
-The numbers point to every domain that uses Google Tag Manager uses at least
- one of Google Analytics and DoubleClick, and will therefore not obscure
- information regarding which services are called when further analyzed.
+\begin_layout Itemize
+Is handled by an organization with base or ownership outside of Sweden?
 \end_layout
 
-\begin_layout Subsubsection
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-robots.txt
+\end_deeper
+\begin_layout Itemize
+Which external resources are loaded from Sweden and abroad respectively?
 \end_layout
 
-\end_inset
-
- and 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-<meta name="robots" />
+\begin_layout Itemize
+What user data could potentially be collected, and subsequently inferred?
 \end_layout
 
-\end_inset
+\begin_layout Itemize
+To what extent can the average Swedish internet user's browsing habits be
+ correlated across the most commonly visited webpages?
+\end_layout
 
+\begin_layout Itemize
+Can the same techniques be applied to data from countries other than Sweden?
+\end_layout
 
+\begin_layout Section
+Creating an information website
 \end_layout
 
 \begin_layout Standard
-Automated web spider/bot software can bring a significant load to a web
- server, as the spidering speed can exceed user browsing speed by far -
- a single web spider can potentially request thousands of pages in the span
- of minutes, effectively being a denial of service attack 
+Despite thesis code being open source, much of the thesis data is hard to
+ retrieve, analyze and process for individuals.
+ A separate tool performing the work for anyone should be created.
+ Apart from presenting data already collected as a part of the thesis, it
+ could accept user input to analyze individual domains.
+ With several domains as input, any overlap can be detected and presented
+ to the user as an information sharing graph.
+ One of the inspirations for this thesis was Collusion 
 \begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-Insert link to DoS information.
+Insert link to Collusion, or whatever it is called these days.
 \end_layout
 
 \end_inset
 
- on an underpowered server.
- Some sites also have information considered sensitive to being available
- for spiders, or even for certain (kinds) of spiders such as image spiders.
- The choice to not serve spiders can stem from technical reasons (bandwidth,
- server load), to privacy (do not allow information to be indexed in search
- engines) and business (do not allow data to be collected and aggregated).
- In order to instruct web spiders not to get certain kind of material, there
- are two basic mechanisms - the special 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-robots.txt
-\end_layout
+, which is a tool to dynamically display from which external domains a page
+ retrieves resources right in the browser.
+ A version of the same tool could be built, where instead of letting the
+ user's browser retrieve sites the server would do it.
+ This way a non-technical user does not have to 
+\begin_inset Quotes eld
+\end_inset
 
+risk
+\begin_inset Quotes erd
+\end_inset
+
+ anything by visiting web pages, and their relationship could be displayed
+ anyways.
+ Collecting data server-side also allows for cached lookups and a grander
+ scope, where further relationships apart from the first hand ones could
+ be suggested.
+ 
+\begin_inset Quotes eld
+\end_inset
+
+If you frequently visit these sites, you might also be visiting theses sites
+ - click to display their relationships as well.
+\begin_inset Quotes erd
 \end_inset
 
- file and the HTML header tag
-\begin_inset Flex Code
-status collapsed
 
-\begin_layout Plain Layout
-<meta name="robots" />
 \end_layout
 
+\begin_layout Standard
+Over time and with user input, the dataset collected on the server would
+ increase, and a historical graph relating to both results shown in this
+ thesis and the relationships between sites can be created.
+ This is similar to what both the HTTP Archive 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:HTTP-Archive"
+
 \end_inset
 
-.
- Both can contain instructions for certain bots not to index certain paths
- or pages, or not to follow further links stemming from a page.
+ is doing on a large scale but with slightly different focus, and what the
+ 
+\emph on
+.SE Health Status
+\emph default
+ is doing but on a less continuous basis and with a shifting focus.
+\end_layout
+
+\begin_layout Section
+Package publicly available data
 \end_layout
 
 \begin_layout Standard
-Commercial software from search engines, information collectors and other
- software vendors take these explicit wishes from webmasters into consideration,
- but har-heedless has not.
- While it is automated software, it is not spidering software requesting
- many pages, following links to explore the site - it only accesses the
- front page of a domain, and resources explicitly requested by that one
- page.
- Information is not retrieved for indexing as such, as only HTTP request
- metadata is recorded.
- While some information requested to be not indexed might end up in the
- screenshots, they are kept in a format hard to re-parse for machines as
- non-public thesis data used for verification.
+Datasets based on publicly available datasets can be packaged for other
+ researchers to analyze.
+ While fresh data would be better, a larger dataset can take time to download
+ on a slow connection or computer and all software may not be available
+ to the researcher.
+ It lowers the step in for others who might be interested in the same kind
+ of research, which might lead to the software used in this thesis being
+ improved.
+\end_layout
+
+\begin_layout Section
+Code documentation
 \end_layout
 
 \begin_layout Standard
+With some 
 \begin_inset ERT
 status open
 
@@ -2453,179 +2643,285 @@ status open
 
 
 \backslash
-begin{futurework}
+numprint{70}
 \end_layout
 
 \end_inset
 
+ scripts written and released as open source, the need for documentation
+ has gradually increased.
+ The reason for not writing proper documentation - not having direct collaborato
+rs writing code - is a hinderance for future collaborators or users to get
+ started.
+ While code documentation has not been an explicit part of the thesis plan,
+ it can be seen as an important step for future usage.
+ The code is not magic in any way, but if understanding the functionality
+ of a file required reading over a hundred lines of code instead of two
+ or three lines of comments, it means a rather steep learning curve for
+ something that is supposed to be simple.
+\end_layout
+
+\begin_layout Section
+Improving domain retrieval
+\end_layout
 
+\begin_layout Subsection
+Automated testing
 \end_layout
 
 \begin_layout Standard
-Future versions of har-heedless might implement logic that checks 
+So far all testing of har-heedless and phantomjs has been done manually.
+ It has proven to be a working setup, as thesis results are based on these
+ tools, but the features are to be considered fragile as there are no regression
+ tests.
+ Automated tests of the different levels (shell scripts, 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-robots.txt
+netsniff.js
 \end_layout
 
 \end_inset
 
- in a domain list preprocessing step, to determine wether or not the request
- should be made.
- The same list can be used to filter further resource requests made by phantomjs
-, perhaps considering also other domains' 
-\begin_inset Flex Code
-status collapsed
+ 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:get/netsniff.js"
 
-\begin_layout Plain Layout
-robot.txt
+\end_inset
+
+, screenshots, error handling) might help achieve stability in case of for
+ example future improvements of phantomjs.
+ Tests might include setting up a web server with test pages serving different
+ kinds of content, as well as different kinds of errors.
+ During mass downloading of domains phantomjs has been observed outputting
+ error messages, such as failed JPEG image decoding and unspecified crashes.
+ The extent of these errors have so far not been examined, as they have
+ ended up being clumped together with external errors such as network or
+ remote server failures.
+\end_layout
+
+\begin_layout Subsection
+Investigating failed domains
 \end_layout
 
+\begin_layout Standard
+There are many reasons domain retrieval could fail, but for top or curated
+ domain lists the chances of the site being down are considerably lower
+ than for randomly selected domains.
+ Each web site has been requested up to three times, in order to avoid intermitt
+ent problems 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sec:Failed-domains"
+
 \end_inset
 
- files.
- The tag 
+.
+ Despite this, certain sites do not respond to requests from the automated
+ software.
+ There are several ways for a remote system to detect requests from automation
+ software, with the simplest one being looking at the HTTP 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-<meta name="robots" />
+User-Agent
 \end_layout
 
 \end_inset
 
- can also be respected, perhaps in terms of not saving screenshots for 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-noindex
+ browser make/model identifier string.
 \end_layout
 
+\begin_layout Standard
+Automated downloading of webpages, especially downloading several in short
+ succession, can be seen by site and service owners as disruptive by using
+ system resources and skewing statistical data.
+ Traversing different pages on a single website can also be detected by
+ looking at for example navigational patterns 
+\begin_inset CommandInset citation
+LatexCommand cite
+key "Tan:2002:DWR:593432.593521,Lourenco:2006:CWC:1145581.1145634"
+
 \end_inset
 
- values.
+.
+ By only downloading the domain root page and associated resources this
+ tool might not fall into that category of detection.
 \end_layout
 
 \begin_layout Standard
-\begin_inset ERT
-status open
+As some sites respond to desktop browser requests, but not har-heedless'
+ requests, it is believed they have implemented certain 
+\begin_inset Quotes eld
+\end_inset
 
-\begin_layout Plain Layout
+protection
+\begin_inset Quotes erd
+\end_inset
 
+ from this kind of software.
+ In respect of their wish not to serve automated requests, har-heedless'
+ browser has not been modified, for example by using a different 
+\begin_inset Flex Code
+status collapsed
 
-\backslash
-end{futurework}
+\begin_layout Plain Layout
+User-Agent
 \end_layout
 
 \end_inset
 
+ string, to try to avoid these measures.
+\end_layout
 
+\begin_layout Subsection
+Browser plugins
 \end_layout
 
-\begin_layout Subsubsection
-Parallelizing downloads
+\begin_layout Standard
+If possible, a set of common browser plugins could be installed into phantomjs.
+ The first that comes into mind is Adobe Flash, which is sometimes used
+ to display dynamic ads.
+ Flash also has the ability to request resources from other domains, so
+ it might affect results to not render them.
+ An additional problem might be that Flash has its own cookie system, which
+ used storage external to the browser.
+ This brings a new set of potential problems, as Flash cookies are a big
+ part of evercookies and cookie respawning 
+\begin_inset CommandInset citation
+LatexCommand cite
+key "G.-Acar:persistent:2014aa"
+
+\end_inset
+
+.
+ This means that a headless browser without persistent storage might end
+ up having identifier cookies set in Flash storage, thus being easily and
+ uniquely identified on subsequent visits.
+ While this might not affect this thesis much, as external plugins have
+ not been installed, it might affect other kinds of research being conducted
+ based on the same tools.
+\end_layout
+
+\begin_layout Subsection
+System language
 \end_layout
 
 \begin_layout Standard
-A lot of the time spent downloading a web page is spent waiting for network
- resources, especially during timeouts during retrieval.
- To speed up downloading large amounts of web pages, parallelizing was employed
- using simple scripting techniques, starting multiple processes at once
- in batches, waiting for each batch to finish before starting the next.
- This was deemed inefficient, as the download and rendering speed of the
- slowest web page would be a bottle neck.
- In a later script versions, GNU 
+Tests were run on English language systems, without making any customizations
+ to phantomjs' settings or HTTP 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-parallel
+Accept-Language
 \end_layout
 
 \end_inset
 
- was used, with a setting to not start more jobs if the current CPU/system
- load was too high.
-\end_layout
+ headers.
+ While sites have been downloaded from around the world, localized domains
+ might behave differently depending on user language.
+ Google has a recommendation saying that they will prioritize TLDs specific
+ to a region with a certain language (like .se and Sweden) for users sending
+ 
+\begin_inset Flex Code
+status collapsed
 
-\begin_layout Standard
-During initial parallelizing tests, the laptop machine was shown to be able
- to handle 100 domain downloads in parallel, but this was later scaled down
- to ensure system overload would not affect results, at the cost of significantl
-y longer download times.
+\begin_layout Plain Layout
+Accept-Language
 \end_layout
 
-\begin_layout Subsubsection
-Screen size
+\end_inset
+
+ prioritizing Swedish.
+ 
+\begin_inset Note Greyedout
+status open
+
+\begin_layout Plain Layout
+Insert link to Google's language page ranking.
+\end_layout
+
+\end_inset
+
+ This stems from them seeing that localized results have a higher usage
+ rate.
+\end_layout
+
+\begin_layout Subsection
+System fonts
 \end_layout
 
 \begin_layout Standard
-When phantomjs is running, it emulates having a browser window by keeping
- an internal graphics buffer.
- Even if web page is not rendered and shown on screen, it still has a screen
- size, which affects layout.
- With a bit of javascript or responsive CSS, the screen size can affect
- downloaded resources.
- Javascript can be used to delay download of images and other resources
- that are 
-\emph on
-below the fold
-\emph default
-, meaning outside of the initial view the user has without scrolling in
- any direction, as a page speed improvement.
- Responsive CSS adapts the page style to the screen size in order to increase
- usability for mobiles and other handheld devices, and might optimize the
- quality of downloaded images to match the screen size.
+Some of the difference between site screenshots and manually browsing to
+ a site is in the fonts displayed.
+ Most of the domains have been downloaded on a headless server, where fonts
+ have not mattered to the system owner.
+ Installing additional fonts commonly available on average user systems
+ might reduce perceived difference.
+\end_layout
+
+\begin_layout Subsection
+Do Not Track
 \end_layout
 
 \begin_layout Standard
-By default, phantomjs uses the physical computer's primary screen size.
- In order to reduce differences between the laptop and server machines,
- a fixed emulated window size of 1024x768 pixels was chosen.
- The basis for this is that 1024x768 pixel resolution screens have been
- the recommended screen size to design for
-\begin_inset Foot
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://www.nngroup.com/articles/screen-resolution-and-page-layout/"
+Write about Do Not Track and the response/server-side counter-part.
+\end_layout
 
 \end_inset
 
 
 \end_layout
 
-\end_inset
-
- for a long time
-\begin_inset Foot
-status open
+\begin_layout Standard
+While the HTTP header 
+\begin_inset Flex Code
+status collapsed
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://www.nngroup.com/articles/computer-screens-getting-bigger/"
+DNT
+\end_layout
 
 \end_inset
 
+ (Do Not Track) has not been set, it would have been interesting to look
+ at the difference in response from remote services.
+ As cookie headers can be analyzed, the difference could have been detected
+ both per origin domain and per connected service.
+ See also the P3P analysis 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:Platform-for-Privacy-(P3P)-Project"
+
+\end_inset
 
+ for a related header.
 \end_layout
 
-\end_inset
+\begin_layout Section
+Domain lists
+\end_layout
 
-, and it still is a common screen size
+\begin_layout Standard
+There are other domain lists that might have been suitable in this thesis.
+ One curated top list is the KIA index, a list of top sites in Sweden aggregatin
+g statistics from different curated sites' underlying analytics tools.
 \begin_inset Foot
 status open
 
 \begin_layout Plain Layout
 \begin_inset CommandInset href
 LatexCommand href
-target "http://gs.statcounter.com/#resolution-ww-monthly-201307-201407"
+target "http://www.kiaindex.net/"
 
 \end_inset
 
@@ -2634,62 +2930,53 @@ target "http://gs.statcounter.com/#resolution-ww-monthly-201307-201407"
 
 \end_inset
 
-.
+ Other TLDs, both from other countries and more generic ones, could be used.
 \end_layout
 
-\begin_layout Standard
-Scripted browser scrolling (vertically) through the page has not been performed,
- thus javascript scrolling events triggering for example downloading of
- images below the fold are not guaranteed.
- 
-\begin_inset Note Greyedout
-status open
-
-\begin_layout Plain Layout
-Check if all images are automatically downloaded by phantomjs, as if the
- page had been scrolled, as they seem present in screenshots.
-\end_layout
+\begin_layout Section
+Ad and privacy blocking lists
+\begin_inset CommandInset label
+LatexCommand label
+name "sec:Ad-and-privacy-blocking-lists"
 
 \end_inset
 
 
 \end_layout
 
-\begin_layout Subsubsection
-Screenshots
-\end_layout
-
 \begin_layout Standard
-In order to visually being able to confirm that web pages have been downloaded
- correctly, a PNG screenshot can optionally be taken when the page has finished
- downloading.
- There is a processing cost associated with taking screenshots; it takes
- time for phantomjs to render the internal buffer as an image, convert it
- to base64 encoding for the augmented HAR data, jq to extract the image
- data, the system to convert the data back to binary and finally write it
- to disk.
- Extra processing is also needed to remove the screenshot from the augmented
- HAR file.
-\end_layout
+There are several lists of known ads and privacy invading trackers in use
+ in blocking software than Disconnect (see 
+\begin_inset CommandInset ref
+LatexCommand vref
+reference "sub:Disconnect's-blocking-list"
 
-\begin_layout Standard
-The emulated browser window size also sets a limit on the screenshot size
- when rendered, but the entire browser canvas is captured.
- This means that screenshots that are saved to disk in most cases extend
- beyond the viewport size, most often vertically; this corresponds to scrolling
- through the entire page.
-\end_layout
+\end_inset
 
-\begin_layout Standard
-\begin_inset ERT
+).
+ One of the most popular ones is EasyList 
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
+Insert link to EasyList, verify format.
+\end_layout
 
+\end_inset
 
-\backslash
-tsvtable{output-filesize.tsv}{Output file size}{}{display columns/0/.style={string
- type, column type=l}, display columns/3/.style={string type, column type=r}}
+, which exists in several varieties.
+ They were considered, but in the end not incorporated because of the lower
+ quality of the filter list format.
+ It is a mixture of HTML element and URL blocking, and it lacks the connection
+ between blocks and corresponding organization.
+ There is also Ghostery, which uses a proprietary list that also contains
+ organizations, but it has not been used because of licensing issues.
+ 
+\begin_inset Note Greyedout
+status open
+
+\begin_layout Plain Layout
+Insert link to Ghostery, verify license.
 \end_layout
 
 \end_inset
@@ -2698,64 +2985,61 @@ tsvtable{output-filesize.tsv}{Output file size}{}{display columns/0/.style={stri
 \end_layout
 
 \begin_layout Standard
-The ratio of PNG to HAR data size on disk points to the compressed PNG files
- being up to 10 times the size of the uncompressed HAR files for certain
- types of pages, for example media domains in the 
-\emph on
-.SE Health Status
-\emph default
- report dataset.
-\end_layout
-
-\begin_layout Subsection
-Dataset variations
-\begin_inset CommandInset label
-LatexCommand label
-name "sec:Dataset-variations"
+On a technical level, some blocking rule formats have also posed a problem
+ in terms of implementation into the current data processing framework that
+ is har-dulcify.
+ It relies heavily on jq (see 
+\begin_inset CommandInset ref
+LatexCommand vref
+reference "sub:jq"
 
 \end_inset
 
+), which does not have a public release that implements in regular expressions
+ support, a major part of some blocking lists.
+ The idea is that ads and related resources are filtered matching requests'
+ complete URL against the blocking rules, which are a mixture of both more
+ coarse and more fine-grained than Disconnect's domain based rules.
+ One example is 
+\begin_inset Flex Code
+status collapsed
 
+\begin_layout Plain Layout
+/ads/
 \end_layout
 
-\begin_layout Standard
-Each dataset has been used in four variations, effectively quadrupling the
- number of web sites access attempts.
- Each of these variations have been downloaded and analyzed separately,
- then used for both intra- and inter-dataset comparisons.
-\end_layout
+\end_inset
 
-\begin_layout Itemize
-HTTP and HTTPS.
- Enables comparisons between secure and insecure origin web site requests.
+, matching a folder name that suggests that all URLs containing this particular
+ path substring is serving advertisements.
+ The thought of using a single path substring to block advertisements served
+ from any domain is more coarse than pinpointing a single domain, but it
+ is also more specific as it would not block legitimate content from another
+ subfolder on the same domain.
+ This way general ad serving systems can be blocked, while domains that
+ serve both ads and content is still allowed serve the content without interferi
+ng with the blocking of ads.
 \end_layout
 
-\begin_layout Itemize
-Empty prefix versus www prefix/subdomain.
- The www subdomain has historically been used to denote a web server serving
- web sites 
-\begin_inset Note Greyedout
+\begin_layout Standard
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-Insert link to www prefix claim.
+
+
+\backslash
+begin{futurework}
 \end_layout
 
 \end_inset
 
-, and it still seems to have a higher usage than no prefix 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sec:Failed-versus-non-failed"
 
-\end_inset
+\end_layout
 
-.
- The 
-\emph on
-.SE Health Status
-\emph default
- reports specifically accesses web sites on the www subdomain.
+\begin_layout Standard
+At the time of writing, jq is released as version 1.4.
+ Support for regular expressions is planned for version 1.5.
 \end_layout
 
 \begin_layout Standard
@@ -2766,9 +3050,7 @@ status open
 
 
 \backslash
-tsvtable{dataset-variations.tsv}{Dataset variations}{}{display columns/0/.style={s
-tring type, column type=l}, display columns/1/.style={string type, column
- type=l}, display columns/2/.style={string type, column type=l}}
+end{futurework}
 \end_layout
 
 \end_inset
@@ -2776,65 +3058,99 @@ tring type, column type=l}, display columns/1/.style={string type, column
 
 \end_layout
 
-\begin_layout Standard
-Each dataset has the variation appended to the name in the results chapter
- 
-\begin_inset CommandInset ref
-LatexCommand ref
-reference "chap:Detailed-Results"
+\begin_layout Section
+Improving data analysis
+\end_layout
 
-\end_inset
-
-.
+\begin_layout Standard
+Improvements to the data transformation and analysis steps.
 \end_layout
 
 \begin_layout Subsection
-System load during downloads
+Automated testing
 \end_layout
 
 \begin_layout Standard
-System load can affect the end results, if network timeouts occur during
- downloading and processing of domains' front pages.
- Apart from CPU and memory limitations, the other users of the .SE network
- should not be affected by tests.
+Data transformations have been written in a semi-structured manner, with
+ separate files for most separate tasks, often executed in serial stages.
+ Each task accepts a certain kind of data as input for the transformation
+ to work correctly - but as both input and output from separate stages looks
+ very similar, it is hard to tell which kind of data it accepts and what
+ the expected output is - and if a change in one stage will affect later
+ stages.
+ Writing automated tests for each stage would have helped during both adding
+ functionality and refactoring the structure.
+ At times, there have been rather time-consuming problems with unexpected
+ or illegal input from real world sites - extracting that kind of input
+ to create a test suite would have sped up fixes and raised confidence in
+ that the input would be handled appropriately and output would still be
+ correct.
+ So far that has not been done, and much of the opportunity to gain from
+ tests have been lost as work has progressed past each problem.
 \end_layout
 
