Combating Web Tracking: Analyzing Web Tracking Technologies for User Privacy
Abstract
:1. Introduction
- •
- An in-depth exploration of various tracking technologies, including the long-established use of cookies by trackers, as well as more recent Web tracking techniques such as Web beacons and browser fingerprinting. The paper examines how these technologies are employed for tracking purposes.
- •
- A comprehensive discussion of the research methodologies and tools used to detect prevalent tracking activities on the web, alongside the technologies designed to prevent such tracking. The paper categorizes approaches for measuring Web APIs and outlines strategies for preventing tracking, including the randomization of API values, patching of non-unique fingerprints, employing machine learning techniques for tracking detection, and implementing dynamic taint analysis.
- •
- Finally, the paper presents the challenges and potential research directions that may help address the ongoing and future arms race between tracking technologies and privacy-preserving methods.
2. Tracking on the Web
2.1. Web Tracking Methods
2.1.1. Cookie
Types of Cookies
Security Risks of Cookies
Cookie Security Measures
2.1.2. Web Beacon
2.1.3. Referrer Header
2.1.4. IP Address-Based Tracking
2.1.5. Fingerprinting
2.1.6. Canvas Fingerprinting
2.1.7. Third-Party Tracking Scripts
2.2. How Web Tracking Works
2.2.1. Script
2.2.2. Browser Extensions
2.2.3. Browser Plugins
2.3. Data Privacy Regulation on Web Tracking
3. Countermeasures against Web Tracking
3.1. Tracking Measurement
3.1.1. Tracking Measurements in Mobile Devices
3.1.2. Measurement of User Browsers on a Large Scale
3.2. Tracking Prevention
3.2.1. Mainly Used Tracking Prevention Solution
3.2.2. Adding a Noise or Randomization
3.2.3. Making Non-Unique Fingerprints
3.2.4. Tracking Detection Using Machine Learning
3.2.5. JavaScript Dynamic Taint Analysis
3.3. Challenges
3.3.1. Page Cloaking
3.3.2. Bot Detection
3.3.3. Effectiveness (Blocking and Preventing Tracking)
3.3.4. Arms Race to Produce Filter Lists against Trackers
3.3.5. Limiting Browsing Experience
4. Future Research Directions
4.1. Evolution of Web Tracking Technology
4.2. Combine Strategies for Layered Defense
4.3. Leverage AI and Machine Learning for Detection
4.4. Holistic Tracker Detection Across Browser, Network, and Device Levels
4.5. Automated Privacy Audits and Monitoring
4.6. User Awareness and Control with Detailed Feedback
5. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Falahrastegar, M.; Haddadi, H.; Uhlig, S.; Mortier, R. Tracking Personal Identifiers Across the Web. In Proceedings of the Passive and Active Measurement: 17th International Conference, Fukuoka, Japan, 31 March–1 April 2016; Springer: Cham, Switzerland, 2016; pp. 230–241. [Google Scholar]
- Castell-Uroz, I.; Solé-Pareta, J.; Barlet-Ro, P. TrackSign: Guided Web Tracking Discovery. In Proceedings of the IEEE Annual Joint Conference: INFOCOM, IEEE Computer and Communications Societies, Vancouver, BC, Canada, 10–13 May 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1–10. [Google Scholar]
- Mikians, J.; Gyarmati, L.; Erramilli, V.; Inc, G.; Laoutaris, N. Detecting price and search discrimination on the internet. In Proceedings of the 11th ACM Workshop on Hot Topics in Networks, 2012, Redmond, WA, USA, 29–30 October 2012; pp. 79–84. [Google Scholar]
- Mikians, J.; Gyarmati, L.; Erramilli, V.; Laoutaris, N. Crowd-assisted search for price discrimination in e-commerce: First results. In Proceedings of the Ninth ACM Conference on Emerging Networking Experiments and Technologies, Santa Barbara, CA, USA, 9–12 December 2013; pp. 1–6. [Google Scholar]
- Mayer, J.R.; Mitchell, J.C. Third-Party Web Tracking: Policy and Technology. In Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 20–23 May 2012; IEEE: Piscataway, NJ, USA, 2012; pp. 413–427. [Google Scholar]
