Linlin Yang,Wei Wang,Yanjiao Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2014.12.017

IF: 5.493

2015-01-01

Computer Networks

Abstract:With the prosperity of the Internet, many advertisers choose to deliver their advertisements by online targeting, where the ad broker is responsible for matching advertisements with users who are likely to be interested in the underlying products or services. However, this online advertisement targeting system requires user profile information and may fail due to privacy issues. In light of growing privacy concerns, we propose a privacy-aware framework for online advertisement targeting, where users are compensated for their privacy leakage and motivated to click more advertisements. In the framework, an ad broker pays a varying amount of money to users for clicking different advertisements due to distinct privacy leakage. Meanwhile advertisers send advertisements to the ad broker and determine the price per user click they need to pay. We model the interactions among advertisers, the ad broker and users as a three-stage game, where every player aims at maximizing its own utility, and Nash Equilibrium is achieved by backward induction. We further analyze the optimal strategies for advertisers, the ad broker and users. Numerical results have shown that the proposed privacy-aware framework is effective as it enables all advertisers, the ad broker and users to maximize their utilities in case of different levels of user privacy sensitivities. In addition, the proposed framework produces higher profits for advertisers and the ad broker than the traditional “paid to click” system.

Dylan Cooper,Taylan Yalcin,Cristina Nistor,Matthew Macrini,Ekin Pehlivan

DOI: https://doi.org/10.2139/ssrn.4012936

2021-01-01

SSRN Electronic Journal

Abstract:Purpose: Privacy considerations have become a topic with increasing interest from academics, industry leaders, and regulators. In response to consumers’ privacy concerns, Google announced in 2020 that Chrome would stop supporting third-party cookies in the near future. At the same time, advertising technology companies are developing alternative solutions for online targeting and consumer privacy controls. In this paper, we explore privacy considerations related to online tracking and targeting methods used for programmatic advertising (i.e., third-party cookies, Privacy Sandbox, Unified ID 2.0) for a variety of stakeholders: consumers, AdTech platforms, advertisers, and publishers.Design/methodology/approach: We analyze the topic of internet user privacy concerns, through a multi-pronged approach: industry conversations to collect information, a comprehensive review of trade publications, and extensive empirical analysis. We use two methods to collect data on consumer preferences for privacy controls: a survey of a representative sample of US consumers and field data from conversations on web-forums created by tech professionals. Findings: Our results suggest that there are four main segments in the US internet user population. The first segment, consisting of 26% of internet users, is driven by a strong preference for relevant ads and includes consumers who accept the premises of both Privacy Sandbox and UID 2.0. The second segment (26%) includes consumers who are ambivalent about both sets of premises. The third segment (34%) is driven by a need for relevant ads and a strong desire to prevent advertisers from aggressively collecting data, with consumers who accept the premises of Privacy Sandbox but reject the premises of UID 2.0. The fourth segment (15% of consumers) rejected both sets of premises about privacy control. Text analysis results suggest that the conversation around UID 2.0 is still nascent. Google Sandbox associations seem nominally positive, with sarcasm being an important factor in the sentiment analysis results. Originality: The value of this paper lies in its multi-method examination of online privacy concerns in light of the recent regulatory legislation (i.e., GDPR and CCPA) and changes for third-party cookies in browsers such as Firefox, Safari, and Chrome. Two alternatives proposed to replace third-party cookies (Privacy Sandbox and Unified ID 2.0) are in the proposal and prototype stage. The elimination of third-party cookies will affect stakeholders, including different types of players in the AdTech industry and internet users. We analyze how two alternative proposals for privacy control align with the interests of several stakeholders.