 \begin_layout Standard
-System load on *NIX systems can be found using the 
-\begin_inset Flex Code
-status collapsed
+One solution to validating both input and output would have been to create
+ JSON schemas 
+\begin_inset Note Greyedout
+status open
 
 \begin_layout Plain Layout
-uptime
+Insert link to JSON schema.
 \end_layout
 
 \end_inset
 
- command.
-\begin_inset Foot
-status open
+ for each transformation.
+ This kind of verification can easily be automated, and it will help any
+ future changes.
+\end_layout
+
+\begin_layout Subsection
+Code reuse
+\end_layout
+
+\begin_layout Standard
+Much of the code written in shell scripts, both Bash and jq code, is duplicated
+ between files.
+ While common functionality suitable for pipelining have been broken out,
+ shared functions have not.
+ Bash provides the 
+\begin_inset Flex Code
+status collapsed
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://en.wikipedia.org/wiki/Load_(computing)"
+source
+\end_layout
 
 \end_inset
 
+ command for sharing functionality.
+ Code sharing in jq through the use of modules and packages is still under
+ development, but there is a way to load a single external command file.
+ This file can be precomposed externally by concatenating files with function
+ definitions first, and the actual usage of those functions second.
+ The improvement was postponed due to the relative little reuse in early
+ scripting and bright outlook on modules and packages support.
+ As the number of scripts grew, code sharing/composition possibilities grew
+ as well - and with them possible improvements in development speed, consistency
+ and correctness.
+ At this stage, software stability is more important for the final dataset
+ download and analysis, and code refactoring can only be postponed.
+ Foreseeing a greater reuse of JSON and jq tools, a separate open source
+ project has been started - jq-hopkok 
+\begin_inset Note Greyedout
+status open
 
+\begin_layout Plain Layout
+Insert link to jq-hopkok.
 \end_layout
 
 \end_inset
 
- Other processes were running at the time of these tests, so the numbers
- are not exclusive to the downloading.
- The complexity of the front pages of the currently processed domains affects
- the load, as well if screenshot generations is enabled.
- Final downloads were done with screenshots enabled.
- The table below show loads for random samples in time.
-\end_layout
-
-\begin_layout Standard
+ - where some scripts have been collected.
+ Many functions and utilities local to har-dulcify are project-agnostic,
+ and thus suitable objects to move to jq-hopkok for ease composition.
 \begin_inset ERT
 status open
 
@@ -2842,9 +3158,7 @@ status open
 
 
 \backslash
-tsvtable{system-load.tsv}{System load}{}{fixed, precision=1, display columns/0/.st
-yle={string type, column type=l}, display columns/1/.style={string type,
- column type=l}, display columns/2/.style={string type, column type=i}}
+begin{futurework}
 \end_layout
 
 \end_inset
@@ -2853,11 +3167,16 @@ yle={string type, column type=l}, display columns/1/.style={string type,
 \end_layout
 
 \begin_layout Standard
+At the time of writing, jq is released as version 1.4.
+ Support for modules is planned for a version after 1.5.
+ Packages/package managers are external to the jq core, and do not follow
+ the same planning.
+ 
 \begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-Test more load.
+Verify version planning.
 \end_layout
 
 \end_inset
@@ -2873,7 +3192,7 @@ status open
 
 
 \backslash
-begin{futurework}
+end{futurework}
 \end_layout
 
 \end_inset
@@ -2881,55 +3200,56 @@ begin{futurework}
 
 \end_layout
 
+\begin_layout Subsection
+Ignore domains without content
+\end_layout
+
 \begin_layout Standard
-System load has been shown to vary greatly based on the type of request,
- mainly differing by HTTP and HTTPS response rates.
- High failure rates mean a lot of time is spent waiting until a set time
- limit/timeout has been reached.
- Increasing the upper bound on parallelism and instead dynamically adjusting
- the number of concurrent requests emphasizing system load should decrease
- time needed to download a set of domains with a large failure rate (see
- 
-\begin_inset CommandInset ref
-LatexCommand vref
-reference "sec:Failed-versus-non-failed"
+Many domains do not contain any actual content.
+ Examples include web server placeholder pages (
+\begin_inset Quotes eld
+\end_inset
 
+Installation succeeded
+\begin_inset Quotes erd
 \end_inset
 
-).
- Time limits can also be adjusted based on previous dataset results' actual
- reply timings found in HAR data, instead of setting a high and 
+), domain listings (
 \begin_inset Quotes eld
 \end_inset
 
-safe
+Index of /
 \begin_inset Quotes erd
 \end_inset
 
- upper bound timeout, both for page timeouts and individual resources.
-\end_layout
+), parked domains (
+\begin_inset Quotes eld
+\end_inset
 
-\begin_layout Standard
-\begin_inset ERT
+This domain was purchased from ...
+\begin_inset Quotes erd
+\end_inset
+
+) and advertisement domains (like Google Adwords for Domains 
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-
-
-\backslash
-end{futurework}
+Insert link.
 \end_layout
 
 \end_inset
 
-
+).
+ There is a Sweden-centric list of site titles for recognized non-content
+ pages available internally at .SE, but it has not been incorporated.
 \end_layout
 
 \begin_layout Subsection
-Failed domains
+Implement public suffix rules, use non-ICANN suffixes
 \begin_inset CommandInset label
 LatexCommand label
-name "sec:Failed-domains"
+name "sub:Implement-public-suffix-rules-use-non-ICANN-suffixes"
 
 \end_inset
 
@@ -2937,55 +3257,40 @@ name "sec:Failed-domains"
 \end_layout
 
 \begin_layout Standard
-Some web sites are not downloaded successfully, for different reasons.
- The DNS settings might not be correct, the server may be shut down, there
- might have been a temporary network timeout, there might have been a software
- error - or the server has been programmed to not respond to automated requests
- from phantomjs 
+As datasets have been analyzed, public suffix rules have proven to work
+ in general, with co.uk and similar second level domains being properly grouped
+ and primary domains extracted.
+ There are still traces of the wildcard rules 
 \begin_inset CommandInset ref
 LatexCommand eqref
-reference "sub:phantomjs"
+reference "sub:Public-suffix-list"
 
 \end_inset
 
- and similar tools.
- Unfortunately, outside of local software errors which may result in parseable
- error messages, sources of the errors are hard to detect without an extensive
- external analysis of DNS settings and network connectivity - and even so,
- an automated analysis may include false negatives because of remote system
- automated request countermeasures.
-\end_layout
-
-\begin_layout Standard
-Each HTTP request has their HTTP status response recorded if it is available;
- absence or numbers outside the RFC2616 range (100-599) indicates failure.
- Any error output the web page itself has produced, mostly because of javascript
- errors, have also been recorded in the HAR log or individual entry/request
- comment fields.
+ in the data though, which means that while numbers are low, there are domains
+ for which the public suffix rules have not been properly applied.
 \end_layout
 
 \begin_layout Standard
-A distinction is made between 
-\emph on
-failed
-\emph default
- and 
-\emph on
-unsuccessful
-\emph default
- domains - unsuccessful domains rendered a complete response with a HTTP
- status that indicated that it was not successful.
- Domains that failed have been re-downloaded; it relieved some, but not
- all, failures.
+Other potential improvements would be implementing the non-ICANN, private
+ suffixes.
+ This would for example lower the aggregate numbers for cloudfront.net and
+ amazonaws.com as primary domains in the aggregates, focusing on the fact
+ that subdomains belongs to different organizations.
+ Disconnect's dataset, which lists cloudfront.net as a single tracker entity
+ would still present Amazon as a the single tracking organization behind
+ the domain though, which might be a bit misleading.
+ It is true that they can read traffic data in the same way other web hosting
+ and cloud services host can read traffic data to their customers, but customers
+' common domain name suffix has little to do with it.
 \end_layout
 
 \begin_layout Standard
-\begin_inset Note Greyedout
+\begin_inset Note Note
 status open
 
 \begin_layout Plain Layout
-Insert re-downloading table for at least one dataset, like se.2014-07-10.random.100
-000-http-www.
+Pages with wide tables start here.
 \end_layout
 
 \end_inset
@@ -2994,95 +3299,103 @@ Insert re-downloading table for at least one dataset, like se.2014-07-10.random.
 \end_layout
 
 \begin_layout Standard
-The first round of retries rendered the greatest results, and subsequent
- retries are less successful.
- This seem to point to some intermittent failures being recoverable, and
- that some domains will not respond.
- Due to diminishing returns in the number of additional successful domains
- in each retry cycle, the number of retries was limited to two 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:har-portent"
+\begin_inset ERT
+status open
 
-\end_inset
+\begin_layout Plain Layout
 
-.
-\end_layout
 
-\begin_layout Section
-Analyzing resources
+\backslash
+begin{wide}
 \end_layout
 
-\begin_layout Standard
-After downloading HAR files, they are processed using har-dulcify, see 
-\begin_inset CommandInset ref
-LatexCommand vref
-reference "sub:har-dulcify"
-
 \end_inset
 
-.
+
 \end_layout
 
-\begin_layout Subsection
-Screenshots
+\begin_layout Section
+Other views on the same data
 \end_layout
 
 \begin_layout Standard
-Screenshots were mainly used for verification during development, to see
- that the pages were loaded properly.
- While they have been retained, the manual inspection necessary makes it
- infeasible as a way to verify each and every domain's result.
+Research that could possibly be performed using the same data and tools.
 \end_layout
 
 \begin_layout Subsection
-The HAR format
-\end_layout
+Platform for Privacy Preferences (P3P) Project
+\begin_inset Foot
+status open
 
-\begin_layout Standard
-The specification includes fields that have to do with for example request/respo
-nse timings and data sizes.
- Those, and other fields, are not analyzed in this thesis, so the first
- step is to extract the relevant information.
-\end_layout
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://www.w3.org/P3P/"
+
+\end_inset
 
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-URL The request's URL.
- Recorded whether the request is successful or not.
- Values outside of those starting with 
-\begin_inset Flex Code
-status collapsed
 
-\begin_layout Plain Layout
-http://
 \end_layout
 
 \end_inset
 
- or 
-\begin_inset Flex Code
-status collapsed
+ HTTP header analysis
+\begin_inset CommandInset label
+LatexCommand label
+name "sub:Platform-for-Privacy-(P3P)-Project"
+
+\end_inset
+
+
+\end_layout
+
+\begin_layout Standard
+P3P is a way for websites to declare their policies and intentions for data
+ collected from web users.
+ It is declared in a machine-readable format, as an XML file and in a compact
+ encoding as a HTTP header.
+ W3C's work started in 1997 and P3P 1.0 became a W3C recommendation in 2002.
+ It never gained enough momentum and the work with P3P 1.1 was suspended
+ in 2006.
+ P3P is still implemented by many websites, even though it may not follow
+ the originally intended usage.
+\end_layout
+
+\begin_layout Standard
+In conversations with Dwight Hunter, privacy policy researcher, he mentioned
+ that P3P policies are seen as a good technical solution to policy problems
+ in research he had read.
+ 
+\begin_inset Note Greyedout
+status open
 
 \begin_layout Plain Layout
-https://
+Add references to Dwight's claims?
 \end_layout
 
 \end_inset
 
- are mostly ignored.
+ Thesis data shows that this is not always true; there are policy-wise useless
+ P3P headers being sent from some webpages, most probably to bypass Internet
+ Explorer's (not all versions) strict cookie rules for third-party site
+ without a P3P HTTP header.
+ This has been highlighted by Microsoft in 2012, pointing at Google's P3P
+ use.
 \end_layout
 
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-Status The HTTP status code
+\begin_layout Quotation
+By default, IE blocks third-party cookies unless the site presents a P3P
+ Compact Policy Statement indicating how the site will use the cookie and
+ that the site’s use does not include tracking the user.
+ Google’s P3P policy causes Internet Explorer to accept Google’s cookies
+ even though the policy does not state Google’s intent.
 \begin_inset Foot
 status open
 
 \begin_layout Plain Layout
 \begin_inset CommandInset href
 LatexCommand href
-target "http://tools.ietf.org/html/rfc2616"
+target "http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx"
 
 \end_inset
 
@@ -3091,116 +3404,123 @@ target "http://tools.ietf.org/html/rfc2616"
 
 \end_inset
 
- found in the server's response.
- Defined as a 3-digit integer result, 100-599, grouped into classes by the
- first digit.
-\end_layout
 
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-Mime-type The HTTP content-type header, which is the body internet media
- type (previously known as Multipurpose Internet Mail Extensions (MIME)
- type) combined with optional parameters, such as character encoding.
 \end_layout
 
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-Referer The URL of the page that requested the resource.
- Can be used to build a tree of requests, but is limited by the fact that
- it requires HTML 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-<frame>
-\end_layout
+\begin_layout Standard
+Looking at collected HAR data there are many examples of P3P headers.
+ In the dataset 
+\begin_inset Quotes eld
+\end_inset
 
+se.2014-07-10.random.100000-http
+\begin_inset Quotes erd
 \end_inset
 
- or 
-\begin_inset Flex Code
-status collapsed
+ from 2014-09-01 with about 
+\begin_inset ERT
+status open
 
 \begin_layout Plain Layout
-<iframe>
+
+
+\backslash
+numprint{1944000}
 \end_layout
 
 \end_inset
 
- to differ from the origin page.
- The word referrer was misspelled 
-\begin_inset Flex Code
-status collapsed
+ recorded requests, about 
+\begin_inset ERT
+status open
 
 \begin_layout Plain Layout
-referer
+
+
+\backslash
+numprint{90000}
 \end_layout
 
 \end_inset
 
-
-\begin_inset Foot
+ present a P3P policy.
+ There are about 
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://en.wiktionary.org/wiki/referer"
-
-\end_inset
 
 
+\backslash
+numprint{550}
 \end_layout
 
 \end_inset
 
- in the original proposal
-\begin_inset Foot
+ unique values, including these:
+\end_layout
+
+\begin_layout Standard
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://tools.ietf.org/html/rfc1945"
-
-\end_inset
 
 
+\backslash
+tsvtable{p3p.counts.tsv}{Top P3P values}{}{display columns/1/.style={string
+ type, column type=l}}
 \end_layout
 
 \end_inset
 
-.
-\end_layout
 
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-Redirect The URL of the new location of the requested resource, if defined
- by a 3xx HTTP status.
 \end_layout
 
 \begin_layout Standard
-These properties will be enough to see what kinds of resources are requested,
- if requests are successful and where the request is made to.
-\end_layout
+\begin_inset Quotes eld
+\end_inset
 
-\begin_layout Subsection
-Expanding parts
-\end_layout
+Potato
+\begin_inset Quotes erd
+\end_inset
 
-\begin_layout Subsubsection
-URL, referer, redirect
-\end_layout
+ comes from an example in a discussion regarding Internet Explorer and cookie
+ blocking.
+\family roman
+\series medium
+\shape up
+\size normal
+\emph off
+\bar no
+\strikeout off
+\uuline off
+\uwave off
+\noun off
+\color none
 
-\begin_layout Standard
-The URL format has several components
 \begin_inset Foot
 status open
 
 \begin_layout Plain Layout
+
+\size normal
+\emph on
+Cookie blocked/not saved in IFRAME in Internet Explorer
+\family roman
+\series medium
+\shape up
+\emph off
+\bar no
+\strikeout off
+\uuline off
+\uwave off
+\noun off
+\color none
+ 
 \begin_inset CommandInset href
 LatexCommand href
-target "https://tools.ietf.org/html/rfc3986"
+target "http://stackoverflow.com/a/16475093"
 
 \end_inset
 
@@ -3209,121 +3529,173 @@ target "https://tools.ietf.org/html/rfc3986"
 
 \end_inset
 
-, with interesting ones for web listed and/or split up further here.
-\end_layout
-
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-Scheme In this case, 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-http
-\end_layout
 
-\end_inset
+\family default
+\series default
+\shape default
+\size default
+\emph default
+\bar default
+\strikeout default
+\uuline default
+\uwave default
+\noun default
+\color inherit
+ Other examples include 
+\family roman
+\series medium
+\shape up
+\size normal
+\emph off
+\bar no
+\strikeout off
+\uuline off
+\uwave off
+\noun off
+\color none
 
- and 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-https
+
+\family roman
+\series medium
+\shape up
+\size normal
+\emph off
+\bar no
+\strikeout off
+\uuline off
+\uwave off
+\noun off
+\color none
+CP="This is not a P3P policy! It is used to bypass IEs problematic handling
+ of cookies"
 \end_layout
 
 \end_inset
 
- protocols have been the most interesting to look at.
- Other interesting examples that can be found in the wild include 
+, 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-ftp
-\end_layout
 
-\end_inset
+\family roman
+\series medium
+\shape up
+\size normal
+\emph off
+\bar no
+\strikeout off
+\uuline off
+\uwave off
+\noun off
+\color none
+CP="This is not a P3P policy.
+ Work on P3P has been suspended since 2006: http://www.w3.org/P3P/"
+\end_layout
 
- (for file downloads), 
+\end_inset
+
+, 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-data
+
+\family roman
+\series medium
+\shape up
+\size normal
+\emph off
+\bar no
+\strikeout off
+\uuline off
+\uwave off
+\noun off
+\color none
+CP="This is not a P3P policy.
+ P3P is outdated."
 \end_layout
 
 \end_inset
 
- (for resources encoded into the URI) and 
+, 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-about
-\end_layout
 
-\end_inset
+\family roman
+\series medium
+\shape up
+\size normal
+\emph off
+\bar no
+\strikeout off
+\uuline off
+\uwave off
+\noun off
+\color none
+CP=
+\backslash
+"Thanks IE8
+\backslash
 
- (mostly used for blank placeholder pages).
 \end_layout
 
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-Domain For this thesis, the domain part has been of a lot of interest, as
- it signifies the difference between internal and external resources.
-\end_layout
+\end_inset
 
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-Port While custom ports can be used, they usually implicitly default to
- 80 for HTTP and 443 for HTTPS.
-\end_layout
+ (which is a malformed value), 
+\begin_inset Flex Code
+status collapsed
 
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-Path The path specifies a folder or file on the server.
-\end_layout
+\begin_layout Plain Layout
 
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-Querystring Most parameters sent back to servers are defined in an RFC compliant
- way, but there are other variants building on for example `/` as a pseudo-path
- separator.
+\family roman
+\series medium
+\shape up
+\size normal
+\emph off
+\bar no
+\strikeout off
+\uuline off
+\uwave off
+\noun off
+\color none
+CP="No P3P policy because it has been deprecated"
 \end_layout
 
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-Fragment The fragment is in the web context a client-only component, and
- is not to be sent back to the server as part of a request.
- The usage affects browsers' presentation, historically only by scrolling
- to a matching named element, but modern usage includes keeping browser
- state using javascript, for example following the web spider crawlable
- hash-bang syntax
-\begin_inset Foot
-status open
-
-\begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://developers.google.com/webmasters/ajax-crawling/docs/getting-started"
-
 \end_inset
 
-
+.
 \end_layout
 
+\begin_layout Standard
+This is but one example of where quantitive analysis of real-world web pages
+ shows differences between technical, intended or perceived usage.
+ While P3P may be an outdated example that has been researched 
+\begin_inset CommandInset citation
+LatexCommand cite
+key "CMU-CyLab-10-014"
+
 \end_inset
 
-.
+, it shows how automated, generic tooling can help researchers a lot in
+ their understanding of usage in the wild.
 \end_layout
 
 \begin_layout Standard
-\begin_inset Note Greyedout
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-Write more about URLs.
+
+
+\backslash
+end{wide}
 \end_layout
 
 \end_inset
@@ -3331,68 +3703,39 @@ Write more about URLs.
 
 \end_layout
 
-\begin_layout Subsubsection
-Status
-\end_layout
-
 \begin_layout Standard
-The status is grouped into their defined groups by the first digit.
- Groups outside of the defined range 100-599 are defined as null.
-\end_layout
-
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-1xx Information
-\end_layout
+\begin_inset Note Note
+status open
 
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-2xx 
+\begin_layout Plain Layout
+Pages with wide tables end here.
 \end_layout
 
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-3xx Redirection
-\end_layout
+\end_inset
 
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-4xx 
-\end_layout
 
-\begin_layout Labeling
-\labelwidthstring 00.00.0000
-5xx Server errors
 \end_layout
 
 \begin_layout Standard
-\begin_inset Note Greyedout
-status open
-
-\begin_layout Plain Layout
-Fill out the proper HTTP status group headings.
-\end_layout
-
+\begin_inset Newpage clearpage
 \end_inset
 
 
 \end_layout
 
-\begin_layout Subsubsection
-Mime-type
-\begin_inset CommandInset label
-LatexCommand label
-name "sub:Mime-type"
+\begin_layout Standard
+\begin_inset CommandInset bibtex
+LatexCommand bibtex
+bibfiles "../references/thesis"
+options "bibtotoc,plain"
 
 \end_inset
 
 
 \end_layout
 
-\begin_layout Standard
-The mime-type is grouped by their usage, which usually is the first group
- part.
- Here is a selection of common types grouped together.
+\begin_layout Chapter*
+Thanks
 \end_layout
 
 \begin_layout Standard
@@ -3403,9 +3746,9 @@ status open
 
 
 \backslash
-tsvtable{mime-types.tsv}{Mime-type grouping}{}{display columns/0/.style={string
- type, column type=l}, display columns/1/.style={string type, column type=l},
- }
+phantomsection
+\backslash
+addcontentsline{toc}{chapter}{Thanks}
 \end_layout
 
 \end_inset
@@ -3418,7 +3761,7 @@ tsvtable{mime-types.tsv}{Mime-type grouping}{}{display columns/0/.style={string
 status open
 
 \begin_layout Plain Layout
-Update list, use most common types.
+Add list of collaborators in getting data, domains, help, advice etcetera.
 \end_layout
 
 \end_inset
@@ -3426,25 +3769,40 @@ Update list, use most common types.
 