- Bujlow, T.; Carela-Español, V.; Solé-Pareta, J.; Barlet-Ros, P. A Survey on Web Tracking: Mechanisms, Implications, and Defenses. Proc. IEEE 2017, 105, 1476–1510. [Google Scholar] [CrossRef]
- Königs, P. Government surveillance, privacy, and legitimacy. Philos. Technol. 2022, 35, 8. [Google Scholar] [CrossRef]
- Hannak, A.; Soeller, G.; Lazer, D.; Mislove, A.; Wilson, C. Measuring price discrimination and steering on e-commerce web sites. In Proceedings of the Conference on Internet Measurement Conference, Vancouver, BC, Canada, 5–7 November 2014; pp. 305–318. [Google Scholar]
- Castell-Uroz, I.; Solé-Pareta, J.; Barlet-Ros, P. Network measurements for web tracking analysis and detection: A tutorial. IEEE Instrum. Meas. Mag. 2020, 23, 50–57. [Google Scholar] [CrossRef]
- Papadogiannakis, E.; Papadopoulos, P.; Kourtellis, N.; Markatos, E.P. User Tracking in the Post-cookie Era: How Websites Bypass GDPR Consent to Track Users. In Proceedings of the International World Wide Web Conference, Ljubljana, Slovenia, 19–23 April 2021; pp. 2130–2141. [Google Scholar]
- Acar, G.; Juarez, M.; Nikiforakis, N.; Diaz, C.; Gürses, S.; Piessens, F.; Preneel, B. FPDetective: Dusting the Web for Fingerprinters. In Proceedings of the 2013 ACM SIGSAC Conference on Computer Communications Security (CCS ’13), Berlin, Germany, 4–8 November 2013; pp. 1129–1140. [Google Scholar] [CrossRef]
- Englehardt, S.; Narayanan, A. OpenWPM: An Automated Platform for Web Privacy Measurement. Proc. Priv. Enhancing Technol. 2016, 3, 28–42. [Google Scholar]
- Vastel, A.; Rudametkin, W.; Rouvoy, R.; Blanc, X. FP-Crawlers: Studying the resilience of browser fingerprinting to block crawlers. In Proceedings of the MADWeb’20-NDSS Workshop on Measurements, Attacks, and Defenses for the Web, San Diego, CA, USA, 23 February 2020. [Google Scholar]
- Bahrami, P.N.; Iqbal, U.; Shafiq, Z. FP-Radar: Longitudinal Measurement and Early Detection of Browser Fingerprinting. arXiv 2021, arXiv:2112.01662. [Google Scholar] [CrossRef]
- Cassel, D.; Lin, S.C.; Buraggina, A.; Wang, W.; Zhang, A.; Bauer, L.; Hsiao, H.C.; Jia, L.; Libert, T. OmniCrawl: Comprehensive Measurement of Web Tracking With Real Desktop and Mobile Browsers. Proc. Priv. Enhancing Technol. 2022, 2022, 227–252. [Google Scholar] [CrossRef]
- Wu, S.; Li, S.; Cao, Y.; Wang, N. Rendered Private: Making GLSL Execution Uniform to Prevent WebGL-based Browser Fingerprinting. In Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA, 14–16 August 2019; pp. 1645–1660. [Google Scholar]
- Iqbal, U.; Snyder, P.; Zhu, S.; Livshits, B.; Qian, Z.; Shafiq, Z. Adgraph: A graph-based approach to ad and tracker blocking. In Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 18–21 May 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 763–776. [Google Scholar]
- Siby, S.; Iqbal, U.; Englehardt, S.; Shafiq, Z.; Troncoso, C. WebGraph: Capturing Advertising and Tracking Information Flows for Robust Blocking. In Proceedings of the 31st USENIX Security Symposium (USENIX Security 22), Boston, MA, USA, 10–12 August 2022; pp. 2875–2892. [Google Scholar]
- Li, T.; Zheng, X.; Shen, K.; Han, X. FPFlow: Detect and Prevent Browser Fingerprinting with Dynamic Taint Analysis. In Proceedings of the China Cyber Security Annual Conference, Beijing, China, 20–21 July 2021; Springer: Singapore, 2021; pp. 51–67. [Google Scholar]
- Johns, M. SessionSafe: Implementing XSS Immune Session Handling. In Proceedings of the European Symposium on Research in Computer Security, Hamburg, Germany, 18–20 September 2006. [Google Scholar]
- Nikiforakis, N.; Meert, W.; Younan, Y.; Joosen, M.J.W. SessionShield: Lightweight Protection against Session Hijacking. In Proceedings of the Engineering Secure Software and Systems, Madrid, Spain, 9–10 February 2011.