Nataliia Bielova

DOI: https://doi.org/10.1145/3133956.3136067

2017-10-30

Abstract:Billions of users browse the Web on a daily basis, leaving their digital traces on millions of websites. Every such visit, every mouse move or button click may trigger a wide variety of hidden data exchanges across multiple tracking companies. As a result, these companies collect a vast amount of user's data, preferences and habits, that are extremely useful for online advertisers and profitable for data brokers, however very worrisome for the privacy of the users. In this \emph{3-hours tutorial} we will cover the vide variety of Web tracking technologies, ranging from simple cookies to advanced cross-device fingerprinting. We will describe the main mechanisms behind web tracking and what users can do to protect themselves. Moreover, we will discuss solutions Web developers can use to automatically eliminate tracking from the third-party content they include in their applications. This tutorial will be of interest to a \emph{general audience} of computer scientists, and \emph{we do not require any specific prerequisite knowledge} for attendees. We will cover the following tracking mechanisms: \begin{itemize} \item third-party cookie tracking, and other stateful tracking techniques that enables tracking across multiple websites, \item cookie respawning that is used to re-create deleted user cookies, \item cookie synching that allows trackers and ad agencies to synchronise user IDs across different companies, \item browser fingerprinting, including Canvas, WebRTC and AudioContext fingerprinting \item cross-browser device fingerprinting, allowing trackers to recognise users across several devices. \end{itemize} We will then demonstrate prevalence of such techniques on the Web, based on previous research. We will present the advertisement ecosystem and explain how Web technologies are used in advertisement, in particular in Real-Time-Bidding (RTB). We will explain how cookie synching is used in RTB and present recent analysis on how much a user's tracking data is worth. We will discuss the mechanisms the website owners use to automatically interact with the ad agencies, and explain its consequences on user's security and privacy. To help users protect themselves from Web tracking, we will give an overview of existing solutions. We'll start with the browser settings, and show that basic third-party cookie tracking is still possible even in the private browser mode of most common Web browsers. We then present privacy-protecting browser extensions and compare how efficient they are in protection from Web tracking. Then, we'll present possible protection mechanisms based on browser randomisation to protect from advanced fingerprinting techniques. Finally, we will present solutions for Web developers, who want to include third-party content in their websites, but would like to automatically remove any tracking of their users. In particular, we will discuss simple solutions that exist today for social plugins integration, and propose more advanced server-side based solutions that are a result of our own research.

Emmanouil Papadogiannakis,Panagiotis Papadopoulos,Nicolas Kourtellis,Evangelos P. Markatos

DOI: https://doi.org/10.1145/3442381.3450056

2022-02-10

Abstract:During the past few years, mostly as a result of the GDPR and the CCPA, websites have started to present users with cookie consent banners. These banners are web forms where the users can state their preference and declare which cookies they would like to accept, if such option exists. Although requesting consent before storing any identifiable information is a good start towards respecting the user privacy, yet previous research has shown that websites do not always respect user choices. Furthermore, considering the ever decreasing reliance of trackers on cookies and actions browser vendors take by blocking or restricting third-party cookies, we anticipate a world where stateless tracking emerges, either because trackers or websites do not use cookies, or because users simply refuse to accept any. In this paper, we explore whether websites use more persistent and sophisticated forms of tracking in order to track users who said they do not want cookies. Such forms of tracking include first-party ID leaking, ID synchronization, and browser fingerprinting. Our results suggest that websites do use such modern forms of tracking even before users had the opportunity to register their choice with respect to cookies. To add insult to injury, when users choose to raise their voice and reject all cookies, user tracking only intensifies. As a result, users' choices play very little role with respect to tracking: we measured that more than 75% of tracking activities happened before users had the opportunity to make a selection in the cookie consent banner, or when users chose to reject all cookies.

Computers and Society,Cryptography and Security

Ignacio Cofone

DOI: https://doi.org/10.2139/ssrn.2541215

2014-01-01

SSRN Electronic Journal

Abstract:Limitations on online tracking are object of a regulatory debate that has shifted to the use of default rules to enhance privacy. The European Union implemented this idea with the Cookies Directive. The Directive aims to change the default system for tracking and move to an opt-in system in which data subjects must agree to it beforehand. This article evaluates the Directive’s implementation across Member States and studies the cases of the Netherlands and the UK. It then draws from the behavioural economics literature on default rules to evaluate these regulations and to consider whether it is possible to implement the policy in a way that avoids some of the problems they faced.

