How Tracking Companies Circumvented Ad Blockers Using WebSockets

Bashir, Muhammad Ahmad; Arshad, Sajjad; Kirda, Engin; Robertson, William; Wilson, Christo

doi:10.1145/3278532.3278573

Cited by 27 publications

(29 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Providing increased economic motivation for free and open source software development to maintain the virtual arms race with well-funded advertising-based companies may be needed [75][76][77]. As Malloy et al pointed out, "ad blockers are a formidable threat" to online advertising [78], and efforts to thwart their effectiveness are underway [77,79]. Overall, the evaluations in this study agreed with the effectiveness of ad blockers seen before [80], and as ads annoy users [81], ad blocker use can be expected to continue to expand [82].…”

Section: Resultsmentioning

confidence: 99%

Energy Conservation with Open Source Ad Blockers

Pearce

2020

Technologies

View full text Add to dashboard Cite

Internet-related electricity consumption is rising rapidly as global Internet users spend more than 6.5 h per day online. Open source ad blockers have the potential to reduce the time and thus electricity spent using computers by eliminating ads during Internet browsing and video streaming. In this study, three open source ad blockers are tested against a no-ad blocker control. Page load time is recorded for browsing a representative selection of the globally most-accessed websites, and the time spent watching ads on videos is quantified for both trending and non-trending content. The results show that page load time dropped 11% with AdBlock+, 22.2% with Privacy Badger, and 28.5% with uBlock Origin. Thus, uBlock Origin has the potential to save the average global Internet user more than 100 h annually. The energy conserved if everyone in the United States used the open source ad blocker would save over 36 Americans lives per year if it were to offset coal-fired electricity generated-based pollution. In the United States, if all Internet users enabled Privacy Badger on their computers, Americans would save more than $91 million annually. Globally, uBlock Origin could save consumers more than $1.8 billion/year. Open source ad blockers are a potentially effective technology for energy conservation.

show abstract

Section: Resultsmentioning

confidence: 99%

Energy Conservation with Open Source Ad Blockers

Pearce

2020

Technologies

View full text Add to dashboard Cite

show abstract

“…Englehardt and Narayanan [24] seminal work on measuring trackers on 1 million websites relies on EL&EP as a ground truth to detect requests sent to trackers and ad-related domains. Three papers by Bashir et al [10][11][12] customize EL&EP to detect 2 ndlevel domains of tracking and ad companies: to eliminate false positives, a domain is considered if it appears more than 10% of the time in the dataset. Lauinger et al [30] use EL&EP to identify advertising and tracking content in order to detect what content has included outdated and vulnerable JavaScript libraries in Web applications.…”

Section: Detection Of Trackers By Analysing Behaviormentioning

confidence: 99%

Missed by Filter Lists: Detecting Unknown Third-Party Trackers with Invisible Pixels

Fouad¹,

Bielova²,

Legout³

et al. 2020

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Web tracking has been extensively studied over the last decade. To detect tracking, previous studies and user tools rely on filter lists. However, it has been shown that filter lists miss trackers. In this paper, we propose an alternative method to detect trackers inspired by analyzing behavior of invisible pixels. By crawling 84,658 webpages from 8,744 domains, we detect that third-party invisible pixels are widely deployed: they are present on more than 94.51% of domains and constitute 35.66% of all third-party images. We propose a fine-grained behavioral classification of tracking based on the analysis of invisible pixels. We use this classification to detect new categories of tracking and uncover new collaborations between domains on the full dataset of 4, 216, 454 third-party requests. We demonstrate that two popular methods to detect tracking, based on EasyList&EasyPrivacy and on Disconnect lists respectively miss 25.22% and 30.34% of the trackers that we detect. Moreover, we find that if we combine all three lists, 379, 245 requests originated from 8,744 domains still track users on 68.70% of websites.

show abstract

“…In [3], the authors propose a new approach to blocking malicious third-party content achieved through an analysis of inclusion sequences constructed from an in-browser vantage point and implemented with EXCISION in a modified Chromium browser. Many experiments conducted in [4] simulate how advisement and analytics companies bypass ad-block extensions and how a bug with chrome web request help to block the extension from functioning. They base on the evaluation of the bug fix in different states to indicate that some companies still use WebSocket in troubleshooting like serving advertisements, infiltrating the DOM, and fingerprinting.…”

Section: Browser-based Tools and Approaches For Security And Privacymentioning

confidence: 99%

“…We note that WebSocket is not an actual HTTP request yet allows browsers to open two-way interactive communication to a server to send and receive messages asynchronously [48]. In the past, tracking companies have leverage WebSocket to circumvent the blocking mechanism in ad-blockers [4]. We intercept these channels using the approach for object creation presented in "JavaScript interception".…”

Section: Data Sink Channelsmentioning

confidence: 99%

A User-Oriented Approach and Tool for Security and Privacy Protection on the Web

et al. 2020

View full text Add to dashboard Cite

We introduce a novel approach to protecting the privacy of web users. We propose to monitor the behaviors of JavaScript code within a web origin based on the source of the code, i.e., code origin, to detect and prevent malicious actions that would compromise users' privacy. Our code-origin policy enforcement approach not only advances the conventional same-origin policy standard but also goes beyond the "all-or-nothing" contemporary ad-blockers and tracker-blockers. In particular, our monitoring mechanism does not rely on browsers' network request interception and blocking as in existing blockers. In contrast, we monitor the code that reads or sends user data sent out of the browser to enforce fine-grained and context-aware policies based on the origin of the code. We implement a proof-of-concept prototype and perform practical evaluations to demonstrate the effectiveness of our approach. Our experimental results evidence that the proposed method can detect and prevent data leakage channels not captured by the leading tools such as Ghostery and uBlock Origin. We show that our prototype is compatible with major browsers and popular real-world websites with promising runtime performance. Although implemented as a browser extension, our approach is browser-agnostic and can be integrated into the core of a browser as it is based on standard JavaScript.

show abstract

How Tracking Companies Circumvented Ad Blockers Using WebSockets

Cited by 27 publications

References 29 publications

Energy Conservation with Open Source Ad Blockers

Energy Conservation with Open Source Ad Blockers

Missed by Filter Lists: Detecting Unknown Third-Party Trackers with Invisible Pixels

A User-Oriented Approach and Tool for Security and Privacy Protection on the Web

Contact Info

Product

Resources

About