 \end_layout
 
-\begin_layout Subsection
-Classification
+\begin_layout Section*
+The Internet Infrastructure Foundation
+\begin_inset Foot
+status open
+
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://www.iis.se/"
+
+\end_inset
+
+
 \end_layout
 
-\begin_layout Subsubsection
-Public Suffix List
+\end_inset
+
+ (.SE)
 \end_layout
 
 \begin_layout Standard
-The public suffix list is prepared for lookups per domain component.
- Each request's domain (including shorter domain components) is checked
- against it, and any matching public suffixes are kept in an array.
- A list of private suffixes, as in domain components not in the public suffix
- list, is also kept.
- The primary domain (first non-public suffix match, or the shortest private
- suffix) is extracted.
+.SE is also known as Stiftelsen för internetinfrastruktur (IIS).
 \end_layout
 
 \begin_layout Standard
+This thesis is being written in the office of - and in collaboration with
+ - .SE, who graciously supported me with domain data and internet knowledge.
+ Part of .SE’s research efforts include continuously analyzing internet infrastru
+cture and usage in Sweden.
+ .SE is an independent organization, responsible for the Swedish top level
+ domain, and working for the benefit of the public that promotes the positive
+ development of the internet in Sweden.
+ Their head office is in Stockholm.
+ In 2013 they had 72 employees and a turnover of over 
 \begin_inset ERT
 status open
 
@@ -3452,390 +3810,274 @@ status open
 
 
 \backslash
-begin{futurework}
+numprint{140}
 \end_layout
 
 \end_inset
 
+ MSEK.
+\begin_inset Foot
+status open
 
-\end_layout
-
-\begin_layout Standard
-In terms of grouping, it might be good to keep the primary (longest matching)
- public suffix separately.
- The public suffix list also contains special wildcard/exception rules and
- private suffixes 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:Public-suffix-list"
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://www.iis.se/om/arsredovisningar/arsredovisning-2013/"
 
 \end_inset
 
-.
- They have not been used in the thesis 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:Implement-public-suffix-rules-use-non-ICANN-suffixes"
+
+\end_layout
 
 \end_inset
 
-.
+
 \end_layout
 
-\begin_layout Standard
-\begin_inset ERT
-status open
-
-\begin_layout Plain Layout
-
-
-\backslash
-end{futurework}
-\end_layout
-
-\end_inset
-
-
-\end_layout
-
-\begin_layout Subsubsection
-Basic
-\end_layout
-
-\begin_layout Standard
-Simple properties in the request are checked, and their valued saved as
- a classification property.
- This property is used for grouping and for further analysis.
+\begin_layout Section*
+Thesis supervision
 \end_layout
 
 \begin_layout Description
-Successful
+Niklas
 \begin_inset space ~
 \end_inset
 
-request The status of the request is 200-299 or 304.
+Carlsson Associate Professor (Swedish: docent and universitetslektor) at
+ Division for Database and Information Techniques (ADIT), Department of
+ Computer and Information Science (IDA), Linköping University, Sweden.
+ Thank you for being my examiner.
 \end_layout
 
 \begin_layout Description
-Unsuccessful
+Patrik
 \begin_inset space ~
 \end_inset
 
-request The status is 100-199 or 300-303 or 305-599.
+Wallström Project Manager within R&D, .SE (The Internet Infrastructure Foundation
+), Sweden.
+ Thank for being my technical supervisor.
 \end_layout
 
 \begin_layout Description
-Failed
+Staffan
 \begin_inset space ~
 \end_inset
 
-request The log file format is incomplete or the status is null or below
- 100 or above 599.
+Hagnell Head of New Businesses, .SE (The Internet Infrastructure Foundation),
+ Sweden.
+ Thank you for being my company supervisor.
 \end_layout
 
-\begin_layout Description
-Same
-\begin_inset space ~
+\begin_layout Standard
+\begin_inset Newpage cleardoublepage
 \end_inset
 
-domain The request is to the same domain that was first visited.
-\end_layout
 
-\begin_layout Description
-Subdomain The request is to a subdomain of the domain that was first visited.
 \end_layout
 
-\begin_layout Description
-Superdomain The request is to a domain to which the origin domain is a subdomain.
- This basic superdomain classification is currently not checked against
- the public suffix list for invalid superdomains.
-\end_layout
+\begin_layout Standard
+\begin_inset ERT
+status open
 
-\begin_layout Description
-Same
-\begin_inset space ~
-\end_inset
+\begin_layout Plain Layout
 
-primary
-\begin_inset space ~
-\end_inset
 
-domain The request shared the same primary domain with the origin.
+\backslash
+phantomsection
+\backslash
+addcontentsline{toc}{chapter}{Nomenclature}
 \end_layout
 
-\begin_layout Description
-Internal
-\begin_inset space ~
 \end_inset
 
-domain The request is to the same domain, a subdomain or a superdomain of
- the domain that was first visited.
-\end_layout
 
-\begin_layout Description
-External
-\begin_inset space ~
+\begin_inset CommandInset nomencl_print
+LatexCommand printnomenclature
+set_width "custom"
+width "20text%"
+
 \end_inset
 
-domain The request is not to an internal domain.
+
 \end_layout
 
-\begin_layout Description
-Secure
-\begin_inset space ~
+\begin_layout Standard
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Content"
+description "Information and data that is presented to the user. Includes text, images, video and sound."
+
 \end_inset
 
-request The request is using HTTPS.
-\end_layout
 
-\begin_layout Description
-Insecure
-\begin_inset space ~
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Resource"
+description "An entity external to the HTML page that requested it. Types of resources include images, video, audio, CSS, javascript and flash animations."
+
 \end_inset
 
-request The request is not using HTTPS.
-\end_layout
 
-\begin_layout Subsubsection
-Disconnect.me
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "External resource"
+description "A resource downloaded from a domain other than the page that requested it was served from."
 
-\begin_layout Standard
-The URLs in the extended data contains lists of domain components.
- As the disconnect list of blocked domains is prepared for lookups by domains,
- each of the matching domains (including shorter domain components) are
- extracted with organization, organization URL and domain category.
-\end_layout
+\end_inset
 
-\begin_layout Subsection
-Analysis
-\end_layout
 
-\begin_layout Standard
-An analysis, where request classifications are counted, summed and the coverage
- calculated, is performed as an automated step.
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "External service"
+description "A third party service that delives some kind of resource to the user's browser. The service itself can vary from showing additional information and content, to ads and hidden trackers.\\\\\\\\External services include file hosting services, CDNs, advertisting networks, statistics and analytics collectors, and third party content."
 
-\begin_layout Subsubsection
-Origin
-\end_layout
+\end_inset
 
-\begin_layout Standard
-The origin domains are grouped separately from the requests that stemmed
- from them.
-\end_layout
 
-\begin_layout Subsubsection
-Requested URLs
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Tracker"
+description "An resource external to the visited page, which upon access receives information about the user's system and the page that requested it.\\\\\\\\Basic information in the HTTP request to the resource URL includes user agent (browser vendor, type and version down to the patch level, operating system, sometimes hardware type) referer (the full URL of page that requested the resource), an etag (unique string identifying the data from a previous request to the same resource URL) and cookies (previously set by the tracker)."
 
-\begin_layout Standard
-All requests are represented with their domain, and other classifications.
-\end_layout
+\end_inset
 
-\begin_layout Subsubsection
-Distinct requested URLs
-\end_layout
 
-\begin_layout Standard
-Even if two requests originating from a domain, it is only counted once.
- This gives the possibility to calculate coverage per domain later on.
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "CDN"
+description "Content delivery network"
 
-\begin_layout Subsubsection
-Request/domain counts
-\end_layout
+\end_inset
 
-\begin_layout Standard
-All the numbers from all domains added together.
-\end_layout
 
-\begin_layout Subsubsection
-Request/domain coverage
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Content delivery network"
+description "(CDN) The speed at which data can be delivered is dependant on distance between the user and the server. To reduce latency and download times, a content delivery network places multiple servers with the same content in strategic locations, both geographic and network toplolgy wise, closer to groups of users.\\\\\\\\For example, a CDN could deploy servers in Europe, the US and Australia, and reduce loading speed by setting up the system to automatically use the closest location."
 
-\begin_layout Standard
-The summed up counts divided by either the total request count (for requested
- URLs) or the number of domains in the current group (for distinct requested
- URLs).
- This gives a coverage percentage - either for the percentage of the number
- of requests, or domains that has the value.
-\end_layout
+\end_inset
 
-\begin_layout Subsubsection
-Grouping
-\end_layout
 
-\begin_layout Standard
-In order to not make too broad assumptions, some grouping was performed.
- The analysis was performed the same way on each of these groups 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:aggregate/analysis.sh"
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Domain name"
+description "A domain name is a human-readable way to navigate to a service on the internet: example.com. Fully qualified domain names (FQDN) have at least two parts - the top level domain name (TLD) and the second-level domain name - but oftentimes more depending on TLD rules and organizational units.\\\\\\\\Domains are also used, for example, as logical entities in regards to security and privacy scopes on the web, often implemented as same-origin policies. As an example, HTTP cookies are bound to domain that set them."
 
 \end_inset
 
-.
- The origin domain's download status was checked, and grouped into both
- unfiltered and non-failed groups.
- The list of requested URLs was grouped into unfiltered, internal and external
- URLs.
-\end_layout
 
-\begin_layout Subsection
-Questions
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Third-party content"
+description "Content served by another organization than the organization serving the explicitly requested web page. Also see external resource."
 
-\begin_layout Standard
-Where the aggregate analysis is not enough, there are custom questions.
- These questions/queries can be run against any previous intermediate step
- in the process, as they are saved to disk.
-\end_layout
+\end_inset
 
-\begin_layout Subsubsection
-Google Tag Manager
-\end_layout
 
-\begin_layout Standard
-One of the questions posed beforehand was if Google Tag Manager would have
- an impact upon results.
- This question is answered in 
-\begin_inset CommandInset ref
-LatexCommand vref
-reference "sub:Google-Tag-Manager"
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Third-party service"
+description "A service provided by an organization other than the explicitly requested service. Also see external service."
 
 \end_inset
 
- with the help of this data.
-\end_layout
 
-\begin_layout Subsubsection
-Origins with redirects
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Web site"
+description "A collection of web pages under the same organization or topic. Often all web pages on a domain is considered a site, but a single domain can also contain multiple sites."
 
-\begin_layout Standard
-Looking at preliminary results, a large portion of domains yielded a redirect
- as the initial response.
- In order to look at these redirects specifically, and determine if they
- redirect to an internal or external domain, a specific question was written.
-\end_layout
+\end_inset
 
-\begin_layout Subsection
-Multiset queries
-\end_layout
 
-\begin_layout Standard
-After downloading several datasets, it is often interesting to compare them
- side by side.
- The multiset queries extract pieces of data from several datasets, and
- combine them into a single files.
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Web service"
+description "A function performed on the internet, and in this document specifically web sites with a specific purpose directed towards human users. This includes search engines, social networks, online messaging and email as well as content sites such as news sites and blogs."
 
-\begin_layout Section
-Direction and scope
-\end_layout
+\end_inset
+
+
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Web browser"
+description "Or browser. Software a user utilizes to retrieve, present and traverse information from the web."
+
+\end_inset
 
-\begin_layout Standard
-Emphasis for the thesis will be on technical analysis, producing aggregate
- numbers regarding domains and external resources.
- Social aspects and privacy concerns are considered out of scope.
-\end_layout
 
-\begin_layout Standard
-The thesis will primarily be written from a Swedish perspective.
- This is in part because .SE has access to the full list of Swedish .se domains,
- and part because of their previous work with the 
-\emph on
-.SE Health Status
-\emph default
- reports.
- Focus is to analyze .se domains in the reports, as they have already been
- deemed important and results can be incorporated in future reports.
- The main non-technical grouping is also based on the same reports; government,
- media, financial institutions and other nation-wide publicly relevant organizat
-ion groups.
 \end_layout
 
 \begin_layout Standard
-One assumption is that all external resources can act as trackers, even
- for static (non-script) resources with no capabilities to dynamically survey
- the user's browser, collecting data and tracking users across domains using
- for example the 
-\begin_inset Flex Code
-status collapsed
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "URL"
+description "Uniform Resource Locator"
 
-\begin_layout Plain Layout
-Referer
-\end_layout
+\end_inset
+
+
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Uniform Resource Locator"
+description "(URL) A standard to define the address to resources, mostly on the internet, for example http://joelpurra.com/projects/masters-thesis/"
 
 \end_inset
 
- HTTP header 
-\begin_inset CommandInset citation
-LatexCommand cite
-key "Krishnamurthy:2006:CMC:1135777.1135829"
+
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "HTTP"
+description "Hypertext Transfer Protocol"
 
 \end_inset
 
-.
- While there are lists of known trackers, used by browser privacy tools,
- they are not 100% effective 
-\begin_inset CommandInset citation
-LatexCommand cite
-key "Malandrino:2013:PAI:2517840.2517868,Krishnamurthy:2006:CMC:1135777.1135829"
+
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "HTTPS"
+description "Secure HTTP, where data is transfered encrypted."
 
 \end_inset
 
-.
- The lists will instead optionally be used to emphasize those external resources
- as 
-\emph on
-confirmed
-\emph default
- trackers.
- While cookies used for tracking have been a concern for many, they are
- not necessary in order to identify most users upon return, even uniquely
- on a global level 
-\begin_inset CommandInset citation
-LatexCommand cite
-key "Eckersley2009unique"
+
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Hypertext Transfer Protocol"
+description "(HTTP) A protocol to transfer HTML and other web page resources across the internet."
 
 \end_inset
 
-.
- Cookies will not be considered to be an indicator of tracking, as it can
- be assumed that a combination of other server and client side techniques
- can achieve the same goal as a tracking cookie.
-\end_layout
 
-\begin_layout Chapter
-Discussion and conclusions
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Do Not Track"
+description "(DNT) A HTTP header used to indicate that the server should not record and track the client's traffic and other data."
 
-\begin_layout Standard
-\begin_inset Note Greyedout
-status open
+\end_inset
 
-\begin_layout Plain Layout
-Compare with expected results.
-\end_layout
+
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "DNT"
+description "Do Not Track"
 
 \end_inset
 
 
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "P3P"
+description "Platform for Privacy Preferences (P3P) Project"
 
-\begin_layout Standard
-\begin_inset Note Greyedout
-status open
+\end_inset
 
-\begin_layout Plain Layout
-Write about the 
-\emph on
-Follow the Money: Understanding Economics of Online Aggregation and Advertising
-\emph default
- report findings.
-\end_layout
+
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Platform for Privacy Preferences Project"
+description "(P3P) A W3C standard for HTTP where server responses are annotated with an encoded privacy policy, so the client can display it to the user. Work has been discontinued since 2006."
 
 \end_inset
 
@@ -3843,249 +4085,226 @@ Follow the Money: Understanding Economics of Online Aggregation and Advertising
 \end_layout
 
 \begin_layout Standard
-\begin_inset Note Greyedout
-status open
-
-\begin_layout Plain Layout
-Write about 
-\emph on
-Third-party Identity Management Usage on the Web
-\emph default
- report findings.
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol ".SE"
+description "The Internet Infrastructure Foundation. An independent organization for the benefit of the public that promotes the positive development of the internet in Sweden. .SE is responsible for the .se country code top level domain."
 
 \end_inset
 
 
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol ".se"
+description "The country code top level domain name for Sweden."
 
-\begin_layout Section
+\end_inset
 
-\emph on
-.SE Health Status
-\emph default
- comparison
-\begin_inset CommandInset label
-LatexCommand label
-name "sec:.SE-Health-Status-comparison"
+
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol ".dk"
+description "The country code top level domain name for Denmark."
 
 \end_inset
 
 
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol ".com"
+description "A generic top level domain. It has the greatest number of registered domain of all TLDs."
 
-\begin_layout Standard
-\begin_inset Note Greyedout
-status open
+\end_inset
 
-\begin_layout Plain Layout
-Write about the 
-\emph on
-.SE Health Status
-\emph default
- report findings.
-\end_layout
+
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol ".net"
+description "A generic top level domain."
 
 \end_inset
 
 
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "TLD"
+description "Top level domain."
 
-\begin_layout Subsection
-Google Analytics
-\end_layout
+\end_inset
 
-\begin_layout Standard
-One of the reasons this thesis subject was chosen was the inclusion of a
- Google Analytics coverage analysis in previous reports.
- The reports shows overall Google Analytics usage in the curated dataset
- of 44% 2010, 58% in 2011 and 62% in 2012 
-\begin_inset CommandInset citation
-LatexCommand cite
-key "Lowinder:2010:healthstatus,Lowinder:2011:healthstatus,Lowinder:2012:healthstatus"
+
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Top level domain"
+description "(TLD) The last part of a domain name, such as .se or .com. Registration of TLDs is handled by ICANN."
 
 \end_inset
 
-.
- Today, in 2014, usage in the category with the least coverage (financial
- services) is 58% while most are above 70% 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:Top-domains"
+
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "gTLD"
+description "Generic top level domain such as .com or .net."
 
 \end_inset
 
-.
- The highest coverage category (government owned corporations) is even above
- 90%.
- Since Google Analytics can now be used from the DoubleClick domain as well,
- looking only at the Google Analytics domain makes little sense - instead
- it might make more sense to look at the organization Google as a whole.
- The coverage jumps quite a bit, with most categories landing above 85%
- 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:Top-organizations"
+
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "ccTLD"
+description "A top level domain based on a country code, such as .se or .dk."
 
 \end_inset
 
-.
+
 \end_layout
 
 \begin_layout Standard
-\begin_inset ERT
-status open
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "Alexa"
+description "A web traffic statistic service, owned by Amazon."
 
-\begin_layout Plain Layout
+\end_inset
 
 
-\backslash
-begin{futurework}
 \end_layout
 
+\begin_layout Standard
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "jq"
+description "A tool and domain specific programming language to read and transform JSON data. See the software chapter."
+
 \end_inset
 
 
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "phantomjs"
+description "Browser software used for automated web site browsing. See the software chapter."
 
