DOCSLIB.ORG

CNAME Cloaking-Based Tracking on the Web: Characterization, Detection, and Protection Ha Dao Johan Mazel Kensuke Fukuda

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
CNAME Cloaking-Based Tracking on the Web: Characterization, Detection, and Protection Ha Dao Johan Mazel Kensuke Fukuda 1 CNAME Cloaking-based Tracking on the Web: Characterization, Detection, and Protection Ha Dao Johan Mazel Kensuke Fukuda Abstract—Third-party tracking on the web has been used third-party tracking. Many privacy protections take blacklist for collecting and correlating user’s browsing behavior. Due approaches to detect third-party trackers [5]–[8]. Some works to the increasing use of ad-blocking and third-party tracking identify tracking requests using cookies [9], or fingerprinting protections, tracking providers introduced a new technique called CNAME cloaking. It misleads web browsers into believing that [10], [11]. Other studies intend to detect third-party tracker a request for a subdomain of the visited website originates from automatically using machine learning [12]–[14]. These are this particular website, while this subdomain uses a CNAME to effective against third-party tracking. resolve to a tracking-related third-party domain. This technique However, web tracking is becoming more and more intri- thus circumvents the third-party targeting privacy protections. cate. One of the emerging techniques is the use of Canonical The goals of this paper are to characterize, detect, and protect the end-user against CNAME cloaking based tracking. Firstly, Name Record or Alias (CNAME) record in Domain Name we characterize CNAME cloaking-based tracking by crawling System (DNS) to hide usual tracking domains that are blocked top pages of the Alexa Top 300,000 sites and analyzing the by browser filter lists and extensions. For instance, web- usage of CNAME cloaking with CNAME blocklist, including site example.com embeds a first-party a.example.com, which websites and tracking providers using this technique to track points to a tracking provider tracker.com via the CNAME users’ activities. We also point out that browsers and privacy protection extensions are largely ineffective to deal with CNAME x.tracker.com. For instance, website example.com embeds a cloaking-based tracking except for Firefox with a developer’s first-party request by subdomain a.example.com, which points version of the uBlock Origin extension. Secondly, we propose a to a tracking provider tracker.com via a CNAME x.tracker.com. supervised machine learning-based approach to detect CNAME Because this request is in the first-party context, countermea- cloaking-based tracking without the on-demand DNS lookup. sures that aim to block third-party tracking are effectively We show that the proposed approach outperforms well-known tracking filter lists. Finally, to circumvent the lack of DNS circumvented. API in Chrome-based browsers, we design and implement a There are some existing methods to detect CNAME prototype of the supervised machine learning-based browser cloaking-based tracking. Some network-based blocking meth- extension to detect and filter out CNAME cloaking tracking, ods work at the DNS level, such as NextDNS [15], AdGuard called CNAMETracking Uncloaker. Our evaluation shows that DNS [16], Pi-hole [17] that use to get rid of online tracking. CNAMETracking Uncloaker is able to filter out CNAME cloaking- based tracking requests without performance degradation when Furthermore, EasyPrivacy [18], AdGuard tracking protection compared with the vanilla setting on the Chrome browser. [19], and other filter lists manually add new first-party sub- domains which are fronts for CNAME cloaking to these Index Terms—Privacy, CNAME cloaking-based tracking, Third-party tracking, Machine learning techniques, Counter- blocklists. However, this approach will dramatically increase measure, Browser extension the size of the blocklists and these subdomains need to be updated frequently. Besides that, uBlock Origin since version 1.24.1b0 performs a DNS lookup of the hostname loading a I. INTRODUCTION resource to determine if the underlying subdomain is related Web tracking is becoming more and more ubiquitous, thus to CNAME cloaking or not. Nevertheless, only Firefox allows this brings an increase in privacy concerns from Internet users. uBlock Origin to block CNAME cloaking because the other In a TRUSTe study, 92% of British Internet users concern their browsers do not support DNS resolution API [8]. online privacy [3]. A website (first-party domain) has many In this paper, we provide a first in-depth analysis of links to other resources (third-party domains). Some third- CNAME cloaking-based tracking, propose a supervised ma- party domains are used for user tracking (third-party tracking) chine learning-based method for the detection, and implement to provide functionalities, such as advertising and analytics on CNAMETracking Uncloaker browser extension as a counter- the web [4]. For instance, with third-party tracking, advertise- measure. The main contributions of the paper are as follows. ments on a website can be customized based on end-users’ (1) We first characterize CNAME cloaking-based tracking in visits to other websites, which