Xuehui Hu,Nishanth Sastry

DOI: https://doi.org/10.1145/3292522.3326039

2019-05-04

Abstract:The recently introduced General Data Protection Regulation (GDPR) requires that when obtaining information online that could be used to identify individuals, their consents must be obtained. Among other things, this affects many common forms of cookies, and users in the EU have been presented with notices asking their approvals for data collection. This paper examines the prevalence of third party cookies before and after GDPR by using two datasets: accesses to top 500 websites according to <a class="link-external link-http" href="http://Alexa.com" rel="external noopener nofollow">this http URL</a>, and weekly data of cookies placed in users' browsers by websites accessed by 16 UK and China users across one year. We find that on average the number of third parties dropped by more than 10% after GDPR, but when we examine real users' browsing histories over a year, we find that there is no material reduction in long-term numbers of third party cookies, suggesting that users are not making use of the choices offered by GDPR for increased privacy. Also, among websites which offer users a choice in whether and how they are tracked, accepting the default choices typically ends up storing more cookies on average than on websites which provide a notice of cookies stored but without giving users a choice of which cookies, or those that do not provide a cookie notice at all. We also find that top non-EU websites have fewer cookie notices, suggesting higher levels of tracking when visiting international sites. Our findings have deep implications both for understanding compliance with GDPR as well as understanding the evolution of tracking on the web.

Cryptography and Security,Information Retrieval

Pierre Tholoniat,Kelly Kostopoulou,Peter McNeely,Prabhpreet Singh Sodhi,Anirudh Varanasi,Benjamin Case,Asaf Cidon,Roxana Geambasu,Mathias Lécuyer

DOI: https://doi.org/10.1145/3694715.3695965

2024-10-02

Abstract:With the impending removal of third-party cookies from major browsers and the introduction of new privacy-preserving advertising APIs, the research community has a timely opportunity to assist industry in qualitatively improving the Web's privacy. This paper discusses our efforts, within a W3C community group, to enhance existing privacy-preserving advertising measurement APIs. We analyze designs from Google, Apple, Meta and Mozilla, and augment them with a more rigorous and efficient differential privacy (DP) budgeting component. Our approach, called Cookie Monster, enforces well-defined DP guarantees and enables advertisers to conduct more private measurement queries accurately. By framing the privacy guarantee in terms of an individual form of DP, we can make DP budgeting more efficient than in current systems that use a traditional DP definition. We incorporate Cookie Monster into Chrome and evaluate it on microbenchmarks and advertising datasets. Across workloads, Cookie Monster significantly outperforms baselines in enabling more advertising measurements under comparable DP protection.

Cryptography and Security

Javier Parra-Arnau,Jagdish Prasad Achara,Claude Castelluccia

DOI: https://doi.org/10.48550/arXiv.1602.02046

2016-02-05

Abstract:The intrusiveness and the increasing invasiveness of online advertising have, in the last few years, raised serious concerns regarding user privacy and Web usability. As a reaction to these concerns, we have witnessed the emergence of a myriad of ad-blocking and anti-tracking tools, whose aim is to return control to users over advertising. The problem with these technologies, however, is that they are extremely limited and radical in their approach: users can only choose either to block or allow all ads. With around 200 million people regularly using these tools, the economic model of the Web ---in which users get content free in return for allowing advertisers to show them ads--- is at serious peril. In this paper, we propose a smart Web technology that aims at bringing transparency to online advertising, so that users can make an informed and equitable decision regarding ad blocking. The proposed technology is implemented as a Web-browser extension and enables users to exert fine-grained control over advertising, thus providing them with certain guarantees in terms of privacy and browsing experience, while preserving the Internet economic model. Experimental results in a real environment demonstrate the suitability and feasibility of our approach, and provide preliminary findings on behavioral targeting from real user browsing profiles.