-\begin_layout Standard
-It is possible to extract the exact coverage for both Google Analytics and
- DoubleClick from the current dataset.
- Google Analytics already uses a domain of its own, and by writing a custom
- question separating DoubleClick's ad and analytics resource URLs analytics
- on that domain can be found as well.
-\end_layout
+\end_inset
 
-\begin_layout Standard
-\begin_inset ERT
-status open
 
-\begin_layout Plain Layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "HAR"
+description "HTTP Archive (HAR) format, used to store recorded HTTP metadata from a web page visit. See the software chapter."
+
+\end_inset
+
+
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "JavaScript Object Notation"
+description "(JSON) A data format based on Javascript objects. Often used on the internet for data transfer. Used in this thesis as the basis for all data transformation."
+
+\end_inset
 
 
-\backslash
-end{futurework}
-\end_layout
+\begin_inset CommandInset nomenclature
+LatexCommand nomenclature
+symbol "JSON"
+description "JavaScript Object Notation"
 
 \end_inset
 
 
 \end_layout
 
-\begin_layout Subsection
-Reachability
+\begin_layout Chapter
+\start_of_appendix
+Methodology details
+\end_layout
+
+\begin_layout Section
+Domains
 \end_layout
 
 \begin_layout Standard
-The random zone domain lists (.se, .dk, .com, .net) have download failures for
- 22-28% of all domains when it comes to 
-\begin_inset Flex Code
-status collapsed
+\begin_inset Note Greyedout
+status open
 
 \begin_layout Plain Layout
-http://
+Generate statistics table for each domain list this chapter?
 \end_layout
 
 \end_inset
 
- and 
-\begin_inset Flex Code
-status collapsed
 
-\begin_layout Plain Layout
-http://www.
 \end_layout
 
-\end_inset
-
- variations, where www has fewer failures.
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sec:Failed-versus-non-failed"
-
-\end_inset
+\begin_layout Subsection
 
- The HTTP result for .se is consistent with results from the 
 \emph on
 .SE Health Status
 \emph default
- reports, according to Patrik Wallström, where they only download www variations.
- 
-\begin_inset Note Greyedout
-status open
-
-\begin_layout Plain Layout
-Ask .SE about hard numbers?
+ domains
 \end_layout
 
-\end_inset
-
- Curated 
+\begin_layout Standard
+When .SE performs their annual 
 \emph on
 .SE Health Status
 \emph default
- lists have fewer failures for both HTTP, generally below 10% for the 
-\begin_inset Flex Code
-status collapsed
+ report measurements, they use an in-house curated list of domains of national
+ interest.
+ These domains are mostly from the .se zone and cover government, county,
+ municipality, higher education, government-owned corporations, financial
+ service, internet service provider (ISP), domain registrar, and media domains.
+ Some domains overlap both within and between categories; domains have been
+ deduplicated.
+\end_layout
+
+\begin_layout Standard
+\begin_inset Note Greyedout
+status open
 
 \begin_layout Plain Layout
-http://www.
+Write a summary with examples from each dataset.
 \end_layout
 
 \end_inset
 
- variation - perhaps explained by the thesis software and network setup
- 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sec:Failed-domains"
-
-\end_inset
 
-.
- Several prominent media sites with the same parent company respond as expected
- when accessed with a normal desktop browser - but not automated requests,
- suggesting that they detect and block some types of traffic.
 \end_layout
 
 \begin_layout Subsection
-HTTPS usage
+Random .se domains
 \end_layout
 
 \begin_layout Standard
-.SE have measured HTTPS coverage among curated health status domains since
- at least 2007 
-\begin_inset CommandInset citation
-LatexCommand cite
-key "Lowinder:2008:healthstatus,Lowinder:2009:healthstatus,Lowinder:2010:healthstatus,Lowinder:2011:healthstatus,Lowinder:2012:healthstatus,Lowinder:2013:healthstatus"
+The thesis was written in collaboration with .SE, which runs the .se TLD,
+ and the work focusing on the state of Swedish domains.
+ Early script development was done using a sample of 
+\begin_inset ERT
+status open
 
-\end_inset
+\begin_layout Plain Layout
 
-.
- The reports are a bit unclear about some numbers as measurement methodology
- and focus has shifted over the years, but the general results seem to line
- up with the results in this thesis 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sec:Failed-versus-non-failed"
+
+\backslash
+numprint{10000}
+\end_layout
 
 \end_inset
 
-.
- 
-\begin_inset Note Greyedout
+ random domains, most often tested in groups of 
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-Verify results when all datasets have been downloaded.
-\end_layout
-
-\end_inset
 
 
+\backslash
+numprint{100}
 \end_layout
 
-\begin_layout Standard
+\end_inset
+
+.
+ A final sample of 
 \begin_inset ERT
 status open
 
@@ -4093,89 +4312,84 @@ status open
 
 
 \backslash
-tsvtable{se.health-status.https.tsv}{.SE Health Status HTTPS coverage 2008-2013}{}{f
-ixed, display columns/0/.style={string type, column type=l}, display columns/1/.st
-yle={string type, column type=i}, display columns/2/.style={string type,
- column type=i}, display columns/3/.style={string type, column type=i}}
+numprint{100000}
 \end_layout
 
 \end_inset
 
+ domains was also provided.
+ The .se TLD is to be considered Sweden-centric.
+\end_layout
 
+\begin_layout Subsection
+Random .dk domains
 \end_layout
 
 \begin_layout Standard
-Measurements changed in 2009, so they might not be fully comparable.
- No HTTPS measurements were performed in 2012.
- 
-\begin_inset Note Greyedout
+The Danish .dk TLD organization, DK Hostmaster A/S
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
-Ask .SE about exact numbers?
-\end_layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://www.dk-hostmaster.dk/"
 
 \end_inset
 
 
 \end_layout
 
-\begin_layout Standard
-\begin_inset Note Greyedout
+\end_inset
+
+, helped out with a sample of 
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-Write a comparison with own results per category?
-\end_layout
-
-\end_inset
 
 
+\backslash
+numprint{10000}
 \end_layout
 
-\begin_layout Standard
-24% of HTTPS sites redirect from HTTPS back to HTTP in 2013 - see also 
-\begin_inset CommandInset ref
-LatexCommand vref
-reference "sec:HTTP,-HTTPS-and-redirects"
-
 \end_inset
 
-.
+ domains, chosen at random from the database of active domains in the zone.
+ The .dk TLD is to be considered Denmark-centric.
 \end_layout
 
-\begin_layout Section
-Cat and Mouse: Content Delivery Tradeoffs in Web Access
+\begin_layout Subsection
+Random .com, .net domains
 \end_layout
 
 \begin_layout Standard
-\begin_inset Note Greyedout
+The maintainers of the .com, .net and .name TLDs, Verisign, allow downloading
+ of the complete zone file under an agreement.
+ The .com zone is the largest one by far, and the .net zone is in the top
+ 4.
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
-Is this comparison relevant?
-\end_layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://www.keepalert.com/top-extension-ranking-july-2014-newgtlds"
 
 \end_inset
 
 
 \end_layout
 
-\begin_layout Standard
-\begin_inset Note Greyedout
-status open
-
-\begin_layout Plain Layout
-Describe the report.
-\end_layout
-
 \end_inset
 
-
+ This allows for a random selection of sites from around the world, even
+ though usage is not geographically uniform - both in terms of registrations
+ and actual usage.
 \end_layout
 
-\begin_layout Standard
-The report looks the top 
+\begin_layout Subsection
+Alexa Top 
 \begin_inset ERT
 status open
 
@@ -4183,69 +4397,60 @@ status open
 
 
 \backslash
-numprint{100}
+numprint{1000000}
 \end_layout
 
 \end_inset
 
- English language sites from 12 categories in Alexa's top list, plus another
- 
-\begin_inset ERT
+
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://alexa.com/"
+
+\end_inset
 
 
-\backslash
-numprint{100}
 \end_layout
 
 \end_inset
 
- sites from a political list.
- These sites come from 
-\begin_inset ERT
-status open
-
-\begin_layout Plain Layout
-
 
-\backslash
-numprint{1116}
 \end_layout
 
-\end_inset
-
- domains.
- They used a local proxy server to gather URLs, which means that HTTPS requests
- were lost.
- A total of 
-\begin_inset ERT
+\begin_layout Standard
+Alexa, owned by Amazon, is a well-known source of top sites
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://www.alexa.com/topsites"
+
+\end_inset
 
 
-\backslash
-numprint{1113}
 \end_layout
 
 \end_inset
 
- pages were downloaded from that set, plus 
-\begin_inset ERT
+ in the world.
+ It is used in many research papers, and can be seen as the standard dataset.
+ 
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-
-
-\backslash
-numprint{457}
+List referenced research papers using it.
 \end_layout
 
 \end_inset
 
- pages from Alexa's top 
+ Their daily 1-month average traffic rank top 
 \begin_inset ERT
 status open
 
@@ -4253,124 +4458,97 @@ status open
 
 
 \backslash
-numprint{500}
+numprint{1000000}
 \end_layout
 
 \end_inset
 
- in a secondary list.
- The overlap was 
-\begin_inset ERT
+ list is freely available for download.
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://alexa.zendesk.com/hc/en-us/articles/200449834-Does-Alexa-have-a-list-of-its-top-ranked-websites-"
+
+\end_inset
 
 
-\backslash
-numprint{180}
 \end_layout
 
 \end_inset
 
- pages.
+ As Alexa distinguishes between a site and a domain, some domains with several
+ popular sites are listed more than once.
+ URL paths have been stripped and domains have been deduplicated before
+ downloading.
 \end_layout
 
-\begin_layout Standard
-\begin_inset Note Greyedout
+\begin_layout Subsection
+Reach50
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
-Fill in numbers.
-\end_layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://reach50.com/"
 
 \end_inset
 
 
 \end_layout
 
-\begin_layout Standard
-\begin_inset Note Greyedout
-status open
-
-\begin_layout Plain Layout
-Does a new dataset need to be downloaded?
-\end_layout
-
 \end_inset
 
 
 \end_layout
 
 \begin_layout Standard
-\begin_inset ERT
+The top 50 sites in Sweden are presented by Webmie
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
-
-
-\backslash
-tsvtable{krishnamurthy-2006-cmc-1135777.1135829_ad_coverage.tsv}{Ad coverage}{}{fi
-xed, display columns/0/.style={string type, column type=l}, display columns/1/.sty
-le={string type, column type=i}, display columns/2/.style={string type, column
- type=i}, display columns/3/.style={string type, column type=i}, display
- columns/4/.style={string type, column type={|i}}, display columns/5/.style={strin
-g type, column type=i}, display columns/6/.style={string type, column type=i}}
-\end_layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://webmie.com/"
 
 \end_inset
 
 
 \end_layout
 
-\begin_layout Section
-Trackers which deliver content
-\begin_inset CommandInset label
-LatexCommand label
-name "sec:Trackers-which-deliver-content"
-
 \end_inset
 
-
+, who base their list on data from a user panel.
+ The panelists have installed an extension into their browser, tracking
+ their browsing habits by automated means.
+ They also have results grouped by panelists categories: women, men, age
+ 16-34, 35-54, 55+ but only the unfiltered top list is publicly available.
 \end_layout
 
-\begin_layout Standard
-In Disconnect's blocking list, there's a category called content 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:Disconnect-Content"
-
-\end_inset
+\begin_layout Subsection
+Datasets in use
+\begin_inset CommandInset label
+LatexCommand label
+name "sub:Datasets-in-use"
 
-.
- While all other categories are blocked by default, this one is not as it
- represents external resources deemed 
-\emph on
-desirable
-\emph default
- to Disconnect's users.
- So while they are known tracker domains, they are allowed to pass 
-\begin_inset Quotes eld
 \end_inset
 
-by popular demand.
-\begin_inset Quotes erd
-\end_inset
 
- This brings an advantage to companies that can deliver content, as they
- can just as well use content usage data as pure web bug/tracker usage data
- when analyzing patterns.
 \end_layout
 
 \begin_layout Standard
-Google has several popular embeddable services in the content category,
- including Google Maps
+These are the final domain lists in use, including full dataset size
 \begin_inset Foot
 status open
 
 \begin_layout Plain Layout
 \begin_inset CommandInset href
 LatexCommand href
-target "https://developers.google.com/maps/documentation/embed/"
+target "https://www.iis.se/domaner/statistik/tillvaxt/?chart=active"
 
 \end_inset
 
@@ -4379,14 +4557,14 @@ target "https://developers.google.com/maps/documentation/embed/"
 
 \end_inset
 
-, Google Translate
+
 \begin_inset Foot
 status open
 
 \begin_layout Plain Layout
 \begin_inset CommandInset href
 LatexCommand href
-target "https://translate.google.com/manager/website/"
+target "https://stats.dk-hostmaster.dk/domains/total_domains/"
 
 \end_inset
 
@@ -4395,68 +4573,75 @@ target "https://translate.google.com/manager/website/"
 
 \end_inset
 
- and least but not least YouTube
-\begin_inset Foot
+ and selection method.
+\end_layout
+
+\begin_layout Standard
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://developers.google.com/youtube/player_parameters"
-
-\end_inset
 
 
+\backslash
+tsvtable{domains.datasets.tsv}{Datasets in use}{}{display columns/0/.style={string
+ type, column type=l}, display columns/1/.style={string type, column type=l},
+ display columns/3/.style={string type, column type=l}}
 \end_layout
 
 \end_inset
 
-.
- Lesser known examples include Recaptcha
-\begin_inset Foot
-status open
 
-\begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://developers.google.com/recaptcha/"
+\end_layout
+
+\begin_layout Subsection
+TLD distribution
+\begin_inset CommandInset label
+LatexCommand label
+name "sub:TLD-distribution"
 
 \end_inset
 
 
 \end_layout
 
-\end_inset
+\begin_layout Standard
+These are the top TLDs in the list of unique domains.
+\end_layout
 
- which is an embeddable service to block/disallow web crawlers/bots access
- to web page features.
- Those are visible examples, which users interact with.
- Google Fonts
-\begin_inset Foot
+\begin_layout Standard
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://www.google.com/fonts"
+
+
+\backslash
+tsvtable{domains.tlds.tsv}{TLDs in dataset in use}{}{display columns/2/.style={stri
+ng type, column type=l},}
+\end_layout
 
 \end_inset
 
 
 \end_layout
 
+\begin_layout Section
+Public suffix list
+\begin_inset CommandInset label
+LatexCommand label
+name "sub:Public-suffix-list"
+
 \end_inset
 
- which serves modern web fonts for easy embedding, is still visible but
- not branded.
- Google Hosted Libraries
+
 \begin_inset Foot
 status open
 
 \begin_layout Plain Layout
 \begin_inset CommandInset href
 LatexCommand href
-target "https://developers.google.com/speed/libraries/"
+target "https://publicsuffix.org/"
 
 \end_inset
 
@@ -4465,391 +4650,295 @@ target "https://developers.google.com/speed/libraries/"
 
 \end_inset
 
- which serves popular javascript libraries from Google's extensive CDN network
- instead of the local server for site speed/performance gains are not visible
- as components, but they cannot be removed without affecting functionality.
- Especially the two latter, served from the googleapis.com domain, are prevalent
- in several of the datasets - and they are usually loaded on every single
- page on a web site, and thus gain full (but passive, as opposed to for
- example Google Analytics) insight on users' click paths and web history.
-\end_layout
 
-\begin_layout Standard
-\begin_inset Note Greyedout
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
-Extract a data table with popular content domains.
-\end_layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://en.wikipedia.org/wiki/Public_Suffix_List"
 
 \end_inset
 
 
 \end_layout
 
-\begin_layout Section
-Other notable results
-\end_layout
+\end_inset
+
 
-\begin_layout Standard
-Some results differ from my own assumptions.
 \end_layout
 
 \begin_layout Standard
-\begin_inset Note Greyedout
-status open
+In the domain name system, it is not always obvious what parts of a domain
+ name are a public suffix and which are open for registration by Internet
+ users.
+ The main example is 
+\begin_inset Flex Code
+status collapsed
 
 \begin_layout Plain Layout
-Write more about notable results.
+example.co.uk
 \end_layout
 
 \end_inset
 
+, where the public suffix 
+\begin_inset Flex Code
+status collapsed
 
+\begin_layout Plain Layout
+co.uk
 \end_layout
 
-\begin_layout Section
-Automated, scalable data collection and repeatable analysis
-\end_layout
-
-\begin_layout Standard
-One of the prerequisites for the type of analysis performed in this thesis
- was that all collection should be automated, repeatable and be able to
- handle tens of thousands of domains at a time.
- This goal has been achieved, and a specialized framework for analyzing
- web pages's HTTP requests has been built.
- While most of the code has been tailored to answer questions posed in this
- thesis, it is also built to be extendable, both in and between all data
- processing steps.
- More data can be included, additional datasets can be mixed in, separate
- questions can be written to query data from any stage in the data preparation
- or analysis.
- Tools have been written to easily download and compare separate lists of
- domains, and by default data is kept in its original downloaded form so
- that historical analysis can be performed.
-\end_layout
-
-\begin_layout Standard
-It might be hard to convince other researchers to use code, as it might
- not fulfill all of their wishes at once on top of any 
-\begin_inset Quotes eld
 \end_inset
 
-not invented here
-\begin_inset Quotes erd
-\end_inset
+ is to different from the TLD 
+\begin_inset Flex Code
+status collapsed
 
- mentality.
- Fortunately, the code is easy to run, and with proper documentation other
- groups should be able to at least test simple theories regarding web sites.
- Some of the lists of domains used as input are publicly available, and
- thus results can also be shared.
- This should encourage other groups, as looking at example data might spark
- interest.
+\begin_layout Plain Layout
+uk
 \end_layout
 
-\begin_layout Section
-Contributions to other open source projects
-\end_layout
+\end_inset
 
-\begin_layout Standard
-During the development of code for this thesis, other projects have been
- utilized.
- In good open source manners, those projects should be improved when possible.
-\end_layout
+.
+ Because HTTP cookies are based on domains names, it is important to browser
+ vendors to be able to recognize which parts are public suffixes to be able
+ to protect users against supercookies
+\begin_inset Foot
+status open
 
-\begin_layout Subsection
-The HAR specification
-\begin_inset CommandInset label
-LatexCommand label
-name "sub:The-HAR-specification"
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://en.wikipedia.org/wiki/HTTP_cookie#Supercookie"
 
 \end_inset
 
 
 \end_layout
 
-\begin_layout Standard
-After looking at further processing of the data, some improvements might
- be suggested.
-\end_layout
+\end_inset
 
-\begin_layout Standard
-One such suggestion might be to add an absolute/resolved version of 
+; cookies which are scoped to a public suffix, and therefore readable across
+ all web sites under that public suffix.
+ The same dataset is also useful for grouping domains without improperly
+ counting 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-response.redirectURL
+example.co.uk
 \end_layout
 
 \end_inset
 
-, as specification 1.2 seems to be unclear wether or not it should be kept
- as-is from the HTTP 
+ as a 
+\emph on
+user-owned subdomain
+\emph default
+ of 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-Location
+co.uk
 \end_layout
 
 \end_inset
 
- header or browser's 
+, which would then render 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-redirectURL
+co.uk
 \end_layout
 
 \end_inset
 
- values - both of which possibly is relative.
- As subsequent HTTP requests are hard to refer to without relying either
- on exact request ordering (the executed redirect always coming exactly
- as the next entry) or at least having the URL resolved (preferably by the
- browser) before writing it to the HAR data.
- Current efforts in 
+ as the most popular domain under the 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-netsniff.js
+uk
 \end_layout
 
 \end_inset
 
- 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:get/netsniff.js"
+ TLD.
+\end_layout
 
-\end_inset
+\begin_layout Standard
+Swedish examples include second level domains 
+\begin_inset Flex Code
+status collapsed
 
- to resolve relative URLs using a separate javascript library have proven
- inexact when it comes to matching against the browser's executed URL, differing
- for example in wether trailing slashes are kept for domain root requests
- or not.
- What would be even better, is a way to refer to the reason for the HTTP
- request, be it an HTML tag, a script call or a HTTP redirect - but that
- could to be highly implementation dependent per browser.
+\begin_layout Plain Layout
+pp.se
 \end_layout
 
-\begin_layout Subsection
-phantomjs
-\end_layout
+\end_inset
 
-\begin_layout Standard
-While 
+ for privately owned domains and 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-netsniff.js
+tm.se
 \end_layout
 
 \end_inset
 
- 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:get/netsniff.js"
+ for trademarks
+\begin_inset Foot
+status open
+
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://www.iis.se/data/barred_domains_list.txt"
 
 \end_inset
 
- from the phantomjs example library has been improved in several ways, patches
- have not yet been submitted.
- Since it is only an example from their side, a more developed version might
- no longer serve the same purpose - educating new users on the possibilities
- of phantomjs.
- An attempt to break the code down and separate pure bug fixes from other
- improvements might help.
- The version written for this thesis is released under the same license
- as the original, so reuse should not be a problem for those interested.
-\end_layout
 
-\begin_layout Subsection
-jq
 \end_layout
 
-\begin_layout Standard
-Using jq as the main program for data transformation and aggregation has
- given me a fair amount of knowledge of real world usage of the jq domain-specif
-ic language (DSL).
- Bugs and inconsistencies have been reported, and input regarding for example
- code sharing through a package management system and (semantic) versioning
- has been given.
- Some of the reusable jq code and helper scripts written for the thesis
- has been packaged for easy reuse, and more is on the way.
-\end_layout
+\end_inset
 
-\begin_layout Subsection
-Disconnect
-\end_layout
+.
+ These second level domains were more important before April 2003
+\begin_inset Foot
+status open
 
-\begin_layout Standard
-Disconnect relies heavily on their blocking list 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:Disconnect's-blocking-list"
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://en.wikipedia.org/wiki/.se#Pre_2003_system"
 
 \end_inset
 
-, as it is the base for both the service of blocking external resources
- and presenting statistics to the user.
- While preparing 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:classification/disconnect/prepare-service-list.sh"
-
-\end_inset
 
- and analyzing 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:classification/disconnect/analysis.sh"
+\end_layout
 
 \end_inset
 
- the blocking list, a number of errors and inconsistencies were found.
- Unfortunately, the maintainers do not seem very active in the project,
- and even trivial data encoding errors were not patched over a month after
- submission.
- According to Disconnect's Eason Goodale in an email conversation 2014-08-13,
- the team has been concentrating on a second version of Disconnect as well
- as other projects.
- While patches can be submitted through Disconnect's Github project pages,
- Goodale's reply seems to indicate they will not be accepted in a timely
- fashion and perhaps irrelevant by the time the next generation is released
- to the public.
-\end_layout
-
-\begin_layout Subsection
-Public Suffix
+, when first level domain registration rules restricted registration to
+ nation-wide companies, associations and authorities.
 \end_layout
 
 \begin_layout Standard
-A tool that parses the public suffix list from its original format to a
- JSON lookup object format has been written.
- Using that tool an inconsistency in the data was detected - the TLD .engineering
- being included twice instead of .engineer and .engineering separately.
- This had already been detected and reported by others, but it can be used
- to detect future inconsistencies in an automated manner.
-\end_layout
+The public suffix list (2014-07-24) contains 6278 rules, against which domains
+ are checked in one of the classification steps 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:classification/effective-tld/add.sh"
 
-\begin_layout Chapter
-Related work
-\end_layout
+\end_inset
 
-\begin_layout Section
-At .SE
+.
+ It becomes the basis for the domain's division into public suffix and primary
+ domain (first non-public suffix match), and subsequent grouping.
 \end_layout
 
 \begin_layout Standard
-Part of .SE's work includes researching internet and technology, with a focus
- on Sweden - for example, 
-\emph on
-Swedes and the internet
-\emph default
- and broadband and cell phone bandwidth speed tests 
-\begin_inset Note Greyedout
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-Insert names of reports.
-\end_layout
 
-\end_inset
-
- to the public, both in Swedish
-\begin_inset Foot
-status open
 
-\begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://www.iis.se/lar-dig-mer/rapporter/"
+\backslash
+begin{futurework}
+\end_layout
 
 \end_inset
 
 
 \end_layout
 
-\end_inset
+\begin_layout Standard
+There is also an algorithm for wildcard rules which can have exceptions;
+ this thesis has not implemented wildcards and exceptions in the classification
+ step.
+ There are 24 TLDs with wildcard public suffixes, and 8 non-TLD wildcards.
+ Out of these 8 non-TLD wildcards, 1 is *.sch.uk and 7 are Japanese geographic
+ areas.
+ The 24 wildcards have 10 exception rules; 7 of them are Japanese cities
+ grouped by the previously mentioned geographic areas and the remaining
+ 3 seem to belong to ccTLD owner organizations.
+\end_layout
 
