Tracking the Trackers

Yu, Zhonghao; Macbeth, Sam; Modi, Konark; Pujol, Josep M.

doi:10.1145/2872427.2883028

Cited by 81 publications

(92 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The most widely used ad-blocking list is EasyList, and the most widely used tracker-blocking list is EasyPrivacy. Filter list based blocking introduces false positives and false negatives [43], but the popularity of ad blocking suggests that many users find the usability trade-off to be acceptable. While request-blocking extensions are supported primarily by web browsers, some email clients also have support for them, notably Thunderbird.…”

Section: Defensementioning

confidence: 99%

I never signed up for this! Privacy implications of email tracking

Englehardt

Han

Narayanan

2018

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract:We show that the simple act of viewing emails contains privacy pitfalls for the unwary. We assembled a corpus of commercial mailing-list emails, and find a network of hundreds of third parties that track email recipients via methods such as embedded pixels. About 30% of emails leak the recipient's email address to one or more of these third parties when they are viewed. In the majority of cases, these leaks are intentional on the part of email senders, and further leaks occur if the recipient clicks links in emails. Mail servers and clients may employ a variety of defenses, but we analyze 16 servers and clients and find that they are far from comprehensive. We propose, prototype, and evaluate a new defense, namely stripping tracking tags from emails based on enhanced versions of existing web tracking protection lists.

show abstract

Section: Defensementioning

confidence: 99%

I never signed up for this! Privacy implications of email tracking

Englehardt

Han

Narayanan

2018

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

show abstract

“…78%) have 3rd parties which synchronize cookies with at least one other party, and they can reconstruct 62-73% of a user's browsing history [11]. Furthermore, 95% of pages visited contain 3rd party requests to potential trackers and 78% attempt to transfer unsafe data [46]. Finally, a mechanism for respawing cookies has been identified, with consequences on the reconstruction of users' browsing history, even if they delete their cookies [1].…”

Section: Introductionmentioning

confidence: 99%

Cookie Synchronization: Everything You Always Wanted to Know But Were Afraid to Ask

Papadopoulos¹,

Kourtellis

Markatos

2019

The World Wide Web Conference

104

View full text Add to dashboard Cite

User data is the primary input of digital advertising, fueling the free Internet as we know it. As a result, web companies invest a lot in elaborate tracking mechanisms to acquire user data that can sell to data markets and advertisers. However, with same-origin policy, and cookies as a primary identification mechanism on the web, each tracker knows the same user with a different ID. To mitigate this, Cookie Synchronization (CSync) came to the rescue, facilitating an information sharing channel between third parties that may or not have direct access to the website the user visits. In the background, with CSync, they merge user data they own, but also reconstruct a user's browsing history, bypassing the same origin policy.In this paper, we perform a first to our knowledge in-depth study of CSync in the wild, using a year-long weblog from 850 real mobile users. Through our study, we aim to understand the characteristics of the CSync protocol and the impact it has on web users' privacy. For this, we design and implement CONRAD, a holistic mechanism to detect CSync events at real time, and the privacy loss on the user side, even when the synced IDs are obfuscated. Using CONRAD, we find that 97% of the regular web users are exposed to CSync: most of them within the first week of their browsing, and the median userID gets leaked, on average, to 3.5 different domains. Finally, we see that CSync increases the number of domains that track the user by a factor of 6.75.

show abstract

“…Yu et al proposed a concept in which users collectively identify unsafe data elements and report them to a central server [113]. In their model, all data elements are considered unsafe when they are first reported.…”

Section: Decreasing the Surface Of Browser Apismentioning

confidence: 99%

Browser Fingerprinting

Laperdrix

Bielova²,

Baudry

et al. 2020

ACM Trans. Web

View full text Add to dashboard Cite

With this paper, we survey the research performed in the domain of browser fingerprinting, while providing an accessible entry point to newcomers in the field. We explain how this technique works and where it stems from. We analyze the related work in detail to understand the composition of modern fingerprints and see how this technique is currently used online. We systematize existing defense solutions into different categories and detail the current challenges yet to overcome.

show abstract

Tracking the Trackers

Cited by 81 publications

References 8 publications

I never signed up for this! Privacy implications of email tracking

I never signed up for this! Privacy implications of email tracking

Cookie Synchronization: Everything You Always Wanted to Know But Were Afraid to Ask

Browser Fingerprinting

Contact Info

Product

Resources

About