- Pantelic, O.; Jovic, K.; Krstovic, S. Cookies implementation analysis and the impact on user privacy regarding GDPR and CCPA regulations. Sustainability 2022, 14, 5015. [Google Scholar] [CrossRef]
- Sipior, J.C.; Ward, B.T.; Mendoza, R.A. Online privacy concerns associated with cookies, flash cookies, and web beacons. J. Internet Commer. 2011, 10, 1–16. [Google Scholar] [CrossRef]
- Nikiforakis, N.; Kapravelos, A.; Joosen, W.; Kruegel, C.; Piessens, F.; Vigna, G. Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting. In Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 19–22 May 2013; pp. 541–555. [Google Scholar]
- Yen, T.F.; Xie, Y.; Yu, F.; Yu, R.P.; Abadi, M. Host Fingerprinting and Tracking on the Web: Privacy and Security Implications. In Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, 5–8 February 2012; p. 66. [Google Scholar]
- Sirinam, P.; Imani, M.; Juarez, M.; Wright, M. Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada, 15–19 October 2018; pp. 1928–1943. [Google Scholar]
- Mowery, K.; Shacham, H. Pixel perfect: Fingerprinting canvas in HTML5. In Proceedings of the W2SP, San Francisco, CA, USA, 20–23 May 2012. [Google Scholar]
- Huang, Y.W.; Huang, S.K.; Lin, T.P.; Tsai, C.H. Web application security assessment by fault injection and behavior monitoring. In Proceedings of the Web Application Security Assessment by Fault Injection and Behavior Monitoring, Budapest, Hungary, 20–24 May 2003; pp. 148–159. [Google Scholar]
- Barth, A.; Felt, A.P.; Saxena, P.; Boodman, A. Protecting Browsers from Extension Vulnerabilities. In Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, USA, 28 February–3 March 2010. [Google Scholar]
- Zhou, B.; Khosla, A.; Lapedriza, A.; Oliva, A.; Torralba, A. Learning deep features for discriminative localization. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, NV, USA, 27–30 June 2016; pp. 2921–2929. [Google Scholar]
- Arunagiri, J.; Rakhi, S.; Jevitha, K. A Systematic Review of Security Measures for Web Browser Extension Vulnerabilities. In Proceedings of the International Conference on Soft Computing Systems: ICSCS; Springer: New Delhi, India, 2015; pp. 99–112. [Google Scholar]
- Ter Louw, M.; Lim, J.S.; Venkatakrishnan, V.N. Enhancing web browser security against malware extensions. J. Comput. Virol. 2008, 4, 175–195. [Google Scholar] [CrossRef]
- Šilić, M.; Krolo, J.; Delač, G. Security vulnerabilities in modern web browser architecture. In Proceedings of the 33rd International Convention MIPRO, Opatija, Croatia, 24–28 May 2010; IEEE: Piscataway, NJ, USA, 2010; pp. 1240–1245. [Google Scholar]
- Roth, S.; Calzavara, S.; Wilhelm, M.; Rabitti, A.; Stock, B. The Security Lottery: Measuring Client-Side Web Security Inconsistencies. In Proceedings of the 31st USENIX Security Symposium (USENIX Security 22), Boston, MA, USA, 10–12 August 2022; pp. 2047–2064. [Google Scholar]
- Sanchez-Rola, I.; Dell’Amico, M.; Kotzias, P.; Balzarotti, D. Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control. In Proceedings of the Asia CCS’19: 2019 ACM Asia Conference on Computer and Communications Security, Auckland, New Zealand, 9–12 July 2019; pp. 340–351. [Google Scholar]
- Historical Yearly Trends in the Usage Statistics of Client-Side Programming Languages for Websites. Available online: https://w3techs.com/technologies/history_overview/client_side_language/all/y (accessed on 15 October 2022).