can be frightful for privacy- Alexa Top 300K sites. We detect 1,739 websites (0.58%) sensitive users. There are some existing approaches to detect containing CNAME cloaking-based tracking in Alexa 300K sites as of January 2020 by matching with CNAME tracking H. Dao is with Graduate University for Advanced Studies (SOKENDAI), filter lists (x IV-C); Those websites are spread across many Tokyo, Japan. email: [email protected]. J. Mazel is with French National Cybersecurity Agency (ANSSI), France. countries and categories. They use 24 tracking providers in email: [email protected] total, and the most common one is Adobe (x IV-D); By K. Fukuda is with National Institute of Informatics and Graduate University analyzing longitudinal snapshot crawled data of Alexa Top for Advanced Studies (SOKENDAI), Tokyo, Japan. email: [email protected]. Manuscript received September, 30, 2020; Revised January, 26, 2021. 100K sites (x IV-E), we show that the usage of CNAME 0This paper is an extended version of work published in Refs. [1], [2]. cloaking-based tracking steadily increases from 2016 to 2020; 2 We then conduct further experiments to investigate the impact B. Term definitions of giving consent to CNAME cloaking sites and confirm that We first define some terms we use throughout this paper: there are no significant differences compared to the usage of 1) Subdomain: In the DNS hierarchy, a subdomain is any this phenomena before the user consent is obtained (x IV-F) domain, which is underneath a main domain. Subdomains are as a new contribution. We also evaluate the detection ability used to organize or divide contents of a website into specific of such tracking for major browsers and extensions (x V). sections. For example, a.example.com and b.example.com are (2) Next, we propose the supervised machine learning-based subdomains of domain example.com. method to detect CNAME cloaking-based tracking without the 2) CNAME cloaking-based tracking: The usage of DNS on-demand DNS lookup (x VI); Through the comprehensive CNAME records coupled with Content Delivery Network analysis, we demonstrate the effectiveness of our method. (3) (CDN) is increasingly commonplace to improve website load As a new contribution beyond Refs. [1], [2], we design and times, reduce bandwidth costs, and increase content availabil- implement a prototype browser extension of the supervised ity and redundancy. machine learning approach to protect the end-user against CNAME has also been used for user tracking. Tracking CNAME cloaking-based tracking, named CNAMETracking providers ask their clients to delegate a subdomain for data Uncloaker (x VII). The current best counter-measure strongly collection and tracking and link it to an external server using depends on realtime name resolution (only supported by a CNAME DNS record [27]. This technique, called CNAME Firefox browser), but our extension intends to distinguish cloaking-based tracking, uses CNAME to disguise requests requests using CNAME cloaking-based tracking in Chrome- to a third-party tracker as first-party ones. We also define an based browsers. Our experiment shows that the performance HTTP request by this subdomain is a request linked to CNAME overhead is acceptable when compared with the vanilla setting cloaking-related tracking. on the Chrome browser. Name Type Value II. BACKGROUND AND TERM DEFINITIONS DNS server example.com A 192.168.0.1 A. Background a.example.com CNAME x.tracker.com 1) Third-party web tracking: Privacy leakage occurs x.tracker.com A 172.16.0.1 through communications with trackers. Third-party web track- (2) ing refers to the practice by which an entity (the tracker), other 172.16.0.1 tracker.com (tracker) 172.16.0.1 a.example.com than the website directly visited by the user, identifies and (1) a.example.com/traker.js collects information about web users. example.com (3) From the view of website administrators, user tracking is (192.168.0.1) Browser content + cookie useful for a variety of purposes such as behavioral advertising (4) or website analytics. On the user’s side, the larger number of Fig. 1. The process of the browser connecting to tracking provider by browsing profiles, the greater loss of privacy. CNAME cloaking-based tracking 2) Privacy protection techniques: Several privacy protec- tion techniques have been designed to protect end-users from Figure 1 shows the process of the browser connecting third-party tracking, including network-based blocking, exten- to a third-party tracking server by CNAME cloaking-based sions, and browser itself. tracking to setup third-party cookies in the first-party context: Network-based blocking methods use address-based black- 1) An end-user types the URL of website example.com lists in order to block access to certain domains (DNS block- (192.168.0.1) into his/her browser and presses return. ing) and modify web traffic (interception proxies), which work This website embeds a subdomain a.example.com independently of the underlying application or browser [20]. 2) The browser looks up a.example.com on the DNS server Some anti-tracking extensions work effectively to detect and finds an IP address 172.16.0.1 of tracking provider third-party tracking, such as Ghostery [21], Disconnect [7], tracker.com.