- and English
-\begin_inset Foot
+\begin_layout Standard
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://www.iis.se/english/reports/"
-
-\end_inset
 
 
+\backslash
+end{futurework}
 \end_layout
 
 \end_inset
 
-.
- Information and statistics are also published on a separate portal, in
- collaboration with other organizations.
-\begin_inset Foot
+
+\end_layout
+
+\begin_layout Standard
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://www.iis.se/vad-vi-gor/internetstatistik/"
+
+
+\backslash
+begin{futurework}
+\end_layout
 
 \end_inset
 
 
 \end_layout
 
-\end_inset
+\begin_layout Standard
+Apart from ICANN domains, which have been implemented, there are also private
+ domains considered public suffixes listed as rules.
+ They are domains which have subdomains controlled by users/customers, for
+ example joelpurra.github.io which is controlled by me but hosted by the code
+ hosting service github.com.
+ Other examples include cloud hosting/CDN services such as cloudfront.net,
+ amazonaws.com, azurewebsites.net, fastly.net, herokuapp.com, blogs from several
+ blogspot.TLD domains and dyndns.com's wide choice of dynamic domains.
+ One example that looks like a technical choice in order to hinder accidental
+ or malicious setting of cookies is googleapis.com, which is listed despite
+ being (presumably) completely under Google's control.
+\end_layout
 
- .SE's Internet Fund
-\begin_inset Foot
+\begin_layout Standard
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://www.internetfonden.se/"
-
-\end_inset
 
 
+\backslash
+end{futurework}
 \end_layout
 
 \end_inset
 
- has also funded work on discussing and defining online privacy, aimed at
- those working with or developing systems that handle personal data, often
- with some kind of internet connection 
-\begin_inset CommandInset citation
-LatexCommand cite
-key "Bylund:2013:978-91-87379-12-3:integritet"
-
-\end_inset
 
-.
 \end_layout
 
-\begin_layout Subsection
-
-\emph on
-.SE Health Status
-\emph default
-
+\begin_layout Section
+Disconnect's blocking list
 \begin_inset CommandInset label
 LatexCommand label
-name "sub:.SE-Health-Status"
+name "sub:Disconnect's-blocking-list"
 
 \end_inset
 
@@ -4857,90 +4946,80 @@ name "sub:.SE-Health-Status"
 \end_layout
 
 \begin_layout Standard
-While .SE themselves have written reports analyzing the technical state of
- services connected to .se domains, 
-\emph on
-.SE Health Status
-\emph default
- 
-\begin_inset CommandInset citation
-LatexCommand cite
-key "Lowinder:2008:healthstatus,Lowinder:2009:healthstatus,Lowinder:2010:healthstatus,Lowinder:2011:healthstatus,Lowinder:2012:healthstatus,Lowinder:2013:healthstatus"
-
-\end_inset
+One of the most popular privacy tools is Disconnect, which blocks tracking
+ sites by running as a browser plugin.
+ Disconnect was started by ex-Google engineers, and still seems to have
+ close ties to Google as the own domain disconnect.me is listed as a Google
+ content domain in the blocking list.
+\end_layout
 
-, the focus has not been on exploring the web services connected to these
- domains.
- The research is focused on statistics about usage and security in DNS,
- IP, web and e-mail; the target audience is IT strategists, executives and
- directors.
- Data for the reports is analyzed and summarized by Anne-Marie Eklund Löwinder,
- a world-renown DNS and security expert
-\begin_inset Foot
+\begin_layout Standard
+The Disconnect software lets users block/unblock loading resources from
+ specific third-party domains.
+ A list of 
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://www.iis.se/bloggare/anne-marie/"
-
-\end_inset
 
 
+\backslash
+numprint{2149}
 \end_layout
 
 \end_inset
 
-, while the technical aspects and tools are under the supervision of Patrik
- Wallström, a well known DNSSEC expert and free and open source software
- advocate
-\begin_inset Foot
+ domains is used as the basis from the blocking.
+ Each entry belongs to one of 
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "https://www.iis.se/bloggare/pawal/"
-
-\end_inset
 
 
+\backslash
+numprint{980}
 \end_layout
 
 \end_inset
 
-.
+ organizations, which come with a link to their webpage.
+ There is also a grouping into categories, here shown with some examples.
+ Worth noting is that the content category is not blocked by default.
 \end_layout
 
 \begin_layout Standard
-The thesis subject has been selected to be in line with the .SE reports,
- but focusing on web issues; code may be reused and results may be included
- in future reports.
- The 
-\emph on
-.SE Health Status
-\emph default
- reports do offer some groundwork in terms of selecting and grouping Swedish
- domains, HTTPS usage and Google Analytics coverage 
-\begin_inset CommandInset citation
-LatexCommand cite
-key "Lowinder:2010:healthstatus,Lowinder:2011:healthstatus,Lowinder:2012:healthstatus"
+\begin_inset ERT
+status open
+
+\begin_layout Plain Layout
+
+
+\backslash
+begin{futurework}
+\end_layout
 
 \end_inset
 
- 
+
+\end_layout
+
+\begin_layout Standard
+There are other open source alternatives to Disconnect's blocking list,
+ but they use data formats that are not as easy to parse.
+ The most popular ones also do not contain information about which organization
+ each blocking rule belongs to.
+ See 
 \begin_inset CommandInset ref
-LatexCommand ref
-reference "sec:.SE-Health-Status-comparison"
+LatexCommand vref
+reference "sec:Ad-and-privacy-blocking-lists"
 
 \end_inset
 
 .
- The report
-\emph on
- 
-\emph default
-is based on data collected from around 
+\end_layout
+
+\begin_layout Standard
 \begin_inset ERT
 status open
 
@@ -4948,348 +5027,396 @@ status open
 
 
 \backslash
-numprint{900}
+end{futurework}
 \end_layout
 
 \end_inset
 
- .se domain names deemed of importance to the Swedish society as a whole,
- as well as random selection of 1% of the registered .se domain names.
+
 \end_layout
 
 \begin_layout Subsection
-.SE Domain Check
-\end_layout
+Categories
+\begin_inset CommandInset label
+LatexCommand label
+name "sub:Disconnect-Categories"
+
+\end_inset
 
-\begin_layout Standard
-In order to facilitate repeatable and improvable analysis, tools will be
- developed to perform the collection and aggregation steps automatically.
- .SE already has a set of tools that run monthly; integration and interoperabilit
-y will smooth the process and continuous usage.
- There is also a public .SE tool to allow web site owners to test their own
- sites, 
-\emph on
-Domain Check
-\emph default
- 
-\begin_inset Note Greyedout
-status open
 
-\begin_layout Plain Layout
-Add link to Domain Check.
 \end_layout
 
+\begin_layout Standard
+Summary of Disconnect's categories.
+ Most domains and organizations by far are in the advertisement category.
+ The reason the Disconnect category has so few organizations, is that it
+ is treated as a special category 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:Disconnect-category"
+
 \end_inset
 
-, which might benefit from some of the code developed within the scope of
- this thesis.
+ with only Google, Facebook and Twitter.
 \end_layout
 
 \begin_layout Standard
-\begin_inset Note Greyedout
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-Write about .SE's abuse work?
-\end_layout
-
-\end_inset
 
 
+\backslash
+tsvtable{disconnect.categories.tsv}{Disconnect's categories (2014-09-08)}{}{displa
+y columns/0/.style={string type, column type=l},}
 \end_layout
 
-\begin_layout Section
-Other research
-\end_layout
+\end_inset
 
-\begin_layout Standard
-\begin_inset Note Greyedout
-status open
 
-\begin_layout Plain Layout
-Write about the results of the research, not that there is research.
 \end_layout
 
+\begin_layout Subsection
+Domains per organization
+\begin_inset CommandInset label
+LatexCommand label
+name "sub:Disconnect-Domains-per-organization"
+
 \end_inset
 
 
 \end_layout
 
 \begin_layout Standard
-Some research has been done surrounding ad networks, trackers and their
- spread on globally popular sites, as well as what kind of private data
- users can expect to more or less inadvertently share in the course of normal
- internet usage.
- Those papers show both some of the problems and solutions in trying to
- analyze external resources.
- The Association for Computing (ACM)
-\begin_inset Foot
+Many organizations have more than one domain.
+ One organization stands out, with 
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://acm.org/"
-
-\end_inset
 
 
+\backslash
+numprint{271}
 \end_layout
 
 \end_inset
 
- group SIGCOMM
-\begin_inset Foot
+ domains - Google.
+ The biggest reason is that they own top level domains such as google.se
+ and google.ch from over 200 TLDs.
+ Yahoo comes in second with 
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://sigcomm.org/"
-
-\end_inset
 
 
+\backslash
+numprint{71}
 \end_layout
 
 \end_inset
 
- has a yearly Internet Measurement Conference (IMC)
-\begin_inset Foot
+ domains, many of which are service-specific subdomains to yahoo.com, such
+ as finance.yahoo.com and travel.yahoo.com.
+\end_layout
+
+\begin_layout Standard
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://sigcomm.org/events/imc-conference"
+
+
+\backslash
+tsvtable{disconnect.domains-per-organization.tsv}{Domains per organization
+ (2014-09-08)}{}{}
+\end_layout
 
 \end_inset
 
 
 \end_layout
 
+\begin_layout Subsection
+Organizations in more than one category
+\begin_inset CommandInset label
+LatexCommand label
+name "sub:Disconnect-Organizations-in-more-than-one-category"
+
 \end_inset
 
-, where some papers of interest have been presented.
- The Passive and Active Measurements (PAM) Conference
-\begin_inset Foot
+
+\end_layout
+
+\begin_layout Standard
+Some organizations are represented in more than one of the five Disconnect
+ categories.
+ Yahoo has several ad services, several social services, several content
+ services and a single analytics service, putting them in four categories.
+\end_layout
+
+\begin_layout Standard
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://pam2014.cs.unm.edu/"
+
+
+\backslash
+tsvtable{disconnect.organizations-in-more-than-one-category.tsv}{Organizations
+ in more than one category (2014-09-08)}{}{display columns/0/.style={string
+ type, column type=l},}
+\end_layout
 
 \end_inset
 
 
 \end_layout
 
-\end_inset
+\begin_layout Subsection
+Advertising
+\end_layout
 
- might also have interesting papers, as well as for example ACM's archives.
- As for individuals, one of the most connected researchers in this field
- is Balachander Krishnamurthy
-\begin_inset Foot
+\begin_layout Standard
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://www2.research.att.com/~bala/papers/"
+Add technorati.com, wpp.com?
+\end_layout
 
 \end_inset
 
 
 \end_layout
 
-\end_inset
+\begin_layout Description
+overture.com Yahoo's ad network.
+\end_layout
 
-, who has worked with several groups looking at privacy in both online social
- networks (OSNs) and general websites.
+\begin_layout Description
+omniture.com Adobe's ad network.
 \end_layout
 
-\begin_layout Standard
-Media have made reports regarding mass surveillance, especially by the United
- States intelligence agency National Security Agency (NSA)
-\begin_inset Foot
-status open
+\begin_layout Description
+amazon-adsystem.com Amazon's ad delivery network.
+\end_layout
 
-\begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://www.nsa.gov/"
+\begin_layout Subsection
+Analytics
+\end_layout
 
-\end_inset
+\begin_layout Description
+alexa.com Amazon's web statistics service, considered an authority in web
+ measurement.
+\end_layout
 
+\begin_layout Description
+comscore.com Analytics service that also publishes statistics.
+\end_layout
 
+\begin_layout Description
+gaug.es GitHub's analytics service.
 \end_layout
 
-\end_inset
+\begin_layout Description
+coremetrics.com Part of IBM's enterprise marketing services.
+\end_layout
 
-, but so far few papers seem to have been written.
- There are also reports on what data private companies are collecting, in
- part by their online efforts, and how they are packaging it for resale.
- While media reports are not academic papers, they provide an up to date
- source of information needed in explaining parts of the thesis subject.
+\begin_layout Description
+newrelic.com A suite of systems monitoring and analytics software, up to
+ and including browsers.
 \end_layout
 
-\begin_layout Subsection
-Cookie syncing
+\begin_layout Description
+nielsen.com Consumer studies.
 \end_layout
 
-\begin_layout Standard
-A recent large-scale study 
-\begin_inset CommandInset citation
-LatexCommand cite
-key "G.-Acar:persistent:2014aa"
+\begin_layout Description
+statcounter.com Web statistics tool.
+\end_layout
+
+\begin_layout Description
+webtrends.com Digital marketing analytics and optimization across channels.
+\end_layout
+
+\begin_layout Subsection
+Content
+\begin_inset CommandInset label
+LatexCommand label
+name "sub:Disconnect-Content"
 
 \end_inset
 
- included a cookie syncing privacy analysis.
- It was shown that unique user identifiers were shared between different
- third parties.
- IDs can be shared in different ways.
- If both third parties exist on the same page, they can be shared through
- scripts or by looking for any IDs in the location URL.
- They can also be shared by one third-party sending requests to a second
- third-party (a fourth-party? 
-\begin_inset Note Greyedout
-status open
 
-\begin_layout Plain Layout
-Look up term, might be defined already.
 \end_layout
 
-\end_inset
+\begin_layout Standard
+Sites that deliver content.
+ There is a wide variety of content, from images and videos to A/B testing,
+ comment and help desk services.
+ This category is not blocked by default.
+\end_layout
 
-), either by leaking the location URL as a HTTP referrer or by embedding
- it in the request URL.
- In crawls of Alexa's top 
-\begin_inset ERT
+\begin_layout Description
+apis.google.com One of Google's API domains.
+ 
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-
-
-\backslash
-numprint{3000}
+Look at which services are hosted.
 \end_layout
 
 \end_inset
 
- domains, one third-party script in particular sends requests with synced
- IDs to 25 domains; the IDs were eventually are shared with 43 domains.
- They also showed that a user's browsing history reconstruction rate rose
- from 1.4% to 11% when backend/server-to-server overlaps were modeled.
+
 \end_layout
 
-\begin_layout Standard
-The study used a modified Firefox browser to look at values stored in primarily
- cookies.
- As all HTTP requests are recorded in this thesis, including HTTP cookie
- headers, a limited version of the same study could be performed.
- In addition, they look at in-browser scripting utilizing for example 
-\begin_inset Flex Code
-status collapsed
+\begin_layout Description
+brightcove.com Video hosting/monetization service.
+\end_layout
 
-\begin_layout Plain Layout
-localStorage
+\begin_layout Description
+disqus.com A third party comment service.
 \end_layout
 
-\end_inset
+\begin_layout Description
+flickr.com Flickr is a photo/video hosting site, owned by Yahoo.
+\end_layout
 
-, 
-\begin_inset Flex Code
-status collapsed
+\begin_layout Description
+googleapis.com One of Google's API domains, hosting third-party files/services
+ such as Google Fonts and Google Hosted Libraries.
+\end_layout
 
-\begin_layout Plain Layout
-canvas
+\begin_layout Description
+instagram.com Facebook's photo/video sharing site.
 \end_layout
 
-\end_inset
+\begin_layout Description
+office.com Microsoft's Office suite online.
+\end_layout
 
- fingerprinting and ID storage in external plugins like Flash.
- While that might be possible, the modifications that would need to be made
- to phantomjs are non-trivial, and my current scope does not allow for that.
- With their research as a base, cookie respawning and sharing could possibly
- be confirmed using this thesis' code as a external tool using a different
- browser platform.
+\begin_layout Description
+optimizely.com An A/B testing service.
 \end_layout
 
-\begin_layout Section
-HTTP Archive
-\begin_inset CommandInset label
-LatexCommand label
-name "sub:HTTP-Archive"
+\begin_layout Description
+truste.com Provides certification and tools for privacy policies in order
+ to gain users' trust; “enabling businesses to safely collect and use customer
+ data across web, mobile, cloud and advertising channels.” This includes
+ ways to selectively opt-out from cookies features; required, functional
+ or advertising.
+\end_layout
 
-\end_inset
+\begin_layout Description
+tumblr.com A popular blogging platform.
+\end_layout
+
+\begin_layout Description
+uservoice.com A customer support service.
+\end_layout
 
+\begin_layout Description
+vimeo.com A video site.
+\end_layout
 
-\begin_inset Foot
+\begin_layout Description
+www.google.com Google's main domain, which also hosts services such as search.
+ 
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://httparchive.org/"
+Look at which services are hosted.
+\end_layout
 
 \end_inset
 
 
 \end_layout
 
+\begin_layout Description
+youtube.com One of Google's video sites.
+\end_layout
+
+\begin_layout Subsection
+Disconnect
+\begin_inset CommandInset label
+LatexCommand label
+name "sub:Disconnect-category"
+
 \end_inset
 
 
 \end_layout
 
 \begin_layout Standard
-In an effort to measure web page speed on the internet, initially developed
- in October 2010, the HTTP Archive collects HAR data and runs analyses on
- them.
- Unfortunately, their data dumps are in a custom format, not the original
- HAR files, but there are some direct comparisons to be made with their
- 
-\emph on
-Interesting stats
-\emph default
-
-\begin_inset Foot
-status open
+A special category for non-content resources from Facebook, Google and Twitter.
+ It seems to initially have been designed to block their respective like/+1/twee
+t buttons which seem to belong in the social category.
+ As the category now contains many other known tracking domains from the
+ same organizations, unblocking the social buttons also lets many other
+ types of resources trough.
+\end_layout
 
-\begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://httparchive.org/interesting.php"
+\begin_layout Standard
+It is worth noting that this category includes google-analytics.com plus
+ Google ad networks such as adwords.google.com, doubleclick.net and admob.com.
+ It might have been more appropriate to have them in the analytics and advertise
+ment categories respectively.
+\end_layout
 
-\end_inset
+\begin_layout Subsection
+Social
+\end_layout
 
+\begin_layout Standard
+Site with an emphasis on social aspects.
+ They often have buttons to vote for, recommend or share with others.
+\end_layout
 
+\begin_layout Description
+addthis.com A link sharing service aggregator.
 \end_layout
 
-\end_inset
+\begin_layout Description
+digg.com News aggregator.
+\end_layout
 
- aggregate data.
+\begin_layout Description
+linkedin.com Professional social network.
 \end_layout
 
-\begin_layout Itemize
-Pages Using Google Libraries API
+\begin_layout Description
+reddit.com Social new and link sharing, and discussion.
 \end_layout
 
-\begin_layout Itemize
-HTTPS Requests
+\begin_layout Section
+Retrieving websites and resources
 \end_layout
 
-\begin_layout Itemize
-Total Requests per Page
+\begin_layout Standard
+Web sites based on lists of domains were downloaded using har-heedless,
+ see 
+\begin_inset CommandInset ref
+LatexCommand vref
+reference "sub:har-heedless"
+
+\end_inset
+
+.
 \end_layout
 
-\begin_layout Chapter
-Future work
+\begin_layout Subsection
+Computer machines
 \begin_inset CommandInset label
 LatexCommand label
-name "chap:Future-work"
+name "sec:Computer-machines"
 
 \end_inset
 
@@ -5297,537 +5424,496 @@ name "chap:Future-work"
 \end_layout
 
 \begin_layout Standard
-\begin_inset Note Greyedout
-status open
-
-\begin_layout Plain Layout
-Mention further grouping, digging into the data.
+Two computers were used to download web pages - one laptop machine and one
+ server machine.
+ The server is significantly more powerful than the laptop, and they downloaded
+ a different number of web pages at a time.
 \end_layout
 
-\end_inset
-
-
-\end_layout
+\begin_layout Standard
+\begin_inset ERT
+status open
 
-\begin_layout Section
-Unanswered questions
-\end_layout
+\begin_layout Plain Layout
 
-\begin_layout Standard
-There are further questions in line with current results which could potentially
- be answered with additional research.
-\end_layout
 
-\begin_layout Itemize
-Could any external resources actually be considered internal, despite being
- loaded from external domains?
+\backslash
+tsvtable{computer-machines.tsv}{Machine specifications}{}{display columns/0/.style
+={string type, column type=l}, display columns/1/.style={string type, column
+ type=l}, display columns/2/.style={string type, column type=l}, }
 \end_layout
 
-\begin_layout Itemize
-How to determine if a resource
-\end_layout
+\end_inset
 
-\begin_deeper
-\begin_layout Itemize
-Crosses Sweden's borders in transit?
-\end_layout
 
-\begin_layout Itemize
-Is handled by an organization with base or ownership outside of Sweden?
 \end_layout
 
-\end_deeper
-\begin_layout Itemize
-Which external resources are loaded from Sweden and abroad respectively?
+\begin_layout Subsection
+Network connection
 \end_layout
 
-\begin_layout Itemize
-What user data could potentially be collected, and subsequently inferred?
+\begin_layout Standard
+The laptop machine was connected by ethernet to the .SE office network, which
+ is shared with employees' computers.
+ The server machine was connected to server co-location network, which is
+ shared with other servers.
+ The .SE network technicians said load was kept very low, and only a few
+ percent of the dedicated 100 Mbps per location was used.
+ Both locations are in Stockholm city, and should therefore be well placed
+ in regard to web sites hosted in Sweden.
 \end_layout
 
-\begin_layout Itemize
-To what extent can the average Swedish internet user's browsing habits be
- correlated across the most commonly visited webpages?
+\begin_layout Subsection
+Software considerations
 \end_layout
 