- Adobe Flash Player EOL General Information Page. Available online: https://www.adobe.com/products/flashplayer/end-of-life.html (accessed on 1 January 2021).
- FaizKhademi, A.; Zulkernine, M.; Weldemariam, K. FPGuard: Detection and prevention of browser fingerprinting. In Proceedings of the IFIP Annual Conference on Data and Applications Security and Privacy, Fairfax, VA, USA, 13–15 July 2015; Springer: Cham, Switzerland, 2015; pp. 293–308. [Google Scholar]
- Laperdrix, P.; Rudametkin, W.; Baudry, B. Mitigating browser fingerprint tracking: Multi-level reconfiguration and diversification. In Proceedings of the 2015 IEEE/ACM 10th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, Florence, Italy, 18–19 May 2015; IEEE: Piscataway, NJ, USA, 2015; pp. 98–108. [Google Scholar]
- Laperdrix, P.; Baudry, B.; Mishra, V. FPRandom: Randomizing core browser objects to break advanced device fingerprinting techniques. In Proceedings of the International Symposium on Engineering Secure Software and Systems, Bonn, Germany, 3–5 July 2017; Springer: Cham, Switzerland, 2017; pp. 97–114. [Google Scholar]
- Baumann, P.; Katzenbeisser, S.; Stopczynski, M.; Tews, E. Disguised chromium browser: Robust browser, flash and canvas fingerprinting protection. In Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society, Vienna, Austria, 24 October 2016; pp. 37–46. [Google Scholar]
- Nikiforakis, N.; Joosen, W.; Livshits, B. Privaricator: Deceiving fingerprinters with little white lies. In Proceedings of the 4th International Conference on World Wide Web, Florence, Italy, 18–22 May 2015; pp. 820–830. [Google Scholar]
- Yang, Z.; Pei, W.; Chen, M.; Yue, C. WTAGRAPH: Web Tracking and Advertising Detection using Graph Neural Networks. In Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 22–26 May 2022. [Google Scholar]
- Hieu, L.; Athina, M.; Zubair, S. CV-Inspector: Towards Automating Detection of Adblock Circumvention. In Proceedings of the Network and Distributed System Security Symposium (NDSS), Virtual, 21–25 February 2021. [Google Scholar]
- Iqbal, U.; Englehardt, S.; Shafiq, Z. Fingerprinting the fingerprinters: Learning to detect browser fingerprinting behaviors. In Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 24–27 May 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1143–1161. [Google Scholar]
- Mobile-Desktop-Internet-Usage-Statistics. Available online: https://www.broadbandsearch.net/blog/mobile-desktop-internet-usage-statistics (accessed on 1 January 2022).
