RuhrSec 2025 | Beauty at a Cost: Privacy Implications of CSS on the Web and in Emails скачать в хорошем качестве

RuhrSec 2025 | Beauty at a Cost: Privacy Implications of CSS on the Web and in Emails

RuhrSec is the annual English speaking IT security conference with cutting-edge security talks by renowned experts. RuhrSec is organized by Hackmanit. 🔽 More information … ——— Talk // Beauty at a Cost: Privacy Implications of CSS on the Web and in Emails Abstract //  Modern browsers are increasingly restricting traditional tracking methods like third-party cookies to enhance user privacy. However, browser fingerprinting remains a powerful tool for tracking users across websites, even in privacy-conscious scenarios. It is typically associated with JavaScript-based methods, which have been the primary focus of tracking and mitigation efforts. This talk highlights how Cascading Style Sheets (CSS), often considered harmless and enabled by default in email clients, enable third-party profiling without cookies or JavaScript. Furthermore, modern browser engines facilitate these techniques in HTML emails, making email fingerprinting a capable vector for tracking, targeted phishing, and spam campaigns. These findings reveal gaps in current JavaScript-centric privacy protections and emphasize the need for broader mitigations. ——— Biography // Leon Trampert is a PhD student at Saarland University working for the CISPA Helmholtz Center for Information Security under the supervision of Dr. Michael Schwarz and Prof. Christian Rossow. He works on unintended security and privacy implications introduced by new Web technologies. As such, he regularly plays around with up-and-coming Web technologies such as WebAssembly, WebUSB, or new CSS features. Before his doctoral studies, he obtained his Bachelor's degree in Cybersecurity from Saarland University. Biography // Daniel Weber is a PhD student researching in the field of microarchitectural attacks, such as side-channel and transient-execution attacks. His work focuses on improving the process of finding such attacks via automation. He is part of Michael Schwarz' research group at the CISPA Helmholtz Center for Information Security. Before that, he obtained a Bachelor's degree in Cybersecurity from Saarland University. In his free time, Daniel regularly participates in Capture the Flag competitions as part of the team saarsec. Speaker // Leon Trampert X –   / ltrampert   Website – https://leon.trampert.me/ Daniel Weber X –   / weber_daniel   Website – https://roots.ec/people/daniel-weber/ ➡️ Slides - Download https://www.ruhrsec.de/downloads/slid... ——— 🚀 Subscribe to Our Channel:    / @hackmanit-it-security   👉 Read More About Interesting It Security Topics on Our Blog: https://hackmanit.de/en/blog-en ✍️ Want a Deeper Dive Training courses in Single Sign-On (OAuth, OpenID Connect, and SAML), Secure Web Development, TLS, and Web Services are available here: https://hackmanit.de/en/training/port... ——— 🌍 RuhrSec Conference Website: https://www.ruhrsec.de 🌍 Visit Our Website - Hackmanit: https://hackmanit.de/en ✖️ Follow RuhrSec on X:   / ruhrsec   ✖️ Follow Hackmanit on X:   / hackmanit   ✔ Follow RuhrSec on Linkedin:   / ruhrsec   ✔ Follow Hackmanit on Linkedin:   / hackmanit   Follow Hackmanit on XING: https://www.xing.com/pages/hackmanitgmbh ——— Thanks for your attention and support. Stay secure. 🫶 #privacy #tracking #cookies #thirdpartycookies #css #JavaScript #HTMLemails #hacking #RuhrSec #itsecurity #itsicherheit #cybersecurity #cybersicherheit