-\begin_layout Itemize
-Can the same techniques be applied to data from countries other than Sweden?
+\begin_layout Standard
+To expedite an automated and repeatable process, a custom set of scripts
+ were written as the project har-heedless.
+ The scripts are written using standard tools, available as open source
+ and on multiple platforms.
 \end_layout
 
-\begin_layout Section
-Creating an information website
+\begin_layout Subsubsection
+Dynamic web pages
 \end_layout
 
 \begin_layout Standard
-Despite thesis code being open source, much of the thesis data is hard to
- retrieve, analyze and process for individuals.
- A separate tool performing the work for anyone should be created.
- Apart from presenting data already collected as a part of the thesis, it
- could accept user input to analyze individual domains.
- With several domains as input, any overlap can be detected and presented
- to the user as an information sharing graph.
- One of the inspirations for this thesis was Collusion 
-\begin_inset Note Greyedout
-status open
+Previous efforts to download and analyze web pages by .SE used a static approach,
+ analyzing the HTML by means of simple searches for 
+\begin_inset Flex Code
+status collapsed
 
 \begin_layout Plain Layout
-Insert link to Collusion, or whatever it is called these days.
+http://
 \end_layout
 
 \end_inset
 
-, which is a tool to dynamically display from which external domains a page
- retrieves resources right in the browser.
- A version of the same tool could be built, where instead of letting the
- user's browser retrieve sites the server would do it.
- This way a non-technical user does not have to 
-\begin_inset Quotes eld
-\end_inset
-
-risk
-\begin_inset Quotes erd
-\end_inset
+ and 
+\begin_inset Flex Code
+status collapsed
 
- anything by visiting web pages, and their relationship could be displayed
- anyways.
- Collecting data server-side also allows for cached lookups and a grander
- scope, where further relationships apart from the first hand ones could
- be suggested.
- 
-\begin_inset Quotes eld
-\end_inset
+\begin_layout Plain Layout
+https://
+\end_layout
 
-If you frequently visit these sites, you might also be visiting theses sites
- - click to display their relationships as well.
-\begin_inset Quotes erd
 \end_inset
 
-
-\end_layout
-
-\begin_layout Standard
-Over time and with user input, the dataset collected on the server would
- increase, and a historical graph relating to both results shown in this
- thesis and the relationships between sites can be created.
- This is similar to what both the HTTP Archive 
+ strings in HTML and CSS.
+ It had proven hard to maintain, and the software project was abandoned
+ before the thesis was started, but had not yet been replaced.
+ In order to better handle the dynamic nature of modern web pages, the headless
+ browser phantomjs 
 \begin_inset CommandInset ref
 LatexCommand eqref
-reference "sub:HTTP-Archive"
+reference "sub:phantomjs"
 
 \end_inset
 
- is doing on a large scale but with slightly different focus, and what the
- 
-\emph on
-.SE Health Status
-\emph default
- is doing but on a less continuous basis and with a shifting focus.
+ was chosen, as it would also download and execute javascript - a major
+ component in both user interfaces as well as active trackers and ads.
 \end_layout
 
-\begin_layout Section
-Package publicly available data
+\begin_layout Subsubsection
+Cached content
 \end_layout
 
 \begin_layout Standard
-Datasets based on publicly available datasets can be packaged for other
- researchers to analyze.
- While fresh data would be better, a larger dataset can take time to download
- on a slow connection or computer and all software may not be available
- to the researcher.
- It lowers the step in for others who might be interested in the same kind
- of research, which might lead to the software used in this thesis being
- improved.
+Many of the external resources will be overlapping between web sites and
+ domains, and downloading them multiple times can be avoided by caching
+ the file the first time in a run.
+ Keeping cached content would, depending on per-response cache settings
+ and timeout, result in a different HTTP request and potentially different
+ response.
+ A file that has not changed on the server would generate a HTTP response
+ status of 304 with no data, saving bandwidth and lowering transfer delays,
+ where a changed file would generate a status 200 response with the latest
+ version.
 \end_layout
 
-\begin_layout Section
-Code documentation
+\begin_layout Standard
+One of the technologies in determining if a locally cached file is the correct/l
+atest version includes the HTTP 
+\begin_inset Flex Code
+status collapsed
+
+\begin_layout Plain Layout
+Etag
 \end_layout
 
-\begin_layout Standard
-With some 
-\begin_inset ERT
+\end_inset
+
+ 
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
+Insert link to Etag standard.
+\end_layout
+
+\end_inset
 
+ header, which is a string representation of a URL/file at a certain version.
+ When content is transferred it may have an 
+\begin_inset Flex Code
+status collapsed
 
-\backslash
-numprint{70}
+\begin_layout Plain Layout
+Etag
 \end_layout
 
 \end_inset
 
- scripts written and released as open source, the need for documentation
- has gradually increased.
- The reason for not writing proper documentation - not having direct collaborato
-rs writing code - is a hinderance for future collaborators or users to get
- started.
- While code documentation has not been an explicit part of the thesis plan,
- it can be seen as an important step for future usage.
- The code is not magic in any way, but if understanding the functionality
- of a file required reading over a hundred lines of code instead of two
- or three lines of comments, it means a rather steep learning curve for
- something that is supposed to be simple.
-\end_layout
+ attached; if the file is cacheable, the 
+\begin_inset Flex Code
+status collapsed
 
-\begin_layout Section
-Improving domain retrieval
+\begin_layout Plain Layout
+Etag
 \end_layout
 
-\begin_layout Subsection
-Automated testing
+\end_inset
+
+ is saved.
+ Subsequent requests for the same, cached URL contain the 
+\begin_inset Flex Code
+status collapsed
+
+\begin_layout Plain Layout
+Etag
 \end_layout
 
-\begin_layout Standard
-So far all testing of har-heedless and phantomjs has been done manually.
- It has proven to be a working setup, as thesis results are based on these
- tools, but the features are to be considered fragile as there are no regression
- tests.
- Automated tests of the different levels (shell scripts, 
+\end_inset
+
+ - and the server uses it to determine if a compact 304 response is enough
+ or a full 200 response is necessary.
+ It has been found that the 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-netsniff.js
+Etag
 \end_layout
 
 \end_inset
 
- 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:get/netsniff.js"
+ header can be used for cookieless cross-site tracking by using an arbitrarily
+ chosen per-browser value instead of a file-dependent value 
+\begin_inset CommandInset citation
+LatexCommand cite
+key "M.-Ayenson:2011aa"
 
 \end_inset
 
-, screenshots, error handling) might help achieve stability in case of for
- example future improvements of phantomjs.
- Tests might include setting up a web server with test pages serving different
- kinds of content, as well as different kinds of errors.
- During mass downloading of domains phantomjs has been observed outputting
- error messages, such as failed JPEG image decoding and unspecified crashes.
- The extent of these errors have so far not been examined, as they have
- ended up being clumped together with external errors such as network or
- remote server failures.
+.
+ This means that keeping a local file cache might affect how trackers respond;
+ a file cache has not been implemented in har-heedless, making the browser
+ amnesiac.
 \end_layout
 
-\begin_layout Subsection
-Investigating failed domains
+\begin_layout Subsubsection
+Flash files
 \end_layout
 
 \begin_layout Standard
-There are many reasons domain retrieval could fail, but for top or curated
- domain lists the chances of the site being down are considerably lower
- than for randomly selected domains.
- Each web site has been requested up to three times, in order to avoid intermitt
-ent problems 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sec:Failed-domains"
+Flash is a scriptable proprietary cross-platform vector based web technology
+ owned by Adobe.
+ Several kinds of content, including video players, games and ads, use Flash
+ because it has historically been better suited than javascript for in-browser
+ moving graphics and video.
+ Flash usage has not been considered for this thesis as the technology isn
+ not available on all popular web browsing platforms, notably Apple's iPad,
+ and is being phased out by HTML 5 features such as 
+\begin_inset Flex Code
+status collapsed
+
+\begin_layout Plain Layout
+<canvas>
+\end_layout
 
 \end_inset
 
-.
- Despite this, certain sites do not respond to requests from the automated
- software.
- There are several ways for a remote system to detect requests from automation
- software, with the simplest one being looking at the HTTP 
+ and 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-User-Agent
+<video>
 \end_layout
 
 \end_inset
 
- browser make/model identifier string.
+ elements.
+\end_layout
+
+\begin_layout Subsubsection
+Combined javascript
 \end_layout
 
 \begin_layout Standard
-Automated downloading of webpages, especially downloading several in short
- succession, can be seen by site and service owners as disruptive by using
- system resources and skewing statistical data.
- Traversing different pages on a single website can also be detected by
- looking at for example navigational patterns 
-\begin_inset CommandInset citation
-LatexCommand cite
-key "Tan:2002:DWR:593432.593521,Lourenco:2006:CWC:1145581.1145634"
+A common technique for speeding up web sites is to reduce the number of
+ resources the browser needs to download, by combining or concatenating
+ them in different ways depending on the file format.
+ Javascript is a good example where there are potential benefits
+\begin_inset Foot
+status open
+
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://developers.google.com/speed/docs/best-practices/rtt#CombineExternalJS"
 
 \end_inset
 
-.
- By only downloading the domain root page and associated resources this
- tool might not fall into that category of detection.
+
 \end_layout
 
-\begin_layout Standard
-As some sites respond to desktop browser requests, but not har-heedless'
- requests, it is believed they have implemented certain 
-\begin_inset Quotes eld
 \end_inset
 
-protection
-\begin_inset Quotes erd
+ since functionality often is spread across several files, especially after
+ the plugin style of frameworks such as jQuery
+\begin_inset Foot
+status open
+
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://jquery.com/"
+
 \end_inset
 
- from this kind of software.
- In respect of their wish not to serve automated requests, har-heedless'
- browser has not been modified, for example by using a different 
-\begin_inset Flex Code
-status collapsed
 
-\begin_layout Plain Layout
-User-Agent
 \end_layout
 
 \end_inset
 
- string, to try to avoid these measures.
+ emerged.
+ One concern is whether or not script concatenation on a web page would
+ affect script analysis at a later stage, by reducing the number of third-party
+ requests.
+ While it is hard to analyze all scripts, based on their wide spread use,
+ third-party scripts stay on their respective home servers as software as
+ a service (SaaS) to enable faster update cycles and tracking of HTTP requests.
 \end_layout
 
-\begin_layout Subsection
-Browser plugins
-\end_layout
+\begin_layout Subsubsection
+Google Tag Manager
+\begin_inset CommandInset label
+LatexCommand label
+name "sub:Google-Tag-Manager"
 
-\begin_layout Standard
-If possible, a set of common browser plugins could be installed into phantomjs.
- The first that comes into mind is Adobe Flash, which is sometimes used
- to display dynamic ads.
- Flash also has the ability to request resources from other domains, so
- it might affect results to not render them.
- An additional problem might be that Flash has its own cookie system, which
- used storage external to the browser.
- This brings a new set of potential problems, as Flash cookies are a big
- part of evercookies and cookie respawning 
-\begin_inset CommandInset citation
-LatexCommand cite
-key "G.-Acar:persistent:2014aa"
+\end_inset
+
+
+\begin_inset Foot
+status open
+
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://www.google.com/tagmanager/"
 
 \end_inset
 
-.
- This means that a headless browser without persistent storage might end
- up having identifier cookies set in Flash storage, thus being easily and
- uniquely identified on subsequent visits.
- While this might not affect this thesis much, as external plugins have
- not been installed, it might affect other kinds of research being conducted
- based on the same tools.
+
 \end_layout
 
-\begin_layout Subsection
-System language
+\end_inset
+
+
 \end_layout
 
 \begin_layout Standard
-Tests were run on English language systems, without making any customizations
- to phantomjs' settings or HTTP 
+One of the concerns was Google Tag Manager (GTM), which a script aggregation
+ service with asynchronous loading directed specifically to marketers.
+ Google provides builtin support for their AdWords, Analytics (GA) and DoubleCli
+ck (DC) services.
+ While simplifying management with only one 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-Accept-Language
+<script>
 \end_layout
 
 \end_inset
 
- headers.
- While sites have been downloaded from around the world, localized domains
- might behave differently depending on user language.
- Google has a recommendation saying that they will prioritize TLDs specific
- to a region with a certain language (like .se and Sweden) for users sending
- 
-\begin_inset Flex Code
-status collapsed
+ tag, each part should download separately and perform the same duties,
+ including “calling home” to the usual addresses.
+ In order to confirm this, a query was run on one of the datasets.
+\end_layout
+
+\begin_layout Standard
+\begin_inset ERT
+status open
 
 \begin_layout Plain Layout
-Accept-Language
+
+
+\backslash
+tsvtable{google-tag-manager.tsv}{Google Tag Manager versus Google Analytics
+ and DoubleClick, dataset	2014-07-25 100k server}{}{display columns/0/.style={str
+ing type, column type=l}, display columns/2/.style={string type, column type=r}}
 \end_layout
 
 \end_inset
 
- prioritizing Swedish.
- 
-\begin_inset Note Greyedout
-status open
+
+\end_layout
+
+\begin_layout Standard
+The numbers point to every domain that uses Google Tag Manager uses at least
+ one of Google Analytics and DoubleClick, and will therefore not obscure
+ information regarding which services are called when further analyzed.
+\end_layout
+
+\begin_layout Subsubsection
+\begin_inset Flex Code
+status collapsed
 
 \begin_layout Plain Layout
-Insert link to Google's language page ranking.
+robots.txt
 \end_layout
 
 \end_inset
 
- This stems from them seeing that localized results have a higher usage
- rate.
-\end_layout
+ and 
+\begin_inset Flex Code
+status collapsed
 
-\begin_layout Subsection
-System fonts
+\begin_layout Plain Layout
+<meta name="robots" />
 \end_layout
 
-\begin_layout Standard
-Some of the difference between site screenshots and manually browsing to
- a site is in the fonts displayed.
- Most of the domains have been downloaded on a headless server, where fonts
- have not mattered to the system owner.
- Installing additional fonts commonly available on average user systems
- might reduce perceived difference.
-\end_layout
+\end_inset
+
 
-\begin_layout Subsection
-Do Not Track
 \end_layout
 
 \begin_layout Standard
+Automated web spider/bot software can bring a significant load to a web
+ server, as the spidering speed can exceed user browsing speed by far -
+ a single web spider can potentially request thousands of pages in the span
+ of minutes, effectively being a denial of service attack 
 \begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-Write about Do Not Track and the response/server-side counter-part.
+Insert link to DoS information.
 \end_layout
 
 \end_inset
 
+ on an underpowered server.
+ Some sites also have information considered sensitive to being available
+ for spiders, or even for certain (kinds) of spiders such as image spiders.
+ The choice to not serve spiders can stem from technical reasons (bandwidth,
+ server load), to privacy (do not allow information to be indexed in search
+ engines) and business (do not allow data to be collected and aggregated).
+ In order to instruct web spiders not to get certain kind of material, there
+ are two basic mechanisms - the special 
+\begin_inset Flex Code
+status collapsed
 
+\begin_layout Plain Layout
+robots.txt
 \end_layout
 
-\begin_layout Standard
-While the HTTP header 
+\end_inset
+
+ file and the HTML header tag
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-DNT
+<meta name="robots" />
 \end_layout
 
 \end_inset
 
- (Do Not Track) has not been set, it would have been interesting to look
- at the difference in response from remote services.
- As cookie headers can be analyzed, the difference could have been detected
- both per origin domain and per connected service.
- See also the P3P analysis 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:Platform-for-Privacy-(P3P)-Project"
-
-\end_inset
-
- for a related header.
+.
+ Both can contain instructions for certain bots not to index certain paths
+ or pages, or not to follow further links stemming from a page.
 \end_layout
 
-\begin_layout Section
-Domain lists
+\begin_layout Standard
+Commercial software from search engines, information collectors and other
+ software vendors take these explicit wishes from webmasters into consideration,
+ but har-heedless has not.
+ While it is automated software, it is not spidering software requesting
+ many pages, following links to explore the site - it only accesses the
+ front page of a domain, and resources explicitly requested by that one
+ page.
+ Information is not retrieved for indexing as such, as only HTTP request
+ metadata is recorded.
+ While some information requested to be not indexed might end up in the
+ screenshots, they are kept in a format hard to re-parse for machines as
+ non-public thesis data used for verification.
 \end_layout
 
 \begin_layout Standard
-There are other domain lists that might have been suitable in this thesis.
- One curated top list is the KIA index, a list of top sites in Sweden aggregatin
-g statistics from different curated sites' underlying analytics tools.
-\begin_inset Foot
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://www.kiaindex.net/"
-
-\end_inset
-
-
-\end_layout
 
-\end_inset
 
- Other TLDs, both from other countries and more generic ones, could be used.
+\backslash
+begin{futurework}
 \end_layout
 
-\begin_layout Section
-Ad and privacy blocking lists
-\begin_inset CommandInset label
-LatexCommand label
-name "sec:Ad-and-privacy-blocking-lists"
-
 \end_inset
 
 
 \end_layout
 
 \begin_layout Standard
-There are several lists of known ads and privacy invading trackers in use
- in blocking software than Disconnect (see 
-\begin_inset CommandInset ref
-LatexCommand vref
-reference "sub:Disconnect's-blocking-list"
-
-\end_inset
-
-).
- One of the most popular ones is EasyList 
-\begin_inset Note Greyedout
-status open
+Future versions of har-heedless might implement logic that checks 
+\begin_inset Flex Code
+status collapsed
 
 \begin_layout Plain Layout
-Insert link to EasyList, verify format.
+robots.txt
 \end_layout
 
 \end_inset
 
-, which exists in several varieties.
- They were considered, but in the end not incorporated because of the lower
- quality of the filter list format.
- It is a mixture of HTML element and URL blocking, and it lacks the connection
- between blocks and corresponding organization.
- There is also Ghostery, which uses a proprietary list that also contains
- organizations, but it has not been used because of licensing issues.
- 
-\begin_inset Note Greyedout
-status open
+ in a domain list preprocessing step, to determine wether or not the request
+ should be made.
+ The same list can be used to filter further resource requests made by phantomjs
+, perhaps considering also other domains' 
+\begin_inset Flex Code
+status collapsed
 
 \begin_layout Plain Layout
-Insert link to Ghostery, verify license.
+robot.txt
 \end_layout
 
 \end_inset
 
+ files.
+ The tag 
+\begin_inset Flex Code
+status collapsed
 
+\begin_layout Plain Layout
+<meta name="robots" />
 \end_layout
 
-\begin_layout Standard
-On a technical level, some blocking rule formats have also posed a problem
- in terms of implementation into the current data processing framework that
- is har-dulcify.
- It relies heavily on jq (see 
-\begin_inset CommandInset ref
-LatexCommand vref
-reference "sub:jq"
-
 \end_inset
 
-), which does not have a public release that implements in regular expressions
- support, a major part of some blocking lists.
- The idea is that ads and related resources are filtered matching requests'
- complete URL against the blocking rules, which are a mixture of both more
- coarse and more fine-grained than Disconnect's domain based rules.
- One example is 
+ can also be respected, perhaps in terms of not saving screenshots for 
 \begin_inset Flex Code
 status collapsed
 
 \begin_layout Plain Layout
-/ads/
+noindex
 \end_layout
 
 \end_inset
 
-, matching a folder name that suggests that all URLs containing this particular
- path substring is serving advertisements.
- The thought of using a single path substring to block advertisements served
- from any domain is more coarse than pinpointing a single domain, but it
- is also more specific as it would not block legitimate content from another
- subfolder on the same domain.
- This way general ad serving systems can be blocked, while domains that
- serve both ads and content is still allowed serve the content without interferi
-ng with the blocking of ads.
+ values.
 \end_layout
 
 \begin_layout Standard
@@ -5838,7 +5924,7 @@ status open
 
 
 \backslash
-begin{futurework}
+end{futurework}
 \end_layout
 
 \end_inset
@@ -5846,146 +5932,129 @@ begin{futurework}
 
 \end_layout
 
-\begin_layout Standard
-At the time of writing, jq is released as version 1.4.
- Support for regular expressions is planned for version 1.5.
+\begin_layout Subsubsection
+Parallelizing downloads
 \end_layout
 
 \begin_layout Standard
-\begin_inset ERT
-status open
+A lot of the time spent downloading a web page is spent waiting for network
+ resources, especially during timeouts during retrieval.
+ To speed up downloading large amounts of web pages, parallelizing was employed
+ using simple scripting techniques, starting multiple processes at once
+ in batches, waiting for each batch to finish before starting the next.
+ This was deemed inefficient, as the download and rendering speed of the
+ slowest web page would be a bottle neck.
+ In a later script versions, GNU 
+\begin_inset Flex Code
+status collapsed
 
 \begin_layout Plain Layout
-
-
-\backslash
-end{futurework}
+parallel
 \end_layout
 
 \end_inset
 
-
-\end_layout
-
-\begin_layout Section
-Improving data analysis
+ was used, with a setting to not start more jobs if the current CPU/system
+ load was too high.
 \end_layout
 
 \begin_layout Standard
-Improvements to the data transformation and analysis steps.
+During initial parallelizing tests, the laptop machine was shown to be able
+ to handle 100 domain downloads in parallel, but this was later scaled down
+ to ensure system overload would not affect results, at the cost of significantl
+y longer download times.
 \end_layout
 
-\begin_layout Subsection
-Automated testing
+\begin_layout Subsubsection
+Screen size
 \end_layout
 
