User Tracking in the Post-cookie Era: How Websites Bypass GDPR Consent
to Track Users
- URL: http://arxiv.org/abs/2102.08779v2
- Date: Thu, 10 Feb 2022 15:22:35 GMT
- Title: User Tracking in the Post-cookie Era: How Websites Bypass GDPR Consent
to Track Users
- Authors: Emmanouil Papadogiannakis, Panagiotis Papadopoulos, Nicolas Kourtellis
and Evangelos P. Markatos
- Abstract summary: We investigate whether websites use persistent and sophisticated forms of tracking in order to track users who said they do not want cookies.
Our results suggest that websites do use such modern forms of tracking even before users had the opportunity to register their choice with respect to cookies.
As a result, users' choices play very little role with respect to tracking.
- Score: 3.936965297430477
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: During the past few years, mostly as a result of the GDPR and the CCPA,
websites have started to present users with cookie consent banners. These
banners are web forms where the users can state their preference and declare
which cookies they would like to accept, if such option exists. Although
requesting consent before storing any identifiable information is a good start
towards respecting the user privacy, yet previous research has shown that
websites do not always respect user choices. Furthermore, considering the ever
decreasing reliance of trackers on cookies and actions browser vendors take by
blocking or restricting third-party cookies, we anticipate a world where
stateless tracking emerges, either because trackers or websites do not use
cookies, or because users simply refuse to accept any.
In this paper, we explore whether websites use more persistent and
sophisticated forms of tracking in order to track users who said they do not
want cookies. Such forms of tracking include first-party ID leaking, ID
synchronization, and browser fingerprinting. Our results suggest that websites
do use such modern forms of tracking even before users had the opportunity to
register their choice with respect to cookies. To add insult to injury, when
users choose to raise their voice and reject all cookies, user tracking only
intensifies. As a result, users' choices play very little role with respect to
tracking: we measured that more than 75% of tracking activities happened before
users had the opportunity to make a selection in the cookie consent banner, or
when users chose to reject all cookies.
Related papers
- Fingerprinting and Tracing Shadows: The Development and Impact of Browser Fingerprinting on Digital Privacy [55.2480439325792]
Browser fingerprinting is a growing technique for identifying and tracking users online without traditional methods like cookies.
This paper gives an overview by examining the various fingerprinting techniques and analyzes the entropy and uniqueness of the collected data.
arXiv Detail & Related papers (2024-11-18T20:32:31Z) - Browsing without Third-Party Cookies: What Do You See? [5.181502547611254]
Third-party web cookies are often used for privacy-invasive behavior tracking.
To understand the effects of such third-party cookieless browsing, we crawled and measured the top 10,000 Tranco websites.
We develop a framework to remove third-party cookies and analyze the differences between the appearance of web pages with and without these cookies.
arXiv Detail & Related papers (2024-10-14T17:47:43Z) - How Unique is Whose Web Browser? The role of demographics in browser fingerprinting among US users [50.699390248359265]
Browser fingerprinting can be used to identify and track users across the Web, even without cookies.
This technique and resulting privacy risks have been studied for over a decade.
We provide a first-of-its-kind dataset to enable further research.
arXiv Detail & Related papers (2024-10-09T14:51:58Z) - A first look into Utiq: Next-generation cookies at the ISP level [3.434440572295625]
Third-party cookies have been widely used for years, they have also been criticized for their potential impact on user privacy.
Many browsers allow users to block third-party cookies, which limits their usefulness for advertisers.
We take a first look at Utiq, a new way of user tracking performed directly by the ISP, to substitute the third-party cookies.
arXiv Detail & Related papers (2024-05-15T09:23:59Z) - Towards Browser Controls to Protect Cookies from Malicious Extensions [5.445001663133085]
Cookies are valuable targets of attacks that attempt to steal them and gain unauthorized access to user accounts.
Extensions are third-party HTML/JavaScript add-ons with access to several privileged APIs and can run on multiple websites at once.
We propose browser controls based on two new cookie attributes that protect cookies from malicious extensions: BrowserOnly and Tracked.
arXiv Detail & Related papers (2024-05-10T22:04:56Z) - Measuring Strategization in Recommendation: Users Adapt Their Behavior to Shape Future Content [66.71102704873185]
We test for user strategization by conducting a lab experiment and survey.
We find strong evidence of strategization across outcome metrics, including participants' dwell time and use of "likes"
Our findings suggest that platforms cannot ignore the effect of their algorithms on user behavior.
arXiv Detail & Related papers (2024-05-09T07:36:08Z) - Characterizing Browser Fingerprinting and its Mitigations [0.0]
This work explores one of these tracking techniques: browser fingerprinting.
We detail how browser fingerprinting works, how prevalent it is, and what defenses can mitigate it.
arXiv Detail & Related papers (2023-10-12T20:31:24Z) - Online Corrupted User Detection and Regret Minimization [49.536254494829436]
In real-world online web systems, multiple users usually arrive sequentially into the system.
We present an important online learning problem named LOCUD to learn and utilize unknown user relations from disrupted behaviors.
We devise a novel online detection algorithm OCCUD based on RCLUB-WCU's inferred user relations.
arXiv Detail & Related papers (2023-10-07T10:20:26Z) - Protecting User Privacy in Online Settings via Supervised Learning [69.38374877559423]
We design an intelligent approach to online privacy protection that leverages supervised learning.
By detecting and blocking data collection that might infringe on a user's privacy, we can restore a degree of digital privacy to the user.
arXiv Detail & Related papers (2023-04-06T05:20:16Z) - User Perception and Actions Through Risk Analysis Concerning Cookies [1.2891210250935146]
We conducted a user study through a control versus experimental group survey.
Our goal was to gauge how user knowledge reflected their security and privacy preferences on the internet.
We analyzed user awareness of cookies, their privacy implications, and how risk communication can impact user behavior.
arXiv Detail & Related papers (2022-11-14T14:02:50Z) - Federated Learning of User Authentication Models [69.93965074814292]
We propose Federated User Authentication (FedUA), a framework for privacy-preserving training of machine learning models.
FedUA adopts federated learning framework to enable a group of users to jointly train a model without sharing the raw inputs.
We show our method is privacy-preserving, scalable with number of users, and allows new users to be added to training without changing the output layer.
arXiv Detail & Related papers (2020-07-09T08:04:38Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.