Cross-Device Tracking: Measurement and Disclosures

Brookman, Justin; Rouge, Phoebe; Alva, Aaron; Yeung, Christina

doi:10.1515/popets-2017-0020

Cited by 66 publications

(55 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In general, tracking can be understood as an analytic procedure with a user-centric view where personal and behavioral data are collected and aggregated to a detailed, person-specific profile [3,15]. A number of studies revealed that user behavior can be traced back even across multiple devices and that different websites pass on user information to third parties [7,[15][16][17].…”

Section: Theoretical Framework 21 Consequences Of Tracking On User mentioning

confidence: 99%

I Spy with my Little Sensor Eye - Effect of Data-Tracking and Convenience on the Intention to Use Smart Technology.

Princi

Krämer

2020

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

The increasing number of smart objects in private households leads to a profound invasion of privacy. Based on privacy calculus theory, we assume that many users accept tracking in exchange for full functioning and convenience. However, privacy calculus has not yet been tested in an area where privacy protection is a binary decision: to either use a product or not. Therefore, we examined the effect of convenience and tracking on the intention to use a smart device in a 2 x 2 betweensubjects online experiment (N = 209). While convenience is a major factor for the willingness to deploy smart technology, users do not seem to care whether these devices track their personal data or not.

show abstract

Section: Theoretical Framework 21 Consequences Of Tracking On User mentioning

confidence: 99%

I Spy with my Little Sensor Eye - Effect of Data-Tracking and Convenience on the Intention to Use Smart Technology.

Princi

Krämer

2020

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…PII leaks enable trackers to potentially attach identities to browsing histories. More recent work includes detection of PII leakage to third parties in smartphone apps [34,40], PII leakage in contact forms [38], PII leakage that enables cross-device tracking [12], and data leakage due to browser extensions [39].…”

Section: Related Workmentioning

confidence: 99%

“…This is an area for future work. Finally, our own approach is most similar to that of Brookman et al [12] and Starov et al [39] who test combinations of encodings and/or hashes.…”

Section: Related Workmentioning

confidence: 99%

“…The resulting links between identities and web history profiles belie the claim of "anonymous" web tracking. The practice enables onboarding, or online marketing based on offline activity [9], as well as cross-device tracking, or linking between different devices of the same user [12]. And although email addresses are not always shared with third parties in plaintext-sometimes they are hashed-we argue that hashing does little to protect privacy in this context (Section 8).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

I never signed up for this! Privacy implications of email tracking

Englehardt

Han

Narayanan

2018

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract:We show that the simple act of viewing emails contains privacy pitfalls for the unwary. We assembled a corpus of commercial mailing-list emails, and find a network of hundreds of third parties that track email recipients via methods such as embedded pixels. About 30% of emails leak the recipient's email address to one or more of these third parties when they are viewed. In the majority of cases, these leaks are intentional on the part of email senders, and further leaks occur if the recipient clicks links in emails. Mail servers and clients may employ a variety of defenses, but we analyze 16 servers and clients and find that they are far from comprehensive. We propose, prototype, and evaluate a new defense, namely stripping tracking tags from emails based on enhanced versions of existing web tracking protection lists.

show abstract

“…There are a few straightforward mitigations that merchants could deploy: (1) enabling HTTPS on all shopping (and especially payment-related) pages -this would protect against network adversaries, but not third-party trackers, our main adversary of interest (2) generating Bitcoinaddress QR codes internally instead of outsourcing it to a third party; (3) avoiding leaks of the Bitcoin address from payment receipt pages; and (4) avoiding unintentional PII leaks. As to the last point, however, note that the attack succeeds as long as some first party website visited by the user leaks PII to third parties, and at least some PII leakage is for crossdevice linking purposes [24], and thus intentional. Beyond these obvious steps, merchants could share less data with third parties, and with fewer of them, but this would come at the expense of their advertising and analytics objectives.…”

Section: Mitigation and Discussionmentioning

confidence: 99%

When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies

Goldfeder

Kalodner

Reisman³

et al. 2018

Proceedings on Privacy Enhancing Technologies

115

View full text Add to dashboard Cite

We show how third-party web trackers can deanonymize users of cryptocurrencies. We present two distinct but complementary attacks. On most shopping websites, third party trackers receive information about user purchases for purposes of advertising and analytics. We show that, if the user pays using a cryptocurrency, trackers typically possess enough information about the purchase to uniquely identify the transaction on the blockchain, link it to the user's cookie, and further to the user's real identity. Our second attack shows that if the tracker is able to link two purchases of the same user to the blockchain in this manner, it can identify the user's entire cluster of addresses and transactions on the blockchain, even if the user employs blockchain anonymity techniques such as CoinJoin. The attacks are passive and hence can be retroactively applied to past purchases. We discuss several mitigations, but none are perfect.

show abstract

Cross-Device Tracking: Measurement and Disclosures

Cited by 66 publications

References 10 publications

I Spy with my Little Sensor Eye - Effect of Data-Tracking and Convenience on the Intention to Use Smart Technology.

I Spy with my Little Sensor Eye - Effect of Data-Tracking and Convenience on the Intention to Use Smart Technology.

I never signed up for this! Privacy implications of email tracking

When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies

Contact Info

Product

Resources

About