Load more

Recommended publications
  • Demystifying Content-Blockers: a Large-Scale Study of Actual Performance Gains
    Demystifying Content-blockers: A Large-scale Study of Actual Performance Gains Ismael Castell-Uroz Josep Sole-Pareta´ Pere Barlet-Ros Universitat Politecnica` de Catalunya Universitat Politecnica` de Catalunya Universitat Politecnica` de Catalunya Barcelona, Spain Barcelona, Spain Barcelona, Spain [email protected] [email protected] [email protected] Abstract—With the evolution of the online advertisement and highly parallel network measurement system [10] that loads tracking ecosystem, content-filtering has become the reference every website using one of the most relevant content-blockers tool for improving the security, privacy and browsing experience of each category and compares their performance. when surfing the Internet. It is also commonly believed that using content-blockers to stop unsolicited content decreases the time We found that, although we can observe some improvements needed for loading websites. In this work, we perform a large- in terms of effective page size, the results do not directly scale study with the 100K most popular websites on the actual translate to gains in loading time. In some cases, there could performance improvements of using content-blockers. We focus even be an overhead to be paid. This is the case for two of the our study on two relevant metrics for measuring the browsing studied plugins, especially in small and fast loading websites. performance; page size and loading time. Our results show that using such tools results in small improvements in terms of page The measurement system and methodology proposed in this size but, contrary to popular belief, it has a negligible impact in paper can also be useful for network and service administrators terms of loading time.
    [Show full text]
  • Adguard Premium Key Apk
    Adguard premium key apk Continue The more talent involved, the better the result - one of our mottos sounds. So let's grow and develop together! Contribute to AdGuard! There are many things you can do, such as translate AdGuard, test it nightly and beta, improve blocking filters or write articles. Choose something right for you and get started! The call has been accepted! Free Licenses for Developers Do you know about filters, extensions or custom scenarios firsthand? Have you already contributed to their development, for the sake of the Internet community? You do good things then, and we definitely want to show our respect. Find out more about who can get a free AdGuard license. Can I qualify? AdGuard Crack (AKA: Adguard Web Filter) is now the most advanced, cross-platform in the world (Windows, Mac OS X, Android and iOS) Internet filters and ad pop-ups blocking the edge of the tool from Cyprus. It protects you during web surfing, stopping annoying ads, viruses, dangerous websites; Speeds up page loading Doesn't allow anyone to track your online activities. and helps parents prevent content not suitable for children. Get an Adguard Premium Key license crack free activation. AdGuard Premium Features Crack keyProtection and blockingCheck page against our database of phishing and malicious sites. When a web page is processed, it does several things at once: deletes ads and online tracking code directly from the page. It can handle most adblock bypass scripts; Protects your privacy by blocking common third-party tracking systems; Blocks many spyware, advertising software and dial installers; Check the website's reputation and informs you of it if necessary.Comfort and safetyProtects you from malware and phishing.
