sign in sign up
<<
Home , HTTP cookie

Cookie Blocking and : First Parties Remain a Risk

German Gomez , JD Mario Garcia PhD Florida International University UC Berkeley Texas A&M University-Corpus Christi

INTRODUCTION RESULTS CONCLUSION

The HTTP cookie was created to store textual information Blocking third-party Cookies does reduce on average 40% the number of In fact 33% of the sites that issue the most number that a web application can use to identify clients and cookies on the browser as seen on Chart 1. From that same chart, one can of cookies, in our visit to the top 100 with cookies provide a state of information. A cookie is a small text see a 2:1 relationship between the number of unique cookie name and the unblocked, were actually from diferent domains. file stored on a ’s computer. Cookies are employed unique cookie domain. However, despite blocking third party cookies, we These cookies were still set when we blocked third for a variety of reasons including enhancing user’s online find that tracking cookies are still present in the of first party cookies. party cookies. Thus, users who wish to avoid web experience by helping sites recognize users when they The Results in Chart 2 represent a detail view from Apples’ 5.0 through cookies must also block some return. broswer. In our domain analysis we found in some cases double the number first party cookies. Cookies can be used to track users on the internet. Our of cookies set on the browser versus the top 100 . Among the top colleagues found in 2009 that over 70% of a large sample cookie name we found strings such as __umt* , __qca and s_vi among of websites contained tracking cookies for others belong to companies like Google, Quancast and Omniture. In spite of Analytics. the fat that when third-party cookies are blocked 40% cookie reduction tracking cookies make up more than 25% on average from the total number FUTURE WORK of cookies on this test. Policymakers and developer should RESEARCH GOAL I II I II I II 1100 take a closer look to resolve third party tracking. 1027 Traditionally, advertising networks tracked consumers 986 974 Advancement on technology has only lead us to 825 876 using third party cookies. In recent years, some internet find ways to bypass the idea of blocking third party 654 684 652 586 594 586 585 browsers have given users better tools to block these 550 545 cookies will be enough. Engineerser hand has cookies, and two block them by default. We are 437 developed a fingerprinting technique that uses 275 309 331 330 307 320 303 264 investigating whether blocking third party cookies is 172 173 171 197 cookies as a subset tool to track individuals. efective in avoiding tracking by third parties. 0 total number of cookies total unique cookie name total unique cookie domain Research should concentrate on providing users, developers, advertisers a safe Internet experience Safari Chrome IE * I Cookies unblocked II Third-party cookies blocked where privacy goes first, developer have their tools METHODS Chart 1. General Analysis Top Web Browsers to keep innovating and advertising helping the 4% Cookie Name Analysis Top 15 4% Cookie Domain Analysis Top 15 economy not at the expense of others privacy.

We select two foundations for this project: we used the 4% .insightexpressai.com 23 top five web browsers on the market to visit the top 100 .whitepages.com 11 4% .pubmatic.com 22 websites, ranked according to Quantcast in July 2010. .ask.com 10 __qca = 40 .rubiconproject.com 16 __utma = 39 3% ACKNOWLEDGEMENTS __utmb = 39 .people.com 10 __utmz = 39 We focused on two browser scenarios: first, we visited the 2% .revsci.net 13 s_vi = 25 .photobucket.com 10 TRUE = 23 1% I will like to thank Dr. Kristen Gates, the TRUST REU top 100 websites with the default cookie settings in the s_pers = 10 .whitepages.com 11 1% rsi_segs = 9 1% .rad.msn.com 10 program, my research partner Julian Yalaju and my browser. Firefox, Chrome, and Opera accept all cookies uid = 8 1% ACOOKIE = 7 1% .ask.com 10 1% mentors Chris Hoofnagle and Mario Garcia. This by default, while Safari blocks third party cookies, and __qseg = 7 73% 1% . yellowpages.com 10 1% GUID = 6 1% 10 OAX = 6 .casalemedia.com work was supported in part by TRUST (Team for blocks third party cookies on sites .bestbuy.com 9 WT_FPC = 6 Research in Ubiquitous Secure Technology), which lacking a compact privacy policy. Second, we took a akmbldtct = 6 .people.com 10 other = 716 .metacafe.com 9 receives support from the National Science standard privacy intervention: we blocked third party .photobucket.com 10 cookies in the browsers and then visited the same sites. Cookies unblocked Total = 986 5% .microsoft.com 9 Foundation (NSF award number CCF-0424422). 5% .rad.msn.com 10 cookies .netflix.com 9 Quancast cookies 5% .bestbuy.com 9 A top level view flowchart (Figure 1) outlines the entire Omniture cookies .att.com 8 procedure. .fetchback.com 9 .cnet.com 8 __utma = 40 5% __utmb = 40 .metacafe.com 9 __utmz = 40 .candystand.com 7 __qca = 38 2% TRUE = 19 .microsoft.com 9 s_vi = 19 .evite.com 7 2% s_pers = 10 9 rsi_segs = 9 .netflix.com 1% .examiner.com 7 __qseg = 7 70% WT_FPC = 6 1% 0 7.5 15.0 22.5 30.0 1% ACOOKIE = 5 1% 1% mbox = 5 1% Quancast list Cookies Script data.csv NGUserID = 4 0% 0%0% Top 100 s_nr = 4 Cookies unblocked v1st = 4 other = 586 Third-party cookies blocked Third-party cookies blocked Total = 586 Figure 1. Method Flowchart Chart 2. Data Analysis from Safari 5.

This work was supported by the TRUST Center (NSF award number CCF-0424422)