- Das, A.; Acar, G.; Borisov, N.; Pradeep, A. The web’s sixth sense: A study of scripts accessing smartphone sensors. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada, 15–19 October 2018; pp. 1515–1532. [Google Scholar]
- Zhang, J.; Beresford, A.R.; Sheret, I. Sensorid: Sensor calibration fingerprinting for smartphones. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 19–23 May 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 638–655. [Google Scholar]
- About Cover Your Tracks. Available online: https://coveryourtracks.eff.org/about (accessed on 1 September 2022).
- Eckersley, P. How unique is your web browser? In Proceedings of the International Symposium on Privacy Enhancing Technologies Symposium, Berlin, Germany, 21–23 July 2010; Springer: Berlin/Heidelberg, Germany, 2010; pp. 1–18. [Google Scholar]
- Am I Unique. Available online: https://amiunique.org/ (accessed on 1 September 2022).
- Laperdrix, P.; Rudametkin, W.; Baudry, B. Beauty and the beast: Diverting modern web browsers to build unique browser fingerprints. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, 22–26 May 2016; IEEE: Piscataway, NJ, USA, 2016; pp. 878–894. [Google Scholar]
- Gómez-Boix, A.; Laperdrix, P.; Baudry, B. Hiding in the crowd: An analysis of the effectiveness of browser fingerprinting at large scale. In Proceedings of the 2018 World Wide Web Conference, Lyon, France, 23–27 April 2018; pp. 309–318. [Google Scholar]
- Fingerprinting Defenses 2.0. Available online: https://brave.com/privacy-updates/4-fingerprinting-defenses-2.0/#1-past-and-current-generation-fingerprinting-protections (accessed on 1 May 2020).
- Tracking Prevention in Microsoft Edge. Available online: https://learn.microsoft.com/en-us/microsoft-edge/web-platform/tracking-prevention#classification (accessed on 1 May 2022).
- Intelligent Tracking Prevention. Available online: https://www.simoahava.com/privacy/intelligent-tracking-prevention-ios-14-ipados-14-safari-14/ (accessed on 1 September 2020).
- How to Keep Spam Away from Your Smartphone. Available online: https://news.samsung.com/global/how-to-keep-spam-away-from-your-smartphone (accessed on 1 September 2020).
- About Tor Browser. Available online: https://tb-manual.torproject.org/about/ (accessed on 1 October 2022).
- Should I Install a New Add-On or Extension in Tor Browser, like AdBlock Plus or uBlock Origin? Available online: https://support.torproject.org/ (accessed on 1 October 2022).
- Browser Fingerprinting: An Introduction and the Challenges Ahead. Available online: https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead/ (accessed on 1 September 2019).
- How Do Ad Blockers Work? A Guide For Publishers. Available online: https://www.kevel.com/blog/how-ad-blockers-work/ (accessed on 1 April 2020).
- Does Privacy Badger Contain a List of Blocked Sites? Available online: https://privacybadger.org/#Does-Privacy-Badger-contain-a-list-of-blocked-sites (accessed on 1 October 2022).