Computers and Society,Cryptography and Security

Marjan Falahrastegar,Hamed Haddadi,Steve Uhlig,Richard Mortier

DOI: https://doi.org/10.48550/arXiv.1409.1066

2014-09-03

Abstract:The presence of third-party tracking on websites has become customary. However, our understanding of the third-party ecosystem is still very rudimentary. We examine third-party trackers from a geographical perspective, observing the third-party tracking ecosystem from 29 countries across the globe. When examining the data by region (North America, South America, Europe, East Asia, Middle East, and Oceania), we observe significant geographical variation between regions and countries within regions. We find trackers that focus on specific regions and countries, and some that are hosted in countries outside their expected target tracking domain. Given the differences in regulatory regimes between jurisdictions, we believe this analysis sheds light on the geographical properties of this ecosystem and on the problems that these may pose to our ability to track and manage the different data silos that now store personal data about us all.

Social and Information Networks,Computers and Society

Liam Tyler,Ivan De Oliveira Nunes

2024-09-19

Abstract:Cookies maintain state across related web traffic. As such, cookies are commonly used for authentication by storing a user's session ID and replacing the need to re-enter credentials in subsequent traffic. These so-called ``session cookies'' are prime targets for attacks that aim to steal them to gain unauthorized access to user accounts. To mitigate these attacks, the Secure and HttpOnly cookie attributes limit a cookie's accessibility from malicious networks and websites. However, these controls overlook browser extensions: third-party HTML/JavaScript add-ons with access to privileged browser APIs and the ability to operate across multiple websites. Thus malicious or compromised extensions can provide unrestricted access to a user's session cookies. In this work, we first analyze the prevalence of extensions with access to ``risky'' APIs (those that enable cookie modification and theft) and find that they have hundreds of millions of users. Motivated by this, we propose a mechanism to protect cookies from malicious extensions by introducing two new cookie attributes: BrowserOnly and Monitored. The BrowserOnly attribute prevents extension access to cookies altogether. While effective, not all cookies can be made inaccessible. Thus cookies with the Monitored attribute remain accessible but are tied to a single browser and any changes made to the cookie are logged. As a result, stolen Monitored cookies are unusable outside their original browser and servers can validate the modifications performed. To demonstrate the proposed functionalities, we design and implement CREAM (Cookie Restrictions for Extension Abuse Mitigation) a modified version of the open-source Chromium browser realizing these controls. Our evaluation indicates that CREAM effectively protects cookies from malicious extensions while incurring little run-time overheads.

Cryptography and Security

Xiang Pan,Yinzhi Cao,Yan Chen

DOI: https://doi.org/10.14722/ndss.2015.23163

2015-01-01

Abstract:Stateful third-party web tracking has drawn the attention of public media given its popularity among top Alexa web sites. A tracking server can associate a unique identifier from the client side with the private information contained in the referer header of the request to the tracking server, thus recording the client’s behavior. Faced with the significant problem, existing works either disable setting tracking identifiers or blacklist thirdparty requests to certain servers. However, neither of them can completely block stateful web tracking. In this paper, we propose TrackingFree, the first anti-tracking browser by mitigating unique identifiers. Instead of disabling those unique identifiers, we isolate them into different browser principals so that the identifiers still exist but are not unique among different web sites. By doing this, we fundamentally cut off the tracking chain for third-party web tracking. Our evaluation shows that TrackingFree can invalidate all the 647 trackers found in Alexa Top 500 web sites, and we formally verified that in TrackingFree browser, a single tracker can at most correlate user’s activities on three web sites by Alloy.

Christine Utz,Sabrina Amft,Martin Degeling,Thorsten Holz,Sascha Fahl,Florian Schaub

DOI: https://doi.org/10.48550/arXiv.2203.11387

2022-10-05

Abstract:Modern websites frequently use and embed third-party services to facilitate web development, connect to social media, or for monetization. This often introduces privacy issues as the inclusion of third-party services on a website can allow the third party to collect personal data about the website's visitors. While the prevalence and mechanisms of third-party web tracking have been widely studied, little is known about the decision processes that lead to websites using third-party functionality and whether efforts are being made to protect their visitors' privacy. We report results from an online survey with 395 participants involved in the creation and maintenance of websites. For ten common website functionalities we investigated if privacy has played a role in decisions about how the functionality is integrated, if specific efforts for privacy protection have been made during integration, and to what degree people are aware of data collection through third parties. We find that ease of integration drives third-party adoption but visitor privacy is considered if there are legal requirements or respective guidelines. Awareness of data collection and privacy risks is higher if the collection is directly associated with the purpose for which the third-party service is used.