 \begin_layout Standard
-Data transformations have been written in a semi-structured manner, with
- separate files for most separate tasks, often executed in serial stages.
- Each task accepts a certain kind of data as input for the transformation
- to work correctly - but as both input and output from separate stages looks
- very similar, it is hard to tell which kind of data it accepts and what
- the expected output is - and if a change in one stage will affect later
- stages.
- Writing automated tests for each stage would have helped during both adding
- functionality and refactoring the structure.
- At times, there have been rather time-consuming problems with unexpected
- or illegal input from real world sites - extracting that kind of input
- to create a test suite would have sped up fixes and raised confidence in
- that the input would be handled appropriately and output would still be
- correct.
- So far that has not been done, and much of the opportunity to gain from
- tests have been lost as work has progressed past each problem.
+When phantomjs is running, it emulates having a browser window by keeping
+ an internal graphics buffer.
+ Even if web page is not rendered and shown on screen, it still has a screen
+ size, which affects layout.
+ With a bit of javascript or responsive CSS, the screen size can affect
+ downloaded resources.
+ Javascript can be used to delay download of images and other resources
+ that are 
+\emph on
+below the fold
+\emph default
+, meaning outside of the initial view the user has without scrolling in
+ any direction, as a page speed improvement.
+ Responsive CSS adapts the page style to the screen size in order to increase
+ usability for mobiles and other handheld devices, and might optimize the
+ quality of downloaded images to match the screen size.
 \end_layout
 
 \begin_layout Standard
-One solution to validating both input and output would have been to create
- JSON schemas 
-\begin_inset Note Greyedout
+By default, phantomjs uses the physical computer's primary screen size.
+ In order to reduce differences between the laptop and server machines,
+ a fixed emulated window size of 1024x768 pixels was chosen.
+ The basis for this is that 1024x768 pixel resolution screens have been
+ the recommended screen size to design for
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
-Insert link to JSON schema.
-\end_layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://www.nngroup.com/articles/screen-resolution-and-page-layout/"
 
 \end_inset
 
- for each transformation.
- This kind of verification can easily be automated, and it will help any
- future changes.
-\end_layout
-
-\begin_layout Subsection
-Code reuse
-\end_layout
-
-\begin_layout Standard
-Much of the code written in shell scripts, both Bash and jq code, is duplicated
- between files.
- While common functionality suitable for pipelining have been broken out,
- shared functions have not.
- Bash provides the 
-\begin_inset Flex Code
-status collapsed
 
-\begin_layout Plain Layout
-source
 \end_layout
 
 \end_inset
 
- command for sharing functionality.
- Code sharing in jq through the use of modules and packages is still under
- development, but there is a way to load a single external command file.
- This file can be precomposed externally by concatenating files with function
- definitions first, and the actual usage of those functions second.
- The improvement was postponed due to the relative little reuse in early
- scripting and bright outlook on modules and packages support.
- As the number of scripts grew, code sharing/composition possibilities grew
- as well - and with them possible improvements in development speed, consistency
- and correctness.
- At this stage, software stability is more important for the final dataset
- download and analysis, and code refactoring can only be postponed.
- Foreseeing a greater reuse of JSON and jq tools, a separate open source
- project has been started - jq-hopkok 
-\begin_inset Note Greyedout
+ for a long time
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
-Insert link to jq-hopkok.
+\begin_inset CommandInset href
+LatexCommand href
+target "http://www.nngroup.com/articles/computer-screens-getting-bigger/"
+
+\end_inset
+
+
 \end_layout
 
 \end_inset
 
- - where some scripts have been collected.
- Many functions and utilities local to har-dulcify are project-agnostic,
- and thus suitable objects to move to jq-hopkok for ease composition.
-\begin_inset ERT
+, and it still is a common screen size
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://gs.statcounter.com/#resolution-ww-monthly-201307-201407"
+
+\end_inset
 
 
-\backslash
-begin{futurework}
 \end_layout
 
 \end_inset
 
-
+.
 \end_layout
 
 \begin_layout Standard
-At the time of writing, jq is released as version 1.4.
- Support for modules is planned for a version after 1.5.
- Packages/package managers are external to the jq core, and do not follow
- the same planning.
+Scripted browser scrolling (vertically) through the page has not been performed,
+ thus javascript scrolling events triggering for example downloading of
+ images below the fold are not guaranteed.
  
 \begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-Verify version planning.
+Check if all images are automatically downloaded by phantomjs, as if the
+ page had been scrolled, as they seem present in screenshots.
 \end_layout
 
 \end_inset
@@ -5993,72 +6062,63 @@ Verify version planning.
 
 \end_layout
 
-\begin_layout Standard
-\begin_inset ERT
-status open
-
-\begin_layout Plain Layout
-
-
-\backslash
-end{futurework}
+\begin_layout Subsubsection
+Screenshots
 \end_layout
 
-\end_inset
-
-
+\begin_layout Standard
+In order to visually being able to confirm that web pages have been downloaded
+ correctly, a PNG screenshot can optionally be taken when the page has finished
+ downloading.
+ There is a processing cost associated with taking screenshots; it takes
+ time for phantomjs to render the internal buffer as an image, convert it
+ to base64 encoding for the augmented HAR data, jq to extract the image
+ data, the system to convert the data back to binary and finally write it
+ to disk.
+ Extra processing is also needed to remove the screenshot from the augmented
+ HAR file.
 \end_layout
 
-\begin_layout Subsection
-Ignore domains without content
+\begin_layout Standard
+The emulated browser window size also sets a limit on the screenshot size
+ when rendered, but the entire browser canvas is captured.
+ This means that screenshots that are saved to disk in most cases extend
+ beyond the viewport size, most often vertically; this corresponds to scrolling
+ through the entire page.
 \end_layout
 
 \begin_layout Standard
-Many domains do not contain any actual content.
- Examples include web server placeholder pages (
-\begin_inset Quotes eld
-\end_inset
-
-Installation succeeded
-\begin_inset Quotes erd
-\end_inset
+\begin_inset ERT
+status open
 
-), domain listings (
-\begin_inset Quotes eld
-\end_inset
+\begin_layout Plain Layout
 
-Index of /
-\begin_inset Quotes erd
-\end_inset
 
-), parked domains (
-\begin_inset Quotes eld
-\end_inset
+\backslash
+tsvtable{output-filesize.tsv}{Output file size}{}{display columns/0/.style={string
+ type, column type=l}, display columns/3/.style={string type, column type=r}}
+\end_layout
 
-This domain was purchased from ...
-\begin_inset Quotes erd
 \end_inset
 
-) and advertisement domains (like Google Adwords for Domains 
-\begin_inset Note Greyedout
-status open
 
-\begin_layout Plain Layout
-Insert link.
 \end_layout
 
-\end_inset
-
-).
- There is a Sweden-centric list of site titles for recognized non-content
- pages available internally at .SE, but it has not been incorporated.
+\begin_layout Standard
+The ratio of PNG to HAR data size on disk points to the compressed PNG files
+ being up to 10 times the size of the uncompressed HAR files for certain
+ types of pages, for example media domains in the 
+\emph on
+.SE Health Status
+\emph default
+ report dataset.
 \end_layout
 
 \begin_layout Subsection
-Implement public suffix rules, use non-ICANN suffixes
+Dataset variations
 \begin_inset CommandInset label
 LatexCommand label
-name "sub:Implement-public-suffix-rules-use-non-ICANN-suffixes"
+name "sec:Dataset-variations"
 
 \end_inset
 
@@ -6066,45 +6126,43 @@ name "sub:Implement-public-suffix-rules-use-non-ICANN-suffixes"
 \end_layout
 
 \begin_layout Standard
-As datasets have been analyzed, public suffix rules have proven to work
- in general, with co.uk and similar second level domains being properly grouped
- and primary domains extracted.
- There are still traces of the wildcard rules 
-\begin_inset CommandInset ref
-LatexCommand eqref
-reference "sub:Public-suffix-list"
-
-\end_inset
-
- in the data though, which means that while numbers are low, there are domains
- for which the public suffix rules have not been properly applied.
+Each dataset has been used in four variations, effectively quadrupling the
+ number of web sites access attempts.
+ Each of these variations have been downloaded and analyzed separately,
+ then used for both intra- and inter-dataset comparisons.
 \end_layout
 
-\begin_layout Standard
-Other potential improvements would be implementing the non-ICANN, private
- suffixes.
- This would for example lower the aggregate numbers for cloudfront.net and
- amazonaws.com as primary domains in the aggregates, focusing on the fact
- that subdomains belongs to different organizations.
- Disconnect's dataset, which lists cloudfront.net as a single tracker entity
- would still present Amazon as a the single tracking organization behind
- the domain though, which might be a bit misleading.
- It is true that they can read traffic data in the same way other web hosting
- and cloud services host can read traffic data to their customers, but customers
-' common domain name suffix has little to do with it.
+\begin_layout Itemize
+HTTP and HTTPS.
+ Enables comparisons between secure and insecure origin web site requests.
 \end_layout
 
-\begin_layout Standard
-\begin_inset Note Note
+\begin_layout Itemize
+Empty prefix versus www prefix/subdomain.
+ The www subdomain has historically been used to denote a web server serving
+ web sites 
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-Pages with wide tables start here.
+Insert link to www prefix claim.
 \end_layout
 
 \end_inset
 
+, and it still seems to have a higher usage than no prefix 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sec:Failed-versus-non-failed"
+
+\end_inset
 
+.
+ The 
+\emph on
+.SE Health Status
+\emph default
+ reports specifically accesses web sites on the www subdomain.
 \end_layout
 
 \begin_layout Standard
@@ -6115,7 +6173,9 @@ status open
 
 
 \backslash
-begin{wide}
+tsvtable{dataset-variations.tsv}{Dataset variations}{}{display columns/0/.style={s
+tring type, column type=l}, display columns/1/.style={string type, column
+ type=l}, display columns/2/.style={string type, column type=l}}
 \end_layout
 
 \end_inset
@@ -6123,88 +6183,48 @@ begin{wide}
 
 \end_layout
 
-\begin_layout Section
-Other views on the same data
-\end_layout
-
 \begin_layout Standard
-Research that could possibly be performed using the same data and tools.
-\end_layout
-
-\begin_layout Subsection
-Platform for Privacy Preferences (P3P) Project
-\begin_inset Foot
-status open
-
-\begin_layout Plain Layout
-\begin_inset CommandInset href
-LatexCommand href
-target "http://www.w3.org/P3P/"
+Each dataset has the variation appended to the name in the results chapter
+ 
+\begin_inset CommandInset ref
+LatexCommand ref
+reference "chap:Detailed-Results"
 
 \end_inset
 
-
+.
 \end_layout
 
-\end_inset
-
- HTTP header analysis
-\begin_inset CommandInset label
-LatexCommand label
-name "sub:Platform-for-Privacy-(P3P)-Project"
-
-\end_inset
-
-
+\begin_layout Subsection
+System load during downloads
 \end_layout
 
 \begin_layout Standard
-P3P is a way for websites to declare their policies and intentions for data
- collected from web users.
- It is declared in a machine-readable format, as an XML file and in a compact
- encoding as a HTTP header.
- W3C's work started in 1997 and P3P 1.0 became a W3C recommendation in 2002.
- It never gained enough momentum and the work with P3P 1.1 was suspended
- in 2006.
- P3P is still implemented by many websites, even though it may not follow
- the originally intended usage.
+System load can affect the end results, if network timeouts occur during
+ downloading and processing of domains' front pages.
+ Apart from CPU and memory limitations, the other users of the .SE network
+ should not be affected by tests.
 \end_layout
 
 \begin_layout Standard
-In conversations with Dwight Hunter, privacy policy researcher, he mentioned
- that P3P policies are seen as a good technical solution to policy problems
- in research he had read.
- 
-\begin_inset Note Greyedout
-status open
+System load on *NIX systems can be found using the 
+\begin_inset Flex Code
+status collapsed
 
 \begin_layout Plain Layout
-Add references to Dwight's claims?
+uptime
 \end_layout
 
 \end_inset
 
- Thesis data shows that this is not always true; there are policy-wise useless
- P3P headers being sent from some webpages, most probably to bypass Internet
- Explorer's (not all versions) strict cookie rules for third-party site
- without a P3P HTTP header.
- This has been highlighted by Microsoft in 2012, pointing at Google's P3P
- use.
-\end_layout
-
-\begin_layout Quotation
-By default, IE blocks third-party cookies unless the site presents a P3P
- Compact Policy Statement indicating how the site will use the cookie and
- that the site’s use does not include tracking the user.
- Google’s P3P policy causes Internet Explorer to accept Google’s cookies
- even though the policy does not state Google’s intent.
+ command.
 \begin_inset Foot
 status open
 
 \begin_layout Plain Layout
 \begin_inset CommandInset href
 LatexCommand href
-target "http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx"
+target "https://en.wikipedia.org/wiki/Load_(computing)"
 
 \end_inset
 
@@ -6213,20 +6233,15 @@ target "http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-priv
 
 \end_inset
 
-
+ Other processes were running at the time of these tests, so the numbers
+ are not exclusive to the downloading.
+ The complexity of the front pages of the currently processed domains affects
+ the load, as well if screenshot generations is enabled.
+ Final downloads were done with screenshots enabled.
+ The table below show loads for random samples in time.
 \end_layout
 
-\begin_layout Standard
-Looking at collected HAR data there are many examples of P3P headers.
- In the dataset 
-\begin_inset Quotes eld
-\end_inset
-
-se.2014-07-10.random.100000-http
-\begin_inset Quotes erd
-\end_inset
-
- from 2014-09-01 with about 
+\begin_layout Standard
 \begin_inset ERT
 status open
 
@@ -6234,39 +6249,27 @@ status open
 
 
 \backslash
-numprint{1944000}
+tsvtable{system-load.tsv}{System load}{}{fixed, precision=1, display columns/0/.st
+yle={string type, column type=l}, display columns/1/.style={string type,
+ column type=l}, display columns/2/.style={string type, column type=i}}
 \end_layout
 
 \end_inset
 
- recorded requests, about 
-\begin_inset ERT
-status open
-
-\begin_layout Plain Layout
-
 
-\backslash
-numprint{90000}
 \end_layout
 
-\end_inset
-
- present a P3P policy.
- There are about 
-\begin_inset ERT
+\begin_layout Standard
+\begin_inset Note Greyedout
 status open
 
 \begin_layout Plain Layout
-
-
-\backslash
-numprint{550}
+Test more load.
 \end_layout
 
 \end_inset
 
- unique values, including these:
+
 \end_layout
 
 \begin_layout Standard
@@ -6277,8 +6280,7 @@ status open
 
 
 \backslash
-tsvtable{p3p.counts.tsv}{Top P3P values}{}{display columns/1/.style={string
- type, column type=l}}
+begin{futurework}
 \end_layout
 
 \end_inset
@@ -6287,306 +6289,286 @@ tsvtable{p3p.counts.tsv}{Top P3P values}{}{display columns/1/.style={string
 \end_layout
 
 \begin_layout Standard
+System load has been shown to vary greatly based on the type of request,
+ mainly differing by HTTP and HTTPS response rates.
+ High failure rates mean a lot of time is spent waiting until a set time
+ limit/timeout has been reached.
+ Increasing the upper bound on parallelism and instead dynamically adjusting
+ the number of concurrent requests emphasizing system load should decrease
+ time needed to download a set of domains with a large failure rate (see
+ 
+\begin_inset CommandInset ref
+LatexCommand vref
+reference "sec:Failed-versus-non-failed"
+
+\end_inset
+
+).
+ Time limits can also be adjusted based on previous dataset results' actual
+ reply timings found in HAR data, instead of setting a high and 
 \begin_inset Quotes eld
 \end_inset
 
-Potato
+safe
 \begin_inset Quotes erd
 \end_inset
 
- comes from an example in a discussion regarding Internet Explorer and cookie
- blocking.
-\family roman
-\series medium
-\shape up
-\size normal
-\emph off
-\bar no
-\strikeout off
-\uuline off
-\uwave off
-\noun off
-\color none
+ upper bound timeout, both for page timeouts and individual resources.
+\end_layout
 
-\begin_inset Foot
+\begin_layout Standard
+\begin_inset ERT
 status open
 
 \begin_layout Plain Layout
 
-\size normal
-\emph on
-Cookie blocked/not saved in IFRAME in Internet Explorer
-\family roman
-\series medium
-\shape up
-\emph off
-\bar no
-\strikeout off
-\uuline off
-\uwave off
-\noun off
-\color none
- 
-\begin_inset CommandInset href
-LatexCommand href
-target "http://stackoverflow.com/a/16475093"
-
-\end_inset
-
 
+\backslash
+end{futurework}
 \end_layout
 
 \end_inset
 
 
-\family default
-\series default
-\shape default
-\size default
-\emph default
-\bar default
-\strikeout default
-\uuline default
-\uwave default
-\noun default
-\color inherit
- Other examples include 
-\family roman
-\series medium
-\shape up
-\size normal
-\emph off
-\bar no
-\strikeout off
-\uuline off
-\uwave off
-\noun off
-\color none
-
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-
-\family roman
-\series medium
-\shape up
-\size normal
-\emph off
-\bar no
-\strikeout off
-\uuline off
-\uwave off
-\noun off
-\color none
-CP="This is not a P3P policy! It is used to bypass IEs problematic handling
- of cookies"
 \end_layout
 
-\end_inset
-
-, 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
-
-\family roman
-\series medium
-\shape up
-\size normal
-\emph off
-\bar no
-\strikeout off
-\uuline off
-\uwave off
-\noun off
-\color none
-CP="This is not a P3P policy.
- Work on P3P has been suspended since 2006: http://www.w3.org/P3P/"
-\end_layout
+\begin_layout Subsection
+Failed domains
+\begin_inset CommandInset label
+LatexCommand label
+name "sec:Failed-domains"
 
 \end_inset
 
-, 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
 
-\family roman
-\series medium
-\shape up
-\size normal
-\emph off
-\bar no
-\strikeout off
-\uuline off
-\uwave off
-\noun off
-\color none
-CP="This is not a P3P policy.
- P3P is outdated."
 \end_layout
 
-\end_inset
-
-, 
-\begin_inset Flex Code
-status collapsed
-
-\begin_layout Plain Layout
+\begin_layout Standard
+Some web sites are not downloaded successfully, for different reasons.
+ The DNS settings might not be correct, the server may be shut down, there
+ might have been a temporary network timeout, there might have been a software
+ error - or the server has been programmed to not respond to automated requests
+ from phantomjs 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:phantomjs"
 
-\family roman
-\series medium
-\shape up
-\size normal
-\emph off
-\bar no
-\strikeout off
-\uuline off
-\uwave off
-\noun off
-\color none
-CP=
-\backslash
-"Thanks IE8
-\backslash
+\end_inset
 
+ and similar tools.
+ Unfortunately, outside of local software errors which may result in parseable
+ error messages, sources of the errors are hard to detect without an extensive
+ external analysis of DNS settings and network connectivity - and even so,
+ an automated analysis may include false negatives because of remote system
+ automated request countermeasures.
 \end_layout
 
-\end_inset
-
- (which is a malformed value), 
-\begin_inset Flex Code
-status collapsed
+\begin_layout Standard
+Each HTTP request has their HTTP status response recorded if it is available;
+ absence or numbers outside the RFC2616 range (100-599) indicates failure.
+ Any error output the web page itself has produced, mostly because of javascript
+ errors, have also been recorded in the HAR log or individual entry/request
+ comment fields.
+\end_layout
 
-\begin_layout Plain Layout
+\begin_layout Standard
+A distinction is made between 
+\emph on
+failed
+\emph default
+ and 
+\emph on
+unsuccessful
+\emph default
+ domains - unsuccessful domains rendered a complete response with a HTTP
+ status that indicated that it was not successful.
+ Domains that failed have been re-downloaded; it relieved some, but not
+ all, failures.
+\end_layout
 
-\family roman
-\series medium
-\shape up
-\size normal
-\emph off
-\bar no
-\strikeout off
-\uuline off
-\uwave off
-\noun off
-\color none
-CP="No P3P policy because it has been deprecated"
+\begin_layout Standard
+\begin_inset Note Greyedout
+status open
+
+\begin_layout Plain Layout
+Insert re-downloading table for at least one dataset, like se.2014-07-10.random.100
+000-http-www.
 \end_layout
 
 \end_inset
 
-.
+
 \end_layout
 
 \begin_layout Standard
-This is but one example of where quantitive analysis of real-world web pages
- shows differences between technical, intended or perceived usage.
- While P3P may be an outdated example that has been researched 
-\begin_inset CommandInset citation
-LatexCommand cite
-key "CMU-CyLab-10-014"
+The first round of retries rendered the greatest results, and subsequent
+ retries are less successful.
+ This seem to point to some intermittent failures being recoverable, and
+ that some domains will not respond.
+ Due to diminishing returns in the number of additional successful domains
+ in each retry cycle, the number of retries was limited to two 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:har-portent"
 
 \end_inset
 
-, it shows how automated, generic tooling can help researchers a lot in
- their understanding of usage in the wild.
+.
 \end_layout
 
-\begin_layout Standard
-\begin_inset ERT
-status open
+\begin_layout Section
+Analyzing resources
+\end_layout
 
-\begin_layout Plain Layout
+\begin_layout Standard
+After downloading HAR files, they are processed using har-dulcify, see 
+\begin_inset CommandInset ref
+LatexCommand vref
+reference "sub:har-dulcify"
 
+\end_inset
 
-\backslash
-end{wide}
+.
 \end_layout
 
-\end_inset
+\begin_layout Subsection
+Screenshots
+\end_layout
 
+\begin_layout Standard
+Screenshots were mainly used for verification during development, to see
+ that the pages were loaded properly.
+ While they have been retained, the manual inspection necessary makes it
+ infeasible as a way to verify each and every domain's result.
+\end_layout
 
