Protection against tracking with almost all browsers and extensions




After an investigation of 7 browsers and 46 extensions, researchers from the imec-DistriNet group at KU Leuven conclude that there is a way to circumvent protection against tracking via cookies in almost all cases. The discovered techniques are not yet in use.

The researchers, Gertjan Franken, Tom Van Goethem and Wouter Joosen, developed a framework with which they analyzed the various browsers and extensions and identified new circumvention techniques. They looked at the built-in protection measures against tracking of Chrome, Firefox, Edge, Safari, Opera, Cliqz and the Tor Browser. They also looked at 46 extensions, including 31 adblockers and 15 variants that have to offer protection against tracking. An overview of this is shown below. In their paper, the researchers write on the basis of their analysis that for every protection measure there is a method to circumvent these. In the results they distinguish three categories: a request to a third party including a cookie, a request without a cookie and no request at all.

tracking researchtracking research
Tested extensions

The researchers explain that tracking is usually done because the browser makes a request to a third party including a cookie. Because there are also tracking techniques that do not require a cookie, such as browser fingerprinting , they also looked at requests that are made without a cookie. Within their framework they tested using different methods to make a request to a third party. Among the total of seven techniques are html tags, response headers , JavaScript in a pdf and the AppCache api. The results are presented by the researchers in various tables, which are shown below.

results tracking researchresults tracking researchresults tracking research
Results from browsers and different extensions

As part of the research, the authors also examined whether the discovered techniques are also used on the ten thousand most popular websites according to the Alexa service. They did that with an automated crawler . The conclusion is that all the use of the techniques for legitimate reasons takes place. They point out that trackers may try to bypass detection by allowing requests to take place only when the user interacts. On a specially created site , the researchers state how the disclosure process went to the different parties. There you can also find more information per browser or per extension. The authors presented their paper at the Usenix conference in the US.


In: A Technology & Gadgets Asked By: [23616 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »