DOCSLIB.ORG

Tracking the Trackers: a Large-Scale Analysis of Embedded Web Trackers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Tracking the Trackers: a Large-Scale Analysis of Embedded Web Trackers Proceedings of the Tenth International AAAI Conference on Web and Social Media (ICWSM 2016) Tracking the Trackers: A Large-Scale Analysis of Embedded Web Trackers Sebastian Schelter Jer´ omeˆ Kunegis Technische Universitat¨ Berlin University of Koblenz–Landau [email protected] [email protected] Abstract Regardless of their primary purpose, third-party compo- nents can (and in many cases do) track web users across We perform a large-scale analysis of third-party trackers on many sites and record their browsing behavior, and thereby the World Wide Web. We extract third-party embeddings constitute a privacy hazard. In order to understand and con- from more than 3.5 billion web pages of the Common- trol this hazard, it is desirable to gain a deeper understanding Crawl 2012 corpus, and aggregate those to a dataset repre- senting more than 41 million domains. With that, we study of the ‘online tracking sphere’ as a whole. Previous research global online tracking on two levels: (1) On a global level, however has only studied small samples of this sphere due we give a precise figure for the extent of tracking, and anal- to the lack of comprehensive datasets. Recent developments yse which trackers (and subsequently, which companies) are allow us to study this online tracking sphere at a large scale: used by how many websites. (2) On a country-specific level, the availability of enormous web crawls comprised of hun- we analyse which trackers are used by websites in different dreds of terabytes of web data, such as CommonCrawl1. countries, and identify the countries in which websites choose significantly different trackers than in the rest of the world. We find that trackers are widespread (as expected), and that Online Tracking Fundamentals very few trackers dominate the web (Google, Facebook and Technical foundations In its basic form, online tracking Twitter), except for a few countries such as China and Russia. involves three types of actors: a user browsing the web, the website that she intentionally visits, and services called third-parties, which record her browsing to the website. Introduction Specifically, the user visits a website, whose HTML code The ability of a website to track which pages its visitors typically contains references to external resources, such as read has been present since the beginnings of the World style sheets, JavaScript code and images that are required Wide Web. With the advent of social media and Web 2.0 to render the page in the client browser. These external re- however, another tracking mechanism has appeared: that sources allow online trackers to enter the communication, of third-party websites embedded into the visited website when they reside on servers controlled by the third-party. by mechanisms such as JavaScript and images. Despite the A typical example for such an external resource is a piece of widespread deployment of such tracking technologies, only JavaScript code, which the user’s browser will automatically qualitative small analyses about online tracking have been load from the third-party server, and execute. This external performed to date. We bridge this gap by performing a large- loading enables the third-party to record a wide variety of in- scale study of the distribution of third-party trackers on the formation about the user, such as the browser version, oper- web. The majority of websites contain third-party content, ating system, or approximate geolocation. This information i.e., content from another domain that a visitor’s browser can be used to compute a ‘fingerprint’ of the browser, that loads and renders upon displaying the website. Such an em- works suprisingly well at recognizing individual users (Eck- bedding of third-party content has always been possible, but ersley 2010). Furthermore, the third-party has access to the was relatively rare, since most embedded images were lo- URI of the page the user is visiting, the HTTP referrer, and, cated on the same server as the page itself. In any case, the potentially, to previously set cookies (e.g., for a persistent embedding of content was not intended for tracking. With login). the rise of social media and Web 2.0, websites increasingly began to embed links (in various forms) to third-party con- Privacy implications There is a considerable variety of tent, allowing the providers of such content to track users on third-parties, like advertisers, analytics services, social wid- a wide scale. The inclusion of third-party content occurs for gets, content delivery networks and image hosters, all of a variety of reasons, e.g., advertising, conversion tracking, which have legitimate uses. However, the ability of many acceleration of content loading or provision of widgets. third-parties to record large portions of the browsing behav- ior of many users across a huge number of sites on the web Copyright c 2016, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved. 1https://commoncrawl.org/ 679 google-analytics.com poses a privacy risk, and is the subject of ongoing legal dis- google.com googleapis.com facebook.com 100 youtube.com putes (The Guardian 2015). The data recorded by this track- twitter.com googlesyndication.com facebook.net ing infrastructure has been reported to contain large portions adobe.com macromedia.com 10−1 addthis.com of the online news consumption (Trackography 2014), as twimg.com gravatar.com flickr.com well as intimate, health-related personal data (EFFHealth amazonaws.com wordpress.com 10−2 vimeo.com feedburner.com 2015). The ability to consume news and form a political fbcdn.net googleadservices.com P(x larger than degree) 0.0 0.1 0.2 0.3 0.4 0.5 10−3 opinion in an independent and unwatched manner, as well 103 104 105 106 107 108 as the privacy of personal health-related data are vital for an rank share degree ( tracked websites) open society, and should not be subject to commercially mo- Figure 1: The twenty most Figure 2: Cumulative tivated data collection. Furthermore, recent frightening re- common third-parties by distribution of the num- ports suggest that intelligence agencies piggyback on online rank share. Tracking third- ber of domains visible tracking identifiers to build databases of the surfing behavior parties are highlighted. to tracking services. of millions of people (The Intercept 2015). Data Acquisition websites into which these services are embedded. Thereby, 3 Collection methodology and limitations We represent we construct the bipartite tracking network , which repre- both websites and third-parties by their pay-level domains sents the 36,982,655 embeddings of the 355 potentially pri- (the pay-level domain is a sub-domain of a public top-level vacy threatening third-parties in the 41,192,060 website pay- domain, for which users usually pay for2). We develop an level domains of our corpus. extractor that takes a HTML document as input and re- trieves all pay-level domains of third-party services that are Analysis of Tracking Services embedded in the HTML code. In a first pass through the Ranking tracking services We study the extracted track- document, we investigate the src attribute of script, ing network to gain insights into the distribution of online iframe, link and image tags. In order to also find tracking services on the web. We use Apache Flink (Alexan- third-parties that are dynamically embedded via JavaScript drov et al. 2014) for conducting the analysis. Our main ques- code, we parse all JavaScript and collect string variables that tion is to what proportion the browsing behavior of users match a URI pattern. We run this extractor on Common- on the web is visible to particular tracking services. Fur- Crawl 2012, which has a datasize of approximately 210 ter- thermore, we are interested in how strongly the tracking ca- abytes in uncompressed form (Spiegler 2013). We choose pabilities differ among various services. Unfortunately, we CommonCrawl 2012 over latter corpora, as it has been cre- are not aware of any data source available to scientists that ated using a breadth-first search crawling strategy, which would allow us to quantify the number of visitors over time produces a much better representation of the underlying link for our 41 million pay-level domains in 2012. We there- structure of the web than the crawling of predefined lists fore employ PageRank (Page et al. 1999), a well-known used in latter corpora (Lehmberg, Meusel, and Bizer 2014). measure of the relevance of websites, as proxy for ranking We run our extraction via Hadoop in the Amazon Elastic them by the traffic which they attract. We obtain the net- MapReduce service. We aggregate our data by pay-level do- work of 623,056,313 hyperlinks between the pay-level do- main, as we focus on high-level patterns of the tracker dis- mains in CommonCrawl4, and compute its PageRank dis- tribution. A limitation of our collection methodology is that tribution to get an importance ranking for all the pay-level our extractor cannot find transient trackers (trackers which domains in our corpus. We derive a ranking measure for are created from dynamically fetched external JavaScript third-parties from the PageRank distribution p of the pay- code), as we only parse the JavaScript in an HTML page, level domains in the hyperlink network as follows. Let D but cannot execute it for performance reasons. denote a set of pay-level domains to inspect (e.g., all pay- level domains belonging to a certain top-level domain) and Dataset statistics and characteristics We extract the pay- let t(D) denote the subset of pay-level domains contained level domains of third-parties contained in 3,536,611,510 in D having third-party t embedded.