+\begin_layout Subsection
+The HAR format
 \end_layout
 
 \begin_layout Standard
-\begin_inset Note Note
-status open
+The specification includes fields that have to do with for example request/respo
+nse timings and data sizes.
+ Those, and other fields, are not analyzed in this thesis, so the first
+ step is to extract the relevant information.
+\end_layout
+
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+URL The request's URL.
+ Recorded whether the request is successful or not.
+ Values outside of those starting with 
+\begin_inset Flex Code
+status collapsed
 
 \begin_layout Plain Layout
-Pages with wide tables end here.
+http://
 \end_layout
 
 \end_inset
 
+ or 
+\begin_inset Flex Code
+status collapsed
 
+\begin_layout Plain Layout
+https://
 \end_layout
 
-\begin_layout Standard
-\begin_inset Newpage clearpage
 \end_inset
 
-
+ are mostly ignored.
 \end_layout
 
-\begin_layout Standard
-\begin_inset CommandInset bibtex
-LatexCommand bibtex
-bibfiles "../references/thesis"
-options "bibtotoc,plain"
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+Status The HTTP status code
+\begin_inset Foot
+status open
+
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "http://tools.ietf.org/html/rfc2616"
 
 \end_inset
 
 
 \end_layout
 
-\begin_layout Chapter*
-Thanks
+\end_inset
+
+ found in the server's response.
+ Defined as a 3-digit integer result, 100-599, grouped into classes by the
+ first digit.
 \end_layout
 
-\begin_layout Standard
-\begin_inset ERT
-status open
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+Mime-type The HTTP content-type header, which is the body internet media
+ type (previously known as Multipurpose Internet Mail Extensions (MIME)
+ type) combined with optional parameters, such as character encoding.
+\end_layout
+
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+Referer The URL of the page that requested the resource.
+ Can be used to build a tree of requests, but is limited by the fact that
+ it requires HTML 
+\begin_inset Flex Code
+status collapsed
 
 \begin_layout Plain Layout
+<frame>
+\end_layout
 
+\end_inset
 
-\backslash
-phantomsection
-\backslash
-addcontentsline{toc}{chapter}{Thanks}
+ or 
+\begin_inset Flex Code
+status collapsed
+
+\begin_layout Plain Layout
+<iframe>
 \end_layout
 
 \end_inset
 
+ to differ from the origin page.
+ The word referrer was misspelled 
+\begin_inset Flex Code
+status collapsed
 
+\begin_layout Plain Layout
+referer
 \end_layout
 
-\begin_layout Standard
-\begin_inset Note Greyedout
+\end_inset
+
+
+\begin_inset Foot
 status open
 
 \begin_layout Plain Layout
-Add list of collaborators in getting data, domains, help, advice etcetera.
-\end_layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://en.wiktionary.org/wiki/referer"
 
 \end_inset
 
 
 \end_layout
 
-\begin_layout Section*
-The Internet Infrastructure Foundation
+\end_inset
+
+ in the original proposal
 \begin_inset Foot
 status open
 
 \begin_layout Plain Layout
 \begin_inset CommandInset href
 LatexCommand href
-target "https://www.iis.se/"
+target "https://tools.ietf.org/html/rfc1945"
 
 \end_inset
 
@@ -6595,43 +6577,37 @@ target "https://www.iis.se/"
 
 \end_inset
 
- (.SE)
+.
 \end_layout
 
-\begin_layout Standard
-.SE is also known as Stiftelsen för internetinfrastruktur (IIS).
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+Redirect The URL of the new location of the requested resource, if defined
+ by a 3xx HTTP status.
 \end_layout
 
 \begin_layout Standard
-This thesis is being written in the office of - and in collaboration with
- - .SE, who graciously supported me with domain data and internet knowledge.
- Part of .SE’s research efforts include continuously analyzing internet infrastru
-cture and usage in Sweden.
- .SE is an independent organization, responsible for the Swedish top level
- domain, and working for the benefit of the public that promotes the positive
- development of the internet in Sweden.
- Their head office is in Stockholm.
- In 2013 they had 72 employees and a turnover of over 
-\begin_inset ERT
-status open
-
-\begin_layout Plain Layout
-
+These properties will be enough to see what kinds of resources are requested,
+ if requests are successful and where the request is made to.
+\end_layout
 
-\backslash
-numprint{140}
+\begin_layout Subsection
+Expanding parts
 \end_layout
 
-\end_inset
+\begin_layout Subsubsection
+URL, referer, redirect
+\end_layout
 
- MSEK.
+\begin_layout Standard
+The URL format has several components
 \begin_inset Foot
 status open
 
 \begin_layout Plain Layout
 \begin_inset CommandInset href
 LatexCommand href
-target "https://www.iis.se/om/arsredovisningar/arsredovisning-2013/"
+target "https://tools.ietf.org/html/rfc3986"
 
 \end_inset
 
@@ -6640,178 +6616,204 @@ target "https://www.iis.se/om/arsredovisningar/arsredovisning-2013/"
 
 \end_inset
 
-
-\end_layout
-
-\begin_layout Section*
-Thesis supervision
+, with interesting ones for web listed and/or split up further here.
 \end_layout
 
-\begin_layout Description
-Niklas
-\begin_inset space ~
-\end_inset
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+Scheme In this case, 
+\begin_inset Flex Code
+status collapsed
 
-Carlsson Associate Professor (Swedish: docent and universitetslektor) at
- Division for Database and Information Techniques (ADIT), Department of
- Computer and Information Science (IDA), Linköping University, Sweden.
- Thank you for being my examiner.
+\begin_layout Plain Layout
+http
 \end_layout
 
-\begin_layout Description
-Patrik
-\begin_inset space ~
 \end_inset
 
-Wallström Project Manager within R&D, .SE (The Internet Infrastructure Foundation
-), Sweden.
- Thank for being my technical supervisor.
-\end_layout
-
-\begin_layout Description
-Staffan
-\begin_inset space ~
-\end_inset
+ and 
+\begin_inset Flex Code
+status collapsed
 
-Hagnell Head of New Businesses, .SE (The Internet Infrastructure Foundation),
- Sweden.
- Thank you for being my company supervisor.
+\begin_layout Plain Layout
+https
 \end_layout
 
-\begin_layout Standard
-\begin_inset Newpage cleardoublepage
 \end_inset
 
+ protocols have been the most interesting to look at.
+ Other interesting examples that can be found in the wild include 
+\begin_inset Flex Code
+status collapsed
 
+\begin_layout Plain Layout
+ftp
 \end_layout
 
-\begin_layout Standard
-\begin_inset ERT
-status open
-
-\begin_layout Plain Layout
+\end_inset
 
+ (for file downloads), 
+\begin_inset Flex Code
+status collapsed
 
-\backslash
-phantomsection
-\backslash
-addcontentsline{toc}{chapter}{Nomenclature}
+\begin_layout Plain Layout
+data
 \end_layout
 
 \end_inset
 
+ (for resources encoded into the URI) and 
+\begin_inset Flex Code
+status collapsed
 
-\begin_inset CommandInset nomencl_print
-LatexCommand printnomenclature
-set_width "custom"
-width "20text%"
+\begin_layout Plain Layout
+about
+\end_layout
 
 \end_inset
 
-
+ (mostly used for blank placeholder pages).
 \end_layout
 
-\begin_layout Standard
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Content"
-description "Information and data that is presented to the user. Includes text, images, video and sound."
-
-\end_inset
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+Domain For this thesis, the domain part has been of a lot of interest, as
+ it signifies the difference between internal and external resources.
+\end_layout
 
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+Port While custom ports can be used, they usually implicitly default to
+ 80 for HTTP and 443 for HTTPS.
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Resource"
-description "An entity external to the HTML page that requested it. Types of resources include images, video, audio, CSS, javascript and flash animations."
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+Path The path specifies a folder or file on the server.
+\end_layout
 
-\end_inset
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+Querystring Most parameters sent back to servers are defined in an RFC compliant
+ way, but there are other variants building on for example `/` as a pseudo-path
+ separator.
+\end_layout
 
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+Fragment The fragment is in the web context a client-only component, and
+ is not to be sent back to the server as part of a request.
+ The usage affects browsers' presentation, historically only by scrolling
+ to a matching named element, but modern usage includes keeping browser
+ state using javascript, for example following the web spider crawlable
+ hash-bang syntax
+\begin_inset Foot
+status open
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "External resource"
-description "A resource downloaded from a domain other than the page that requested it was served from."
+\begin_layout Plain Layout
+\begin_inset CommandInset href
+LatexCommand href
+target "https://developers.google.com/webmasters/ajax-crawling/docs/getting-started"
 
 \end_inset
 
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "External service"
-description "A third party service that delives some kind of resource to the user's browser. The service itself can vary from showing additional information and content, to ads and hidden trackers.\\\\\\\\External services include file hosting services, CDNs, advertisting networks, statistics and analytics collectors, and third party content."
+\end_layout
 
 \end_inset
 
+.
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Tracker"
-description "An resource external to the visited page, which upon access receives information about the user's system and the page that requested it.\\\\\\\\Basic information in the HTTP request to the resource URL includes user agent (browser vendor, type and version down to the patch level, operating system, sometimes hardware type) referer (the full URL of page that requested the resource), an etag (unique string identifying the data from a previous request to the same resource URL) and cookies (previously set by the tracker)."
+\begin_layout Standard
+\begin_inset Note Greyedout
+status open
+
+\begin_layout Plain Layout
+Write more about URLs.
+\end_layout
 
 \end_inset
 
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "CDN"
-description "Content delivery network"
+\end_layout
 
-\end_inset
+\begin_layout Subsubsection
+Status
+\end_layout
 
+\begin_layout Standard
+The status is grouped into their defined groups by the first digit.
+ Groups outside of the defined range 100-599 are defined as null.
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Content delivery network"
-description "(CDN) The speed at which data can be delivered is dependant on distance between the user and the server. To reduce latency and download times, a content delivery network places multiple servers with the same content in strategic locations, both geographic and network toplolgy wise, closer to groups of users.\\\\\\\\For example, a CDN could deploy servers in Europe, the US and Australia, and reduce loading speed by setting up the system to automatically use the closest location."
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+1xx Information
+\end_layout
 
-\end_inset
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+2xx 
+\end_layout
 
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+3xx Redirection
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Domain name"
-description "A domain name is a human-readable way to navigate to a service on the internet: example.com. Fully qualified domain names (FQDN) have at least two parts - the top level domain name (TLD) and the second-level domain name - but oftentimes more depending on TLD rules and organizational units.\\\\\\\\Domains are also used, for example, as logical entities in regards to security and privacy scopes on the web, often implemented as same-origin policies. As an example, HTTP cookies are bound to domain that set them."
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+4xx 
+\end_layout
 
-\end_inset
+\begin_layout Labeling
+\labelwidthstring 00.00.0000
+5xx Server errors
+\end_layout
 
+\begin_layout Standard
+\begin_inset Note Greyedout
+status open
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Third-party content"
-description "Content served by another organization than the organization serving the explicitly requested web page. Also see external resource."
+\begin_layout Plain Layout
+Fill out the proper HTTP status group headings.
+\end_layout
 
 \end_inset
 
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Third-party service"
-description "A service provided by an organization other than the explicitly requested service. Also see external service."
+\end_layout
 
-\end_inset
+\begin_layout Subsubsection
+Mime-type
+\begin_inset CommandInset label
+LatexCommand label
+name "sub:Mime-type"
 
+\end_inset
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Web site"
-description "A collection of web pages under the same organization or topic. Often all web pages on a domain is considered a site, but a single domain can also contain multiple sites."
 
-\end_inset
+\end_layout
 
+\begin_layout Standard
+The mime-type is grouped by their usage, which usually is the first group
+ part.
+ Here is a selection of common types grouped together.
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Web service"
-description "A function performed on the internet, and in this document specifically web sites with a specific purpose directed towards human users. This includes search engines, social networks, online messaging and email as well as content sites such as news sites and blogs."
+\begin_layout Standard
+\begin_inset ERT
+status open
 
-\end_inset
+\begin_layout Plain Layout
 
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Web browser"
-description "Or browser. Software a user utilizes to retrieve, present and traverse information from the web."
+\backslash
+tsvtable{mime-types.tsv}{Mime-type grouping}{}{display columns/0/.style={string
+ type, column type=l}, display columns/1/.style={string type, column type=l},
+ }
+\end_layout
 
 \end_inset
 
@@ -6819,211 +6821,324 @@ description "Or browser. Software a user utilizes to retrieve, present and trave
 \end_layout
 
 \begin_layout Standard
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "URL"
-description "Uniform Resource Locator"
+\begin_inset Note Greyedout
+status open
+
+\begin_layout Plain Layout
+Update list, use most common types.
+\end_layout
 
 \end_inset
 
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Uniform Resource Locator"
-description "(URL) A standard to define the address to resources, mostly on the internet, for example http://joelpurra.com/projects/masters-thesis/"
+\end_layout
 
-\end_inset
+\begin_layout Subsection
+Classification
+\end_layout
 
+\begin_layout Subsubsection
+Public Suffix List
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "HTTP"
-description "Hypertext Transfer Protocol"
+\begin_layout Standard
+The public suffix list is prepared for lookups per domain component.
+ Each request's domain (including shorter domain components) is checked
+ against it, and any matching public suffixes are kept in an array.
+ A list of private suffixes, as in domain components not in the public suffix
+ list, is also kept.
+ The primary domain (first non-public suffix match, or the shortest private
+ suffix) is extracted.
+\end_layout
 
-\end_inset
+\begin_layout Standard
+\begin_inset ERT
+status open
 
+\begin_layout Plain Layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "HTTPS"
-description "Secure HTTP, where data is transfered encrypted."
+
+\backslash
+begin{futurework}
+\end_layout
 
 \end_inset
 
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Hypertext Transfer Protocol"
-description "(HTTP) A protocol to transfer HTML and other web page resources across the internet."
+\end_layout
 
-\end_inset
+\begin_layout Standard
+In terms of grouping, it might be good to keep the primary (longest matching)
+ public suffix separately.
+ The public suffix list also contains special wildcard/exception rules and
+ private suffixes 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:Public-suffix-list"
 
+\end_inset
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Do Not Track"
-description "(DNT) A HTTP header used to indicate that the server should not record and track the client's traffic and other data."
+.
+ They have not been used in the thesis 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:Implement-public-suffix-rules-use-non-ICANN-suffixes"
 
 \end_inset
 
+.
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "DNT"
-description "Do Not Track"
+\begin_layout Standard
+\begin_inset ERT
+status open
 
-\end_inset
+\begin_layout Plain Layout
 
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "P3P"
-description "Platform for Privacy Preferences (P3P) Project"
+\backslash
+end{futurework}
+\end_layout
 
 \end_inset
 
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Platform for Privacy Preferences Project"
-description "(P3P) A W3C standard for HTTP where server responses are annotated with an encoded privacy policy, so the client can display it to the user. Work has been discontinued since 2006."
-
-\end_inset
-
+\end_layout
 
+\begin_layout Subsubsection
+Basic
 \end_layout
 
 \begin_layout Standard
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol ".SE"
-description "The Internet Infrastructure Foundation. An independent organization for the benefit of the public that promotes the positive development of the internet in Sweden. .SE is responsible for the .se country code top level domain."
+Simple properties in the request are checked, and their valued saved as
+ a classification property.
+ This property is used for grouping and for further analysis.
+\end_layout
 
+\begin_layout Description
+Successful
+\begin_inset space ~
 \end_inset
 
+request The status of the request is 200-299 or 304.
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol ".se"
-description "The country code top level domain name for Sweden."
-
+\begin_layout Description
+Unsuccessful
+\begin_inset space ~
 \end_inset
 
+request The status is 100-199 or 300-303 or 305-599.
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol ".dk"
-description "The country code top level domain name for Denmark."
+\begin_layout Description
+Failed
+\begin_inset space ~
+\end_inset
+
+request The log file format is incomplete or the status is null or below
+ 100 or above 599.
+\end_layout
 
+\begin_layout Description
+Same
+\begin_inset space ~
 \end_inset
 
+domain The request is to the same domain that was first visited.
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol ".com"
-description "A generic top level domain. It has the greatest number of registered domain of all TLDs."
+\begin_layout Description
+Subdomain The request is to a subdomain of the domain that was first visited.
+\end_layout
+
+\begin_layout Description
+Superdomain The request is to a domain to which the origin domain is a subdomain.
+ This basic superdomain classification is currently not checked against
+ the public suffix list for invalid superdomains.
+\end_layout
 
+\begin_layout Description
+Same
+\begin_inset space ~
 \end_inset
 
+primary
+\begin_inset space ~
+\end_inset
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol ".net"
-description "A generic top level domain."
+domain The request shared the same primary domain with the origin.
+\end_layout
 
+\begin_layout Description
+Internal
+\begin_inset space ~
 \end_inset
 
+domain The request is to the same domain, a subdomain or a superdomain of
+ the domain that was first visited.
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "TLD"
-description "Top level domain."
-
+\begin_layout Description
+External
+\begin_inset space ~
 \end_inset
 
+domain The request is not to an internal domain.
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Top level domain"
-description "(TLD) The last part of a domain name, such as .se or .com. Registration of TLDs is handled by ICANN."
+\begin_layout Description
+Secure
+\begin_inset space ~
+\end_inset
 
+request The request is using HTTPS.
+\end_layout
+
+\begin_layout Description
+Insecure
+\begin_inset space ~
 \end_inset
 
+request The request is not using HTTPS.
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "gTLD"
-description "Generic top level domain such as .com or .net."
+\begin_layout Subsubsection
+Disconnect.me
+\end_layout
 
-\end_inset
+\begin_layout Standard
+The URLs in the extended data contains lists of domain components.
+ As the disconnect list of blocked domains is prepared for lookups by domains,
+ each of the matching domains (including shorter domain components) are
+ extracted with organization, organization URL and domain category.
+\end_layout
 
+\begin_layout Subsection
+Analysis
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "ccTLD"
-description "A top level domain based on a country code, such as .se or .dk."
+\begin_layout Standard
+An analysis, where request classifications are counted, summed and the coverage
+ calculated, is performed as an automated step.
+\end_layout
 
-\end_inset
+\begin_layout Subsubsection
+Origin
+\end_layout
 
+\begin_layout Standard
+The origin domains are grouped separately from the requests that stemmed
+ from them.
+\end_layout
 
+\begin_layout Subsubsection
+Requested URLs
 \end_layout
 
 \begin_layout Standard
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "Alexa"
-description "A web traffic statistic service, owned by Amazon."
+All requests are represented with their domain, and other classifications.
+\end_layout
 
-\end_inset
+\begin_layout Subsubsection
+Distinct requested URLs
+\end_layout
 
+\begin_layout Standard
+Even if two requests originating from a domain, it is only counted once.
+ This gives the possibility to calculate coverage per domain later on.
+\end_layout
 
+\begin_layout Subsubsection
+Request/domain counts
 \end_layout
 
 \begin_layout Standard
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "jq"
-description "A tool and domain specific programming language to read and transform JSON data. See the software chapter."
+All the numbers from all domains added together.
+\end_layout
 
-\end_inset
+\begin_layout Subsubsection
+Request/domain coverage
+\end_layout
+
+\begin_layout Standard
+The summed up counts divided by either the total request count (for requested
+ URLs) or the number of domains in the current group (for distinct requested
+ URLs).
+ This gives a coverage percentage - either for the percentage of the number
+ of requests, or domains that has the value.
+\end_layout
 
+\begin_layout Subsubsection
+Grouping
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "phantomjs"
-description "Browser software used for automated web site browsing. See the software chapter."
+\begin_layout Standard
+In order to not make too broad assumptions, some grouping was performed.
+ The analysis was performed the same way on each of these groups 
+\begin_inset CommandInset ref
+LatexCommand eqref
+reference "sub:aggregate/analysis.sh"
 
 \end_inset
 
+.
+ The origin domain's download status was checked, and grouped into both
+ unfiltered and non-failed groups.
+ The list of requested URLs was grouped into unfiltered, internal and external
+ URLs.
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "HAR"
-description "HTTP Archive (HAR) format, used to store recorded HTTP metadata from a web page visit. See the software chapter."
+\begin_layout Subsection
+Questions
+\end_layout
 
-\end_inset
+\begin_layout Standard
+Where the aggregate analysis is not enough, there are custom questions.
+ These questions/queries can be run against any previous intermediate step
+ in the process, as they are saved to disk.
+\end_layout
 
+\begin_layout Subsubsection
+Google Tag Manager
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "JavaScript Object Notation"
-description "(JSON) A data format based on Javascript objects. Often used on the internet for data transfer. Used in this thesis as the basis for all data transformation."
+\begin_layout Standard
+One of the questions posed beforehand was if Google Tag Manager would have
+ an impact upon results.
+ This question is answered in 
+\begin_inset CommandInset ref
+LatexCommand vref
+reference "sub:Google-Tag-Manager"
 
 \end_inset
 
+ with the help of this data.
+\end_layout
 
-\begin_inset CommandInset nomenclature
-LatexCommand nomenclature
-symbol "JSON"
-description "JavaScript Object Notation"
+\begin_layout Subsubsection
+Origins with redirects
+\end_layout
 
-\end_inset
+\begin_layout Standard
+Looking at preliminary results, a large portion of domains yielded a redirect
+ as the initial response.
+ In order to look at these redirects specifically, and determine if they
+ redirect to an internal or external domain, a specific question was written.
+\end_layout
 
+\begin_layout Subsection
+Multiset queries
+\end_layout
 
+\begin_layout Standard
+After downloading several datasets, it is often interesting to compare them
+ side by side.
+ The multiset queries extract pieces of data from several datasets, and
+ combine them into a single files.
 \end_layout
 
 \begin_layout Chapter
-\start_of_appendix
 Software
 \end_layout