    [Show full text]
  • Paper, We Note That Work Is with Help from Volunteer OONI Probe Users
    Measuring DoT/DoH Blocking Using OONI Probe: a Preliminary Study Simone Basso Open Observatory of Network Interference [email protected] Abstract—We designed DNSCheck, an active network exper- delivery networks (CDN). This fact raises concerns regarding iment to detect the blocking of DoT/DoH services. We imple- performance [25], competition, and privacy [14]. mented DNSCheck into OONI Probe, the network-interference (While DoH’s centralization and the resulting privacy con- measurement tool we develop since 2012. We compiled a list of popular DoT/DoH services and ran DNSCheck measurements cerns are not the focus of this paper, we note that work is with help from volunteer OONI Probe users. We present pre- underway to mitigate them [38] [24].) liminary results from measurements in Kazakhstan (AS48716), Simultaneously, the rollout of DoT and DoH does not Iran (AS197207), and China (AS45090). We tested 123 DoT/DoH fully solve the surveillance and censorship issues posed by services, corresponding to 461 TCP/QUIC endpoints. We found a cleartext internet. There are at least two remaining fields endpoints to fail or succeed consistently. In AS197207 (Iran), 50% of the DoT endpoints seem blocked. Otherwise, we found that could reveal the precise target of otherwise encrypted that more than 80% of the tested endpoints were always reach- communications. They are the Server Name Indication [19] able. The most frequently blocked services are Cloudflare’s and (SNI) extension inside the TLS ClientHello and the destination Google’s. In most cases, attempting to reach blocked endpoints IP address. However, in a landscape increasingly dominated by failed with a timeout.
    [Show full text]
  • An Empirical Study Into the Absence of Consent to Third-Party Tracking in Android Apps
    A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps Konrad Kollnig, Reuben Binns, Pierre Dewitte*, Max Van Kleek, Ge Wang, Daniel Omeiza, Helena Webb, Nigel Shadbolt Department of Computer Science, University of Oxford, UK *Centre for IT and IP Law, KU Leuven, Belgium firstname.lastname@(cs.ox.ac.uk | kuleuven.be) Abstract trackers benefits app developers in several ways, notably by Third-party tracking allows companies to collect users’ be- providing analytics to improve user retention, and by enabling havioural data and track their activity across digital devices. the placement of personalised advertising within apps, which This can put deep insights into users’ private lives into the often translates into a vital source of revenue for them [32,62]. hands of strangers, and often happens without users’ aware- However, it also makes app developers dependent on privacy- ness or explicit consent. EU and UK data protection law, invasive data practices that involve the processing of large however, requires consent, both 1) to access and store infor- amounts of personal data [40, 48, 62], with little awareness mation on users’ devices and 2) to legitimate the processing from users and app developers [28,71,74,85]. Data protection of personal data as part of third-party tracking, as we analyse and privacy legislation such as the General Data Protection in this paper. Regulation (GDPR) [38] in the EU and the UK, and the Chil- This paper further investigates whether and to what extent dren’s Online Privacy Protection Act (COPPA) [79] in the US, consent is implemented in mobile apps.