Load more

Recommended publications
  • The Web Never Forgets: Persistent Tracking Mechanisms in the Wild
    The Web Never Forgets: Persistent Tracking Mechanisms in the Wild Gunes Acar1, Christian Eubank2, Steven Englehardt2, Marc Juarez1 Arvind Narayanan2, Claudia Diaz1 1KU Leuven, ESAT/COSIC and iMinds, Leuven, Belgium {name.surname}@esat.kuleuven.be 2Princeton University {cge,ste,arvindn}@cs.princeton.edu ABSTRACT 1. INTRODUCTION We present the first large-scale studies of three advanced web tracking mechanisms — canvas fingerprinting, evercookies A 1999 New York Times article called cookies compre­ and use of “cookie syncing” in conjunction with evercookies. hensive privacy invaders and described them as “surveillance Canvas fingerprinting, a recently developed form of browser files that many marketers implant in the personal computers fingerprinting, has not previously been reported in the wild; of people.” Ten years later, the stealth and sophistication of our results show that over 5% of the top 100,000 websites tracking techniques had advanced to the point that Edward employ it. We then present the first automated study of Felten wrote “If You’re Going to Track Me, Please Use Cook­ evercookies and respawning and the discovery of a new ev­ ies” [18]. Indeed, online tracking has often been described ercookie vector, IndexedDB. Turning to cookie syncing, we as an “arms race” [47], and in this work we study the latest present novel techniques for detection and analysing ID flows advances in that race. and we quantify the amplification of privacy-intrusive track­ The tracking mechanisms we study are advanced in that ing practices due to cookie syncing. they are hard to control, hard to detect and resilient Our evaluation of the defensive techniques used by to blocking or removing.
    [Show full text]
  • The Internet and Web Tracking
    Grand Valley State University ScholarWorks@GVSU Technical Library School of Computing and Information Systems 2020 The Internet and Web Tracking Tim Zabawa Grand Valley State University Follow this and additional works at: https://scholarworks.gvsu.edu/cistechlib ScholarWorks Citation Zabawa, Tim, "The Internet and Web Tracking" (2020). Technical Library. 355. https://scholarworks.gvsu.edu/cistechlib/355 This Project is brought to you for free and open access by the School of Computing and Information Systems at ScholarWorks@GVSU. It has been accepted for inclusion in Technical Library by an authorized administrator of ScholarWorks@GVSU. For more information, please contact [email protected]. Tim Zabawa 12/17/20 Capstone Project Cover Page: 1. Introduction 2 2. How we are tracked online 2 2.1 Cookies 3 2.2 Browser Fingerprinting 4 2.3 Web Beacons 6 3. Defenses Against Web Tracking 6 3.1 Cookies 7 3.2 Browser Fingerprinting 8 3.3 Web Beacons 9 4. Technological Examples 10 5. Why consumer data is sought after 27 6. Conclusion 28 7. References 30 2 1. Introduction: Can you remember the last time you didn’t visit at least one website throughout your day? For most people, the common response might be “I cannot”. Surfing the web has become such a mainstay in our day to day lives that a lot of us have a hard time imagining a world without it. What seems like an endless trove of data is right at our fingertips. On the surface, using the Internet seems to be a one-sided exchange of information. We, as users, request data from companies and use it as we deem fit.
    [Show full text]
  • Improving Transparency Into Online Targeted Advertising
    AdReveal: Improving Transparency Into Online Targeted Advertising Bin Liu∗, Anmol Sheth‡, Udi Weinsberg‡, Jaideep Chandrashekar‡, Ramesh Govindan∗ ‡Technicolor ∗University of Southern California ABSTRACT tous and cover a large fraction of a user’s browsing behav- To address the pressing need to provide transparency into ior, enabling them to build comprehensive profiles of their the online targeted advertising ecosystem, we present AdRe- online interests. This widespread tracking of users and the veal, a practical measurement and analysis framework, that subsequent personalization of ads have received a great deal provides a first look at the prevalence of different ad target- of negative press; users associate adjectives such as creepy ing mechanisms. We design and implement a browser based and scary with the practice [18], primarily because they lack tool that provides detailed measurements of online display insight into how their data is being collected and used. ads, and develop analysis techniques to characterize the con- Our paper seeks to provide transparency into the targeted textual, behavioral and re-marketing based targeting mecha- advertising ecosystem, a capability that has not been ex- nisms used by advertisers. Our analysis is based on a large plored so far. We seek to enable end-users to reason about dataset consisting of measurements from 103K webpages why ads of a certain category are being displayed to them. and 139K display ads. Our results show that advertisers fre- Consider a user that repeatedly receives ads about cures for a quently target users based on their online interests; almost particularly private ailment. The user currently lacks a way half of the ad categories employ behavioral targeting.
