{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2010:4CKZ2ZRSAXNHQOAILMNK6OJHGM","short_pith_number":"pith:4CKZ2ZRS","canonical_record":{"source":{"id":"1003.3242","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2010-03-16T20:23:59Z","cross_cats_sorted":[],"title_canon_sha256":"a5bc912bbbb8e0c5820ede338f42164e6c3677cd3f097abbdae0e1dcb15da1b2","abstract_canon_sha256":"5c06d9e449889e092995c22a3154c0c6937ef481ef1131aa197e54d49476be40"},"schema_version":"1.0"},"canonical_sha256":"e0959d663205da7838085b1aaf3927331371999b9dc3f3e07db4e886b0ab1c0d","source":{"kind":"arxiv","id":"1003.3242","version":3},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1003.3242","created_at":"2026-05-18T02:24:36Z"},{"alias_kind":"arxiv_version","alias_value":"1003.3242v3","created_at":"2026-05-18T02:24:36Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1003.3242","created_at":"2026-05-18T02:24:36Z"},{"alias_kind":"pith_short_12","alias_value":"4CKZ2ZRSAXNH","created_at":"2026-05-18T12:26:03Z"},{"alias_kind":"pith_short_16","alias_value":"4CKZ2ZRSAXNHQOAI","created_at":"2026-05-18T12:26:03Z"},{"alias_kind":"pith_short_8","alias_value":"4CKZ2ZRS","created_at":"2026-05-18T12:26:03Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2010:4CKZ2ZRSAXNHQOAILMNK6OJHGM","target":"record","payload":{"canonical_record":{"source":{"id":"1003.3242","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2010-03-16T20:23:59Z","cross_cats_sorted":[],"title_canon_sha256":"a5bc912bbbb8e0c5820ede338f42164e6c3677cd3f097abbdae0e1dcb15da1b2","abstract_canon_sha256":"5c06d9e449889e092995c22a3154c0c6937ef481ef1131aa197e54d49476be40"},"schema_version":"1.0"},"canonical_sha256":"e0959d663205da7838085b1aaf3927331371999b9dc3f3e07db4e886b0ab1c0d","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T02:24:36.892881Z","signature_b64":"NPGOwq9kAeHYgvdJI0y2kfZ6GoFUfYmDI5wIiSU4MUGXA45E8Q+ZcrejMA9c2MMvb7loNUAcdvGbnFKTlCb6Bg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"e0959d663205da7838085b1aaf3927331371999b9dc3f3e07db4e886b0ab1c0d","last_reissued_at":"2026-05-18T02:24:36.892085Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T02:24:36.892085Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1003.3242","source_version":3,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T02:24:36Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"EsXykQHgw+S18jw+zhIxnWYFFljYxeX9AnUQXd8kBQO6XLJFxbnqTWgmClhP14NB9KGvVGIM6+/036M7TN29Cg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-20T03:52:14.066435Z"},"content_sha256":"bad49f0ebe5e8d00af7c2fbafd88af0edb49f4cc133b83a50baf70f2781b1cf1","schema_version":"1.0","event_id":"sha256:bad49f0ebe5e8d00af7c2fbafd88af0edb49f4cc133b83a50baf70f2781b1cf1"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2010:4CKZ2ZRSAXNHQOAILMNK6OJHGM","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Private Information Disclosure from Web Searches. (The case of Google Web History)","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Claude Castelluccia, Daniele Perito, Emiliano De Cristofaro","submitted_at":"2010-03-16T20:23:59Z","abstract_excerpt":"As the amount of personal information stored at remote service providers increases, so does the danger of data theft. When connections to remote services are made in the clear and authenticated sessions are kept using HTTP cookies, data theft becomes extremely easy to achieve. In this paper, we study the architecture of the world's largest service provider, i.e., Google. First, with the exception of a few services that can only be accessed over HTTPS (e.g., Gmail), we find that many Google services are still vulnerable to simple session hijacking. Next, we present the Historiographer, a novel "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1003.3242","kind":"arxiv","version":3},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T02:24:36Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"xlh4xATXIZaiSG3UBeTN/7Kzx4Kp6kEbpbsBrQXHYCk93MVFyDQQ4YFw1LKJlJa4ZamVANCU92xae8z9IWvsDw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-20T03:52:14.066800Z"},"content_sha256":"355c186b3a5f23c43e4c65931f0cda12e561de796eec7435d92c068e9362a806","schema_version":"1.0","event_id":"sha256:355c186b3a5f23c43e4c65931f0cda12e561de796eec7435d92c068e9362a806"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/4CKZ2ZRSAXNHQOAILMNK6OJHGM/bundle.json","state_url":"https://pith.science/pith/4CKZ2ZRSAXNHQOAILMNK6OJHGM/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/4CKZ2ZRSAXNHQOAILMNK6OJHGM/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-20T03:52:14Z","links":{"resolver":"https://pith.science/pith/4CKZ2ZRSAXNHQOAILMNK6OJHGM","bundle":"https://pith.science/pith/4CKZ2ZRSAXNHQOAILMNK6OJHGM/bundle.json","state":"https://pith.science/pith/4CKZ2ZRSAXNHQOAILMNK6OJHGM/state.json","well_known_bundle":"https://pith.science/.well-known/pith/4CKZ2ZRSAXNHQOAILMNK6OJHGM/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2010:4CKZ2ZRSAXNHQOAILMNK6OJHGM","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"5c06d9e449889e092995c22a3154c0c6937ef481ef1131aa197e54d49476be40","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2010-03-16T20:23:59Z","title_canon_sha256":"a5bc912bbbb8e0c5820ede338f42164e6c3677cd3f097abbdae0e1dcb15da1b2"},"schema_version":"1.0","source":{"id":"1003.3242","kind":"arxiv","version":3}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1003.3242","created_at":"2026-05-18T02:24:36Z"},{"alias_kind":"arxiv_version","alias_value":"1003.3242v3","created_at":"2026-05-18T02:24:36Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1003.3242","created_at":"2026-05-18T02:24:36Z"},{"alias_kind":"pith_short_12","alias_value":"4CKZ2ZRSAXNH","created_at":"2026-05-18T12:26:03Z"},{"alias_kind":"pith_short_16","alias_value":"4CKZ2ZRSAXNHQOAI","created_at":"2026-05-18T12:26:03Z"},{"alias_kind":"pith_short_8","alias_value":"4CKZ2ZRS","created_at":"2026-05-18T12:26:03Z"}],"graph_snapshots":[{"event_id":"sha256:355c186b3a5f23c43e4c65931f0cda12e561de796eec7435d92c068e9362a806","target":"graph","created_at":"2026-05-18T02:24:36Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"As the amount of personal information stored at remote service providers increases, so does the danger of data theft. When connections to remote services are made in the clear and authenticated sessions are kept using HTTP cookies, data theft becomes extremely easy to achieve. In this paper, we study the architecture of the world's largest service provider, i.e., Google. First, with the exception of a few services that can only be accessed over HTTPS (e.g., Gmail), we find that many Google services are still vulnerable to simple session hijacking. Next, we present the Historiographer, a novel ","authors_text":"Claude Castelluccia, Daniele Perito, Emiliano De Cristofaro","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2010-03-16T20:23:59Z","title":"Private Information Disclosure from Web Searches. (The case of Google Web History)"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1003.3242","kind":"arxiv","version":3},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:bad49f0ebe5e8d00af7c2fbafd88af0edb49f4cc133b83a50baf70f2781b1cf1","target":"record","created_at":"2026-05-18T02:24:36Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"5c06d9e449889e092995c22a3154c0c6937ef481ef1131aa197e54d49476be40","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2010-03-16T20:23:59Z","title_canon_sha256":"a5bc912bbbb8e0c5820ede338f42164e6c3677cd3f097abbdae0e1dcb15da1b2"},"schema_version":"1.0","source":{"id":"1003.3242","kind":"arxiv","version":3}},"canonical_sha256":"e0959d663205da7838085b1aaf3927331371999b9dc3f3e07db4e886b0ab1c0d","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"e0959d663205da7838085b1aaf3927331371999b9dc3f3e07db4e886b0ab1c0d","first_computed_at":"2026-05-18T02:24:36.892085Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T02:24:36.892085Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"NPGOwq9kAeHYgvdJI0y2kfZ6GoFUfYmDI5wIiSU4MUGXA45E8Q+ZcrejMA9c2MMvb7loNUAcdvGbnFKTlCb6Bg==","signature_status":"signed_v1","signed_at":"2026-05-18T02:24:36.892881Z","signed_message":"canonical_sha256_bytes"},"source_id":"1003.3242","source_kind":"arxiv","source_version":3}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:bad49f0ebe5e8d00af7c2fbafd88af0edb49f4cc133b83a50baf70f2781b1cf1","sha256:355c186b3a5f23c43e4c65931f0cda12e561de796eec7435d92c068e9362a806"],"state_sha256":"e2eda4a9218fc83c01a77a6dae739ee2817cfcb2e73f0c552876488195d9c068"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"4+B1Hms269Ep6/N3iUyd6ZF8TLJG9bsMvAfKlb9OD/UJbmEa0s/GI+wM5GdgEx4vEbr65GmnSVktIsutVBftBw==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-20T03:52:14.068888Z","bundle_sha256":"986de2936e7ecc4c8da9016574fab88094767b1b079be2da13f7e2ddffcbb86d"}}