    [Show full text]
  • Digital Privacy
    DIGITAL PRIVACY Web-Tracking stoppen Sie haben Interesse an den Kompaktseminaren Digital Privacy? E-Mail: [email protected] Die Inhalte dieses Dokuments wurden sehr sorgfältig recherchiert und verfasst. Die dargestellten Tipps&Tricks, Apps, Links und Programme wurden bereits tausendfach erfolgreich zur Anwendung gebracht. Bitte haben Sie Verständnis, dass eine Garantie, Gewährleistung oder Haftung dennoch ausgeschlossen ist. Sollten sich trotz aller Sorgfalt Fehler eingeschlichen haben, freue ich mich auf Ihre E-Mail [email protected] QUICK-GUIDE – TRACKING KONTROLLIEREN Auf den folgenden Seiten findet sich Hintergründiges zum Thema „Tracking kontrollieren“. Abgewo- gen werden verschiedene Wege zum Ziel, die Vor- und Nachteile von Erweiterungen (sogenannter Add-ons) für den Firefox-Browser unter Windows/Android, Installationshinweise sowie einige Tra- cking-Stopp-Tipps für das iPhone. Für alle, die sich direkt an die Umsetzung machen wollen, hier vorab ein kleiner Quick-Guide für Windows und Android. Unabdingbar: Der Mozilla Firefox-Browser (… vgl. jedoch auch „Tipp! Brave-Browser“) Mozilla Firefox (Windows) - https://www.mozilla.org/de/firefox/new/ Mozilla Firefox (Android) - https://www.mozilla.org/de/firefox/android/ oder Google Play Store Ab Version 70 kommt der Firefox-Browser mit einem sehr gut funktionierendem integrierten Tracker- und Fingerprintblocker daher. Das war auch schon in früheren Versionen der Fall, jedoch nur an- wählbar für den 'Privatmodus' bzw. nicht ganz so leistungsstark. Der Firefox-Browser
    [Show full text]
  • Who Filters the Filters: Understanding the Growth, Usefulness and E€Iciency of Crowdsourced Ad Blocking
    Who Filters the Filters: Understanding the Growth, Usefulness and Eiciency of Crowdsourced Ad Blocking Peter Snyder Antoine Vastel Benjamin Livshits Brave Soware University of Lille / INRIA Brave Soware / Imperial College USA France London [email protected] [email protected] United Kingdom [email protected] ABSTRACT 1 INTRODUCTION Ad and tracking blocking extensions are popular tools for improv- As the web has become more popular as a platform for information ing web performance, privacy and aesthetics. Content blocking and application delivery, users have looked for ways to improve the extensions generally rely on lter lists to decide whether a web privacy and performance of their browsing. Such eorts include request is associated with tracking or advertising, and so should popup blockers, hosts.txt les that blackhole suspect domains, be blocked. Millions of web users rely on lter lists to protect their and privacy-preserving proxies (like Privoxy 1) that lter unwanted privacy and improve their browsing experience. content. Currently, the most popular ltering tools are ad-blocking Despite their importance, the growth and health of lter lists are browser extensions, which determine whether to fetch a web re- poorly understood. Filter lists are maintained by a small number of source based on its URL. e most popular ad-blocking extensions contributors who use undocumented heuristics and intuitions to are Adblock Plus 2, uBlock Origin 3 and Ghostery 4, all of which determine what rules should be included. Lists quickly accumulate use lter lists to block unwanted web resources. rules, and rules are rarely removed. As a result, users’ browsing Filter lists play a large and growing role in making the web pleas- experiences are degraded as the number of stale, dead or otherwise ant and useful.
    [Show full text]
  • Be Library Smart: Protecting Your Privacy
    BE LIBRARY SMART: PROTECTING YOUR PRIVACY Browsers and Search Engines duckduckgo.com This search engine doesn’t track your activity, and their mobile app that assigns grades based on sites’ privacy offers more secure mobile browsing. startpage.com This search engine uses Google’s results but does not track your IP address or use cookies. brave.com Brave is a browser that blocks trackers and ads and automatically upgrades to https when available. Their mobile app features the same protections. torproject.org The Tor browser routes users’ activity through proxies all over the world to help provide anonymity. Add-ons/extensions disconnect.me This browser extension blocks third-party trackers. Available for Chrome, Firefox, and Opera, with laptop/desktop and mobile versions. noscript.net This browser extension disables JavaScript, Flash, and other elements of websites that can be used to track or infect a computer. Available for Firefox and Chrome. HTTPS Everywhere If a secure version of a website exists, this extension will automatically connect to it over the insecure default version. Available for Firefox, Chrome, and Opera. eff.org/https-everywhere Privacy Badger This add-on prevents websites from using invisible trackers. It learns from trackers’ behavior to block tracking across multiple sites. Available for Firefox, Chrome, and Opera. eff.org/privacybadger uBlock Origin This add-on blocks ads, trackers, and malware. Available for Firefox, Chrome, Microsoft Edge, and Safari. github.com/gorhill/uBlock Brought to you by the Maryland Library Association's Intellectual Freedom Panel and the Ruth Enlow Library. BE LIBRARY SMART: PROTECTING YOUR PRIVACY Apps and Services VPN Short for Virtual Private Network, this will route your internet connection through different IP addresses to better protect your privacy.