Human-Computer Interaction

Maxwell Lin,Shihan Lin,Helen Wu,Karen Wang,Xiaowei Yang

2024-10-15

Abstract:Third-party web cookies are often used for privacy-invasive behavior tracking. Partly due to privacy concerns, browser vendors have started to block all third-party cookies in recent years. To understand the effects of such third-party cookieless browsing, we crawled and measured the top 10,000 Tranco websites. We developed a framework to remove third-party cookies and analyze the differences between the appearance of web pages with and without these cookies. We find that disabling third-party cookies has no substantial effect on website appearance including layouts, text, and images. This validates the industry-wide shift towards cookieless browsing as a way to protect user privacy without compromising on the user experience.

Cryptography and Security

Shaoor Munir,Sandra Siby,Umar Iqbal,Steven Englehardt,Zubair Shafiq,Carmela Troncoso

2023-11-27

Abstract:As third-party cookie blocking is becoming the norm in browsers, advertisers and trackers have started to use first-party cookies for tracking. We conduct a differential measurement study on 10K websites with third-party cookies allowed and blocked. This study reveals that first-party cookies are used to store and exfiltrate identifiers to known trackers even when third-party cookies are blocked. As opposed to third-party cookie blocking, outright first-party cookie blocking is not practical because it would result in major functionality breakage. We propose CookieGraph, a machine learning-based approach that can accurately and robustly detect first-party tracking cookies. CookieGraph detects first-party tracking cookies with 90.20% accuracy, outperforming the state-of-the-art CookieBlock approach by 17.75%. We show that CookieGraph is fully robust against cookie name manipulation while CookieBlock's acuracy drops by 15.68%. While blocking all first-party cookies results in major breakage on 32% of the sites with SSO logins, and CookieBlock reduces it to 10%, we show that CookieGraph does not cause any major breakage on these sites. Our deployment of CookieGraph shows that first-party tracking cookies are used on 93.43% of the 10K websites. We also find that first-party tracking cookies are set by fingerprinting scripts. The most prevalent first-party tracking cookies are set by major advertising entities such as Google, Facebook, and TikTok.

Cryptography and Security

Nurullah Demir,Daniel Theis,Tobias Urban,Norbert Pohlmann

DOI: https://doi.org/10.48550/arXiv.2202.01498

2022-02-10

Abstract:Third-party web tracking is a common, and broadly used technique on the Web. Almost every step of users' is tracked, analyzed, and later used in different use cases (e.g., online advertisement). Different defense mechanisms have emerged to counter these practices (e.g., the recent step of browser vendors to ban all third-party cookies). However, all of these countermeasures only target third-party trackers, and ignore the first party because the narrative is that such monitoring is mostly used to improve the utilized service (e.g., analytical services). In this paper, we present a large-scale measurement study that analyzes tracking performed by the first party but utilized by a third party to circumvent standard tracking preventing techniques (i.e., the first party performs the tracking in the name of the third party). We visit the top 15,000 websites to analyze first-party cookies used to track users and a technique called "DNS CNAME cloaking", which can be used by a third party to place first-party cookies. Using this data, we show that 76% sites in our dataset effectively utilize such tracking techniques, and in a long-running analysis, we show that the usage of such cookies increased by more than 50% over 2021. Furthermore, we shed light on the ecosystem utilizing first-party trackers, and find that the established trackers already use such tracking, presumably to avoid tracking blocking.

