Yue, ChuanYang, Zhiju2022-07-192022-07-192021https://hdl.handle.net/11124/14262Includes bibliographical references.2021 Fall.Over the past decades, the web on both mobile and desktop environments has rapidly developed and significantly revolutionized our daily life. It has been integrated into our daily lives in every sector such as commerce, education, government, entertainment, health, and social communication, etc. Along with our ever-increasing reliance on the web, more personal and valuable data is being stored and processed online, portable devices such as smartphones and laptops are increasingly playing important rules in every aspect of our lives, sophisticated web applications and services are developed in an agile manner to meet our needs, and third-party relationships are the norm as our information is being widely connected and frequently shared. These factors create new and significant vulnerabilities to our security and privacy on the web. In this dissertation, we have the same ultimate goal as that of many users, developers, lawmakers, and researchers: towards a secure and privacy-preserving web. We conduct four projects to explore and investigate user security and privacy on the web for both mobile and desktop environments. Specifically, we (1) propose a novel user fingerprinting attack that identities individual users based on their behavioral biometrics derived from the motion sensor data, and provide defense solutions against the user fingerprinting attack by performing data perturbation, (2) conduct an in-depth analysis and comparison of web tracking on the mobile and desktop environments using our measurement framework, (3) investigate and reveal the security and privacy risks of visiting three types of news webpages based on 18 metrics in categories of insecure practice and insufficient protection, and (4) design and implement a web tracking and advertising detection framework, namely WtaGraph, based on Graph Neural Networks, which can accurately detect web tracking and advertising in different application settings. By presenting the detailed design, implementation, evaluation, and discussion of each project in this dissertation, we expect to advance the state of web security and privacy research, increase users’ awareness of security and privacy risks on the web, and strengthen the security and privacy protection on the web.born digitaldoctoral dissertationsengCopyright of the original work is retained by the author.measurementprivacysecuritywebText2022-07-18Embargo Expires: 04/14/2023