- Merzdovnik, G.; Huber, M.; Buhov, D.; Nikiforakis, N.; Neuner, S.; Schmiedecker, M.; Weippl, E. Block me if you can: A large-scale study of tracker-blocking tools. In Proceedings of the 2017 IEEE European Symposium on Security and Privacy (EuroS&P), Paris, France, 26–28 April 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 319–333. [Google Scholar]
- Munir, S.; Siby, S.; Iqbal, U.; Englehardt, S.; Shafiq, Z.; Troncoso, C. Cookiegraph: Understanding and detecting first-party tracking cookies. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Copenhagen, Denmark, 26–30 November 2023. [Google Scholar]
- Kang, M.G.; McCamant, S.; Poosankam, P.; Song, D. Dta++: Dynamic taint analysis with targeted control-flow propagation. In Proceedings of the NDSS, San Diego, CA, USA, 6 February–9 February 2011. [Google Scholar]
- Krumnow, B.; Jonker, H.; Karsch, S. Analysing and strengthening OpenWPM’s reliability. arXiv 2022, arXiv:2205.08890. [Google Scholar]
- Goßen, D.; Jonker, I.H.; Poll, I.E. Design and Implementation of a Stealthy OpenWPM Web Scraper. Master’s Thesis, Radboud University Nijmegen, Nijmegen, The Netherlands, 2020. [Google Scholar]
- Zhang, P.; Oest, A.; Cho, H.; Sun, Z.; Johnson, R.; Wardman, B.; Sarker, S.; Kapravelos, A.; Bao, T.; Wang, R.; et al. Crawlphish: Large-scale analysis of client-side cloaking techniques in phishing. In Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 24–27 May 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1109–1124. [Google Scholar]
- Vastel, A.; Laperdrix, P.; Rudametkin, W.; Rouvoy, R. Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies. In Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, USA, 15–17 August 2018; pp. 135–150. [Google Scholar]
- Mughees, M.H.; Qian, Z.; Shafiq, Z.; Dash, K.; Hui, P. A first look at ad-block detection: A new arms race on the web. arXiv 2016, arXiv:1605.05841. [Google Scholar]
- Cross-Origin Fingerprinting Unlinkability. Available online: https://2019.www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability (accessed on 1 September 2019).
- Smith, M.; Snyder, P.; Livshits, B.; Stefan, D. SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, 15–19 November 2021; pp. 2844–2857. [Google Scholar]
- Karami, S.; Ilia, P.; Solomos, K.; Polakis, J. Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting. In Proceedings of the 27th Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, 23–26 February 2020. [Google Scholar]
- Senol, A.; Acar, G.; Humbert, M.; Borgesius, F.Z. Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission. In Proceedings of the 31st USENIX Security Symposium (USENIX Security 22), Boston, MA, USA, 10–12 August 2022; pp. 1813–1830. [Google Scholar]
- Laor, T.; Mehanna, N.; Durey, A.; Dyadyuk, V.; Laperdrix, P.; Maurice, C.; Oren, Y.; Rouvoy, R.; Rudametkin, W.; Yarom, Y. DRAWNAPART: A Device Identification Technique based on Remote GPU Fingerprinting. arXiv 2022, arXiv:2201.09956. [Google Scholar]
- Dambra, S.; Sanchez-Rola, I.; Bilge, L.; Balzarotti, D. When Sally Met Trackers: Web Tracking From the Users’ Perspective. In Proceedings of the 31st USENIX Security Symposium (USENIX Security 22), Boston, MA, USA, 10–12 August 2022; pp. 2189–2206. [Google Scholar]
- Ad Blocker Usage and Demographic Statistics in 2022. Available online: https://backlinko.com/ad-blockers-users (accessed on 1 March 2021).