Cryptography and Security

Reuben Binns,Ulrik Lyngs,Max Van Kleek,Jun Zhao,Timothy Libert,Nigel Shadbolt

DOI: https://doi.org/10.1145/3201064.3201089

2018-10-18

Abstract:Third party tracking allows companies to identify users and track their behaviour across multiple digital services. This paper presents an empirical study of the prevalence of third-party trackers on 959,000 apps from the US and UK Google Play stores. We find that most apps contain third party tracking, and the distribution of trackers is long-tailed with several highly dominant trackers accounting for a large portion of the coverage. The extent of tracking also differs between categories of apps; in particular, news apps and apps targeted at children appear to be amongst the worst in terms of the number of third party trackers associated with them. Third party tracking is also revealed to be a highly trans-national phenomenon, with many trackers operating in jurisdictions outside the EU. Based on these findings, we draw out some significant legal compliance challenges facing the tracking industry.

Computers and Society

Nasser Mohammed Al-Fannah,Wanpeng Li,Chris J Mitchell

DOI: https://doi.org/10.48550/arXiv.1905.09581

2019-05-23

Cryptography and Security

Abstract:Browser fingerprinting is a relatively new method of uniquely identifying browsers that can be used to track web users. In some ways it is more privacy-threatening than tracking via cookies, as users have no direct control over it. A number of authors have considered the wide variety of techniques that can be used to fingerprint browsers; however, relatively little information is available on how widespread browser fingerprinting is, and what information is collected to create these fingerprints in the real world. To help address this gap, we crawled the 10,000 most popular websites; this gave insights into the number of websites that are using the technique, which websites are collecting fingerprinting information, and exactly what information is being retrieved. We found that approximately 69\% of websites are, potentially, involved in first-party or third-party browser fingerprinting. We further found that third-party browser fingerprinting, which is potentially more privacy-damaging, appears to be predominant in practice. We also describe \textit{FingerprintAlert}, a freely available browser extension we developed that detects and, optionally, blocks fingerprinting attempts by visited websites.

Zubair Ahmad,Stefano Calzavara,Samuele Casarin,Ben Stock

DOI: https://doi.org/10.1007/s10207-024-00886-0

2024-07-15

International Journal of Information Security

Abstract:The prevalence of web tracking and its key characteristics have been extensively investigated by the research community by means of large-scale web measurements. Most such measurements however are limited to the choice of a specific client used for data collection, which is insufficient to characterize the relative privacy guarantees offered by the adoption of different clients to access the Web. Recent work on comparative privacy analyses involving multiple clients is still preliminary and relies on relatively simple heuristics to detect web tracking based on the inspection of HTTP requests, cookies and API usage. In this paper, we propose a more sophisticated methodology based on information flow tracking, which is better suited for the complexity of comparing tracking behavior observed in different clients. After clarifying the key challenges of comparative privacy analyses, we apply our methodology to investigate web tracking practices on the top 10k websites from Tranco as observed by different clients, i.e., Firefox and Brave, under different configuration settings. Our analysis estimates information flow reduction to quantify the privacy benefits offered by the filter lists implemented in Firefox and Brave, as well as the effectiveness of their partitioned storage mechanism against cross-site tracking.

computer science, information systems, theory & methods, software engineering

Maximilian Hils,Daniel W. Woods,Rainer Böhme

DOI: https://doi.org/10.48550/arXiv.2109.14286

2021-09-29

Abstract:Privacy preference signals allow users to express preferences over how their personal data is processed. These signals become important in determining privacy outcomes when they reference an enforceable legal basis, as is the case with recent signals such as the Global Privacy Control and the Transparency & Consent Framework. However, the coexistence of multiple privacy preference signals creates ambiguity as users may transmit more than one signal. This paper collects evidence about ambiguity flowing from the aforementioned two signals and the historic Do Not Track signal. We provide the first empirical evidence that ambiguous signals are sent by web users in the wild. We also show that preferences stored in the browser are reliable predictors of privacy preferences expressed in web dialogs. Finally, we provide the first evidence that popular cookie dialogs are blocked by the majority of users who adopted the Do Not Track and Global Privacy Control standards. These empirical results inform forthcoming legal debates about how to interpret privacy preference signals.

Human-Computer Interaction