    [Show full text]
  • Personal Data Processing Policy
    PERSONAL DATA PROCESSING POLICY (website, customers and prospects) Cisbio Bioassays is a business-to-business (B2B) company and in most cases, the information we process concerns legal entities and not individuals. Nevertheless, behind the companies, there are men and women. Respect for your privacy and the protection of your personal data is a priority and constant concern for Cisbio Bioassays, who have adopted a "privacy by design" approach. This notably implies that your personal data is protected by default both in terms of the system design and Cisbio Bioassays internal practices. Everyone in our company that is required to view or use personal data has been trained to respect the applicable law and the issues of confidentiality. Data processing is performed transparently within the rights granted to you by the laws and regulations, but also by this personal data processing policy. The protection of your privacy is ensured from end to end, from the design of the application to the erasure of your data. Cisbio Bioassays ensures a high level of protection in accordance with the European standards for the protection of personal data to all its customers and users, whatever their country of origin and, subject to legal and regulatory obligations, regardless of where they access the services. OUR PRINCIPLES, OUR ETHICS Our ethics on privacy protection and personal data is based on the following principles: • Transparency and loyalty: you know what information is collected, by whom, by what means and for which use. At any moment you can also request details on the processing implemented by contacting our services.
    [Show full text]
  • Adguard 251 913 Nightly
    1 / 2 Adguard 2.5.1 (913) Nightly I have the latest nightly installed and it's still saying Adguard won't work correctly. 2. Reply.. 300, MrSzzS Adguard 5.10 crk ... City Of Night ÿÿÿ, ❤. 669, AHCU ... 913, BLiZZARD HD Tune Pro 4.61 crk ... 1759, FFF Noiseware Professional Edition 2.5.1 crk. Adguard Crack Mac can make your online experience safer because, though Macs and Apple laptops are quite safe to use, when it comes to ad blockers.. Mar 27, 2021 — Adguard 2.5.1 (913) Nightly Multilingual macOS | 104.25 MB Adguard can make ... Adguard_2.4.3.718_nightly__TNT_mactorrents.cc.dmg .... Adguard 2.5.1 (913) Nightly. Adguard 2.5.1 (913) Nightly download Adguard 2.5.1 (913) Nightly Multilingual | macOS | 104 mbAdguard&#ff7dcf;. Mac. Adguard 2.5.1 (913) Nightly. License / Price: Shareware. Version: Adguard 2.5.1 (913) Nightly Multilingual | macOS | 104 mb. Date added: October 31st, 2020.. Mar 8, 2021 — AdGuard - 2.5.2 (946) - Ad blocking and filtering for browsers and applications. By Hong ... Download Mac AdGuard v2.5.2 (946) Multilingual Fully Cracked – FREE! ... (99.31 MB) Adguard_2.5.1.913_nightly__TNT (99.22 MB) .... Oct 26, 2020 — Advanced System Repair Pro 1.9.3.6 · EducaNews – Newsletter Template · Adguard 2.5.1 (913) Nightly · Emurasoft EmEditor Professional .... Mar 7, 2021 — Adguard can make your online experience safer because, though Macs and Apple laptops are quite safe to use when it comes to ad blockers, .... Results 1 - 15 — Adguard - Block Ads Without Root v3.5.33ƞ Nightly. Requirements: Android 5.0+ | File ..
