Related papers: User Tracking in the Post-cookie Era: How Websites Bypass GDPR Consent to Track Users

User Tracking in the Post-cookie Era: How Websites Bypass GDPR Consent to Track Users

URL: http://arxiv.org/abs/2102.08779v2
Date: Thu, 10 Feb 2022 15:22:35 GMT
Title: User Tracking in the Post-cookie Era: How Websites Bypass GDPR Consent to Track Users
Authors: Emmanouil Papadogiannakis, Panagiotis Papadopoulos, Nicolas Kourtellis and Evangelos P. Markatos
Abstract summary: We investigate whether websites use persistent and sophisticated forms of tracking in order to track users who said they do not want cookies. Our results suggest that websites do use such modern forms of tracking even before users had the opportunity to register their choice with respect to cookies. As a result, users' choices play very little role with respect to tracking.
Score: 3.936965297430477
License: http://creativecommons.org/licenses/by/4.0/
Abstract: During the past few years, mostly as a result of the GDPR and the CCPA, websites have started to present users with cookie consent banners. These banners are web forms where the users can state their preference and declare which cookies they would like to accept, if such option exists. Although requesting consent before storing any identifiable information is a good start towards respecting the user privacy, yet previous research has shown that websites do not always respect user choices. Furthermore, considering the ever decreasing reliance of trackers on cookies and actions browser vendors take by blocking or restricting third-party cookies, we anticipate a world where stateless tracking emerges, either because trackers or websites do not use cookies, or because users simply refuse to accept any. In this paper, we explore whether websites use more persistent and sophisticated forms of tracking in order to track users who said they do not want cookies. Such forms of tracking include first-party ID leaking, ID synchronization, and browser fingerprinting. Our results suggest that websites do use such modern forms of tracking even before users had the opportunity to register their choice with respect to cookies. To add insult to injury, when users choose to raise their voice and reject all cookies, user tracking only intensifies. As a result, users' choices play very little role with respect to tracking: we measured that more than 75% of tracking activities happened before users had the opportunity to make a selection in the cookie consent banner, or when users chose to reject all cookies.

Related papers

A first look into Utiq: Next-generation cookies at the ISP level [3.434440572295625]
Third-party cookies have been widely used for years, they have also been criticized for their potential impact on user privacy. Many browsers allow users to block third-party cookies, which limits their usefulness for advertisers. We take a first look at Utiq, a new way of user tracking performed directly by the ISP, to substitute the third-party cookies.
arXiv Detail & Related papers (2024-05-15T09:23:59Z)
Towards Browser Controls to Protect Cookies from Malicious Extensions [5.445001663133085]
Cookies are valuable targets of attacks that attempt to steal them and gain unauthorized access to user accounts. Extensions are third-party HTML/JavaScript add-ons with access to several privileged APIs and can run on multiple websites at once. We propose browser controls based on two new cookie attributes that protect cookies from malicious extensions: BrowserOnly and Tracked.
arXiv Detail & Related papers (2024-05-10T22:04:56Z)
Measuring Strategization in Recommendation: Users Adapt Their Behavior to Shape Future Content [66.71102704873185]
We test for user strategization by conducting a lab experiment and survey. We find strong evidence of strategization across outcome metrics, including participants' dwell time and use of "likes" Our findings suggest that platforms cannot ignore the effect of their algorithms on user behavior.
arXiv Detail & Related papers (2024-05-09T07:36:08Z)
Characterizing Browser Fingerprinting and its Mitigations [0.0]
This work explores one of these tracking techniques: browser fingerprinting. We detail how browser fingerprinting works, how prevalent it is, and what defenses can mitigate it.
arXiv Detail & Related papers (2023-10-12T20:31:24Z)
Online Corrupted User Detection and Regret Minimization [49.536254494829436]
In real-world online web systems, multiple users usually arrive sequentially into the system. We present an important online learning problem named LOCUD to learn and utilize unknown user relations from disrupted behaviors. We devise a novel online detection algorithm OCCUD based on RCLUB-WCU's inferred user relations.
arXiv Detail & Related papers (2023-10-07T10:20:26Z)
User Attitudes to Content Moderation in Web Search [49.1574468325115]
We examine the levels of support for different moderation practices applied to potentially misleading and/or potentially offensive content in web search. We find that the most supported practice is informing users about potentially misleading or offensive content, and the least supported one is the complete removal of search results. More conservative users and users with lower levels of trust in web search results are more likely to be against content moderation in web search.
arXiv Detail & Related papers (2023-10-05T10:57:15Z)
A Quantitative Information Flow Analysis of the Topics API [0.34952465649465553]
We analyze the re-identification risk for individual Internet users introduced by the Topics API from the perspective of information- and decision-theoretic framework. Our model allows a theoretical analysis of both privacy and utility aspects of the API and their trade-off, and we show that the Topics API does have better privacy than third-party cookies.
arXiv Detail & Related papers (2023-09-26T08:14:37Z)
Protecting User Privacy in Online Settings via Supervised Learning [69.38374877559423]
We design an intelligent approach to online privacy protection that leverages supervised learning. By detecting and blocking data collection that might infringe on a user's privacy, we can restore a degree of digital privacy to the user.
arXiv Detail & Related papers (2023-04-06T05:20:16Z)
User Perception and Actions Through Risk Analysis Concerning Cookies [1.2891210250935146]
We conducted a user study through a control versus experimental group survey. Our goal was to gauge how user knowledge reflected their security and privacy preferences on the internet. We analyzed user awareness of cookies, their privacy implications, and how risk communication can impact user behavior.
arXiv Detail & Related papers (2022-11-14T14:02:50Z)
A Cooperative Memory Network for Personalized Task-oriented Dialogue Systems with Incomplete User Profiles [55.951126447217526]
We study personalized Task-oriented Dialogue Systems without assuming that user profiles are complete. We propose a Cooperative Memory Network (CoMemNN) that has a novel mechanism to gradually enrich user profiles. CoMemNN is able to enrich user profiles effectively, which results in an improvement of 3.06% in terms of response selection accuracy.
arXiv Detail & Related papers (2021-02-16T18:05:54Z)
Federated Learning of User Authentication Models [69.93965074814292]
We propose Federated User Authentication (FedUA), a framework for privacy-preserving training of machine learning models. FedUA adopts federated learning framework to enable a group of users to jointly train a model without sharing the raw inputs. We show our method is privacy-preserving, scalable with number of users, and allows new users to be added to training without changing the output layer.
arXiv Detail & Related papers (2020-07-09T08:04:38Z)

This list is automatically generated from the titles and abstracts of the papers in this site.