Research: Anti-tracking tools are effective at countering site tracking

Spread the love

A study conducted by two Princeton University researchers found that anti-tracking tools are an effective means of counteracting website tracking. As part of the study, the million most popular sites were surveyed.

These sites stem from the database maintained by Alexa. The purpose of the study was to find out how these sites track users through tracking cookies and browser fingerprinting. To conduct the research, Steven Englehardt and Arvin Narayanan used the open source tool OpenWPM. This tool is based on Firefox and is able to function on a large scale automatically.

The researchers tested the effectiveness of cookie blockers by looking at the built-in Firefox feature and at third-party tools such as Ghostery and uBlock Origin. They found that the built-in Firefox feature is very effective against the placement of third party tracking cookies by websites: only 0.4 percent of the sites surveyed placed such a cookie after enabling, and usually for legitimate reasons. The similar extension Privacy Badger is not mentioned in the study; the fact that Ghostery resells certain data is also not discussed.

With Ghostery, the average number of third-party trackers was found to drop from 17.7 to 3.3. It also turned out that the tool makes exceptions for content delivery networks, such as cloudflare.com and maps.google.com, and does what it promises. Ghostery appeared to have trouble with lesser-known trackers; According to the researchers, this has to do with the fact that the blocklists are drawn up by hand.

The third parties most frequently present on the sites surveyed are identified by the researchers as Google, Facebook and Twitter. Together, these are the only three companies that appear on more than 10 percent of all sites. The rest of the parties remain below that percentage. In addition, 12 of the 20 most common domains on sites belong to Google. The researchers note that many domains do not occur in a ‘tracking context’, from which they deduce that there is no ‘explosion of tracking by third parties’.

Most common third parties, ‘first parties’ stands for the websites on which they are present

The researchers also found that news websites make the most use of trackers. They explain this because such sites have to generate revenue from the content present. They support this finding with the fact that trackers are less common on government and non-profit sites because they have different or no sources of income. The research also shows that porn sites use trackers the least.

In addition, Englehardt and Narayanan find that the third parties have a negative influence on the introduction of https, because in 54 percent of the cases they deliver content via an unsecured http connection. This means that an https site will have to deal with passive ‘mixed content’, so that the browser displays a warning, for example.

The researchers also warn that ‘cookie syncing’ occurs in many cases. In addition, a tracker unnoticed shares a user ID with another tracker, for example by including it in the URL of the request to the other tracker. This practice, which can infringe on the user’s privacy, occurs in 460 of the 1000 most common third parties and is therefore widespread.

Finally, the researchers pay attention to browser fingerprinting, where no cookie is needed to identify a user. With this technique, the user is identified by the properties of the browser, for example by looking at the installed fonts or by canvas fingerprinting. The latter form, according to the survey, is used less and is mainly used to combat fraud.

The researchers also found a new form of fingerprinting using an audio API, in which an oscillator generates a sound signal. The hash of this signal can then be used to identify a user. This technique does not require access to the microphone. However, there were only 67 sites using this method.

You might also like