    [Show full text]
  • Understanding the Performance Costs and Benefits of Privacy-Focused
    Understanding the Performance Costs and Benefits of Privacy-focused Browser Extensions Kevin Borgolte Nick Feamster [email protected] [email protected] Princeton University University of Chicago ABSTRACT 1 INTRODUCTION Advertisements and behavioral tracking have become an invasive The online advertisement (ad) industry has been one of the fastest nuisance on the Internet in recent years. Indeed, privacy advocates growing industries in the recent years, growing from over 108 and expert users consider the invasion signifcant enough to war- billion US dollars in 2018 to an estimated 129 billion US dollars rant the use of ad blockers and anti-tracking browser extensions. in 2019 in the United States [34], and to estimated 333 billion US At the same time, one of the largest advertisement companies in dollars in 2019 globally [12]. This growth has sparked numerous the world, Google, is developing the most popular browser, Google academic studies of various angles of online ads, from understand- Chrome. This confict of interest, that is developing a browser (a ing the underlying economics, the overall scale of it, mechanisms user agent) and being fnancially motivated to track users’ online and techniques used, as well as how miscreants are abusing it to behavior, possibly violating their privacy expectations, while claim- proft. ing to be a "user agent," did not remain unnoticed. As a matter of Academic and industry studies on the techniques that online fact, Google recently sparked an outrage when proposing changes ads are relying on have led to privacy advocates and expert users to Chrome how extensions can inspect and modify requests to "im- arguing that the ad companies’ tracking and data collection, which prove extension performance and privacy," which would render provides the foundation for the most prevalent online ads today, existing privacy-focused extensions inoperable.
    [Show full text]
  • Understanding Ad Blockers
    Understanding Ad Blockers A Major Qualifying Project Submitted to the Faculty of Worcester Polytechnic Institute In partial fulfillment of the requirements for the Degree of Bachelor of Science In Computer Science By _________________________________ Doruk Uzunoglu March 21, 2016 _______________________ Professor Craig E. Wills, Project Advisor Professor and Department Head Department of Computer Science ABSTRACT This project aims to provide useful information for users and researchers who would like to learn more about ad blocking. Three main research areas are explored in this project. The first research area provides general information about ad blocking tools and aims to explore ad blockers from a user’s perspective. The second research area provides analyses regarding third­party sites that appear on popular first­party sites in order to explore the behavior of third­parties. Finally, the third research area provides analyses regarding filter lists, which are sets of ad filtering rules used by ad blocking tools. The third research area aims to convey the differences and similarities between individual filter lists as well as sets of filter lists that form the defaults of ad blocking tools. 1 ACKNOWLEDGEMENTS I would like to thank Professor Craig Wills for advising my project, providing insight, and gathering the popular third­party domains data which I analyzed as part of this project. In addition, I would like to thank Jinyan Zang for sharing the third­party data regarding mobile apps, which they have gathered as part of their 2015 paper named “Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps.” The data provided by Jinyan Zang was also analyzed as part of this project.
    [Show full text]
  • Pagefair Adblock Report 2020
    Growth of the Blocked Web 2020 PageFair Adblock Report Foreword by Sean Blanchfield, Former CEO, PageFair Foreword by Marty Kratky-Katz, Founder & CEO, Blockthrough This is the sixth report of this series that I have helped In 2015, the PageFair Adblock Report burst onto the scene as produce. In 2013, the founders of PageFair were the industry’s de facto authority for all things related to adblocking. “canaries in the coalmine” of blocked ads, coming from a background in While Blockthrough was still in its embryonic stages, PageFair was making web games content that was already badly afflicted. Many in the games the industry aware of an upsurging trend that today impacts just about sector were already losing a third of their ad revenue to blocking, but most every publisher on the Web. publishers hadn’t yet identified the threat. We began publishing research to shine a light on the rapid growth of adblocking and motivations of its users, In its first edition since Blockthrough’s acquisition of PageFair in Q4 2018, this with the hope of catalyzing a change towards more sustainable advertising year’s PageFair Report showcases just how much the adblocking experiences. We did this by relying on empirical data, collected either from phenomenon has matured. Although desktop adblocking appears to have our own analytics network of several thousand publishers or derived from seen its peak, mobile adoption is growing rapidly. usage statistics provided directly by the adblock software creators. This year’s report is also the first to feature a comprehensive breakdown of By late 2015, the adblock issue had landed on the boardroom agenda of the diverse strategies top US publishers are using to mitigate the revenue publishers everywhere.
    [Show full text]