Attribute | FourthParty | FPDetective | OpenWPM | FP-Crawler | FP-Radar | OpenWPM-Mobile | OmniCrawl |
---|---|---|---|---|---|---|---|
Cookies | ✓ | - | ✓ | - | - | ✓ | ✓ |
Window | ✓ | ✓ | ✓ | ✓ | - | ✓ | - |
Navigator | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - |
Screen | ✓ | - | - | ✓ | - | - | - |
HTML elements | - | ✓ | - | - | - | - | - |
Resource loads | ✓ | - | - | - | - | - | - |
CSS font | - | ✓ | - | - | - | ✓ | ✓ |
Canvas | - | - | ✓ | ✓ | - | ✓ | ✓ |
WebRTC | - | - | ✓ | ✓ | - | ✓ | ✓ |
Audio | - | - | ✓ | ✓ | - | ✓ | ✓ |
Plugin access | - | - | ✓ | - | - | ✓ | ✓ |
MIME type access | - | - | ✓ | - | - | ✓ | - |
WebGL | - | - | - | ✓ | ✓ | - | ✓ |
Audio | - | - | - | - | - | - | ✓ |
Network information | - | - | - | - | ✓ | - | - |
Mouse | - | - | - | - | ✓ | - | - |
Performance | - | - | - | - | ✓ | - | - |
Geolocation | - | - | - | - | ✓ | - | - |
Web worker | - | - | - | - | ✓ | - | - |
Battery | - | - | - | - | ✓ | - | ✓ |
Sensor | - | - | - | - | ✓ | ✓ | ✓ |
Gamepad | - | - | - | - | ✓ | - | - |
Clipboard | - | - | - | - | ✓ | - | - |
Touch | - | - | - | - | ✓ | - | - |
Name | Tracker and Ad Blocking | Fingerprinting Prevention | Cross-Site Cookie Prevention |
---|---|---|---|
Brave Browser | |||
Chrome | |||
Edge | |||
Firefox | |||
Opera | |||
Safari | |||
Tor Browser |
Name | Tracker and Ad Blocking | Fingerprinting Prevention | Cross-Site Cookie Prevention |
---|---|---|---|
Brave Browser | |||
Chrome | |||
Edge | |||
Firefox | |||
Opera | |||
Samsung Internet | |||
Safari | |||
Tor Browser |
Name | Type | Prevention Method |
---|---|---|
FPGuard [38] | Adding a noise or randomization | Using simple element randomization for canvas, font enumeration, Flash-based fingerprinting, and JavaScript objects’ fingerprinting. |
Blink [39] | Reconstructs elements called diversified platform components (DPCs) such as font, plugins, browsers, operating system, and CPU architecture. | |
FPRandom [40] | By modifying Firefox’s code, random values are added to the values derived by the browser function to deliver different return values between each browsing session. | |
DCB [41] | Instead of disabling or randomizing system and browser parameters, it is a solution developed in such a way that the value of the element changes every session. | |
PriVaricator [42] | PriVaricator intercepts each access to the DOM attribute and uses a series of random policies to change the returned value. | |
UniGL [16] | Making non-unique fingerprints | Rewrite the GLSL program and standardize the rendering process with the support of WebGL features. |
AdGraph [17] | Tracking detection using machine learning | AdGraph is a solution that extracts the structural and content features of webpages and classifies malicious behaviors using a supervised learning-based random forest technique. |
WebGraph [18] | WebGraph trains identifiers by featuring action behaviors that are difficult for trackers to obfuscate. | |
WTAGraph [43] | WTAGraph configures a graph representing HTTP network traffic and build a graph neural network (GNN) based on it to detect Web tracking and advertising. | |
CV-Inspector [44] | Automation tool for filter-list curators to help them focus their inspection efforts on discovering new sites that employ circumvention. | |
FP-Inspector [45] | ML-based approach that combines static and dynamic JavaScript analysis to counter browser fingerprinting. | |
FPFlow [19] | JavaScript taint analysis | FPFlow checks for taint propagation between JavaScript objects in scripts during webpage visits and intercepts requests. |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Sim, K.; Heo, H.; Cho, H. Combating Web Tracking: Analyzing Web Tracking Technologies for User Privacy. Future Internet 2024, 16, 363. https://doi.org/10.3390/fi16100363
Sim K, Heo H, Cho H. Combating Web Tracking: Analyzing Web Tracking Technologies for User Privacy. Future Internet. 2024; 16(10):363. https://doi.org/10.3390/fi16100363
Chicago/Turabian StyleSim, Kyungmin, Honyeong Heo, and Haehyun Cho. 2024. "Combating Web Tracking: Analyzing Web Tracking Technologies for User Privacy" Future Internet 16, no. 10: 363. https://doi.org/10.3390/fi16100363
APA StyleSim, K., Heo, H., & Cho, H. (2024). Combating Web Tracking: Analyzing Web Tracking Technologies for User Privacy. Future Internet, 16(10), 363. https://doi.org/10.3390/fi16100363