    [Show full text]
  • Cookie Swap Party: Abusing First-Party Cookies for Web Tracking
    Cookie Swap Party: Abusing First-Party Cookies for Web Tracking Quan Chen Panagiotis Ilia [email protected] [email protected] North Carolina State University University of Illinois at Chicago Raleigh, USA Chicago, USA Michalis Polychronakis Alexandros Kapravelos [email protected] [email protected] Stony Brook University North Carolina State University Stony Brook, USA Raleigh, USA ABSTRACT 1 INTRODUCTION As a step towards protecting user privacy, most web browsers perform Most of the JavaScript (JS) [8] code on modern websites is provided some form of third-party HTTP cookie blocking or periodic deletion by external, third-party sources [18, 26, 31, 38]. Third-party JS li- by default, while users typically have the option to select even stricter braries execute in the context of the page that includes them and have blocking policies. As a result, web trackers have shifted their efforts access to the DOM interface of that page. In many scenarios it is to work around these restrictions and retain or even improve the extent preferable to allow third-party JS code to run in the context of the of their tracking capability. parent page. For example, in the case of analytics libraries, certain In this paper, we shed light into the increasingly used practice of re- user interaction metrics (e.g., mouse movements and clicks) cannot lying on first-party cookies that are set by third-party JavaScript code be obtained if JS code executes in a separate iframe. to implement user tracking and other potentially unwanted capabil- This cross-domain inclusion of third-party JS code poses security ities.
    [Show full text]
  • Analysis and Detection of Spying Browser Extensions
    I Spy with My Little Eye: Analysis and Detection of Spying Browser Extensions Anupama Aggarwal⇤, Bimal Viswanath†, Liang Zhang‡, Saravana Kumar§, Ayush Shah⇤ and Ponnurangam Kumaraguru⇤ ⇤IIIT - Delhi, India, email: [email protected], [email protected], [email protected] †UC Santa Barbara, email: [email protected] ‡Northeastern University, email: [email protected] §CEG, Guindy, India, email: [email protected] Abstract—In this work, we take a step towards understanding history) and sends the information to third-party domains, and defending against spying browser extensions. These are when its core functionality does not require such information extensions repurposed to capture online activities of a user communication (Section 3). Such information theft is a and communicate the collected sensitive information to a serious violation of user privacy. For example, a user’s third-party domain. We conduct an empirical study of such browsing history can contain URLs referencing private doc- extensions on the Chrome Web Store. First, we present an in- uments (e.g., Google docs) or the URL parameters can depth analysis of the spying behavior of these extensions. We reveal privacy sensitive activities performed by the user on observe that these extensions steal a variety of sensitive user a site (e.g., online e-commerce transactions, password based information, such as the complete browsing history (e.g., the authentication). Moreover, if private data is further sold or sequence of web traversals), online social network (OSN) access exchanged with cyber-criminals [4], it can be misused in tokens, IP address, and geolocation. Second, we investigate numerous ways.
    [Show full text]
  • Track the Planet: a Web-Scale Analysis of How Online Behavioral Advertising Violates Social Norms
    University of Pennsylvania ScholarlyCommons Publicly Accessible Penn Dissertations 2017 Track The Planet: A Web-Scale Analysis Of How Online Behavioral Advertising Violates Social Norms Timothy Patrick Libert University of Pennsylvania, [email protected] Follow this and additional works at: https://repository.upenn.edu/edissertations Part of the Communication Commons, Computer Sciences Commons, and the Public Policy Commons Recommended Citation Libert, Timothy Patrick, "Track The Planet: A Web-Scale Analysis Of How Online Behavioral Advertising Violates Social Norms" (2017). Publicly Accessible Penn Dissertations. 2714. https://repository.upenn.edu/edissertations/2714 This paper is posted at ScholarlyCommons. https://repository.upenn.edu/edissertations/2714 For more information, please contact [email protected]. Track The Planet: A Web-Scale Analysis Of How Online Behavioral Advertising Violates Social Norms Abstract Various forms of media have long been supported by advertising as part of a broader social agreement in which the public gains access to monetarily free or subsidized content in exchange for paying attention to advertising. In print- and broadcast-oriented media distribution systems, advertisers relied on broad audience demographics of various publications and programs in order to target their offers to the appropriate groups of people. The shift to distributing media on the World Wide Web has vastly altered the underlying dynamic by which advertisements are targeted. Rather than rely on imprecise demographics, the online behavioral advertising (OBA) industry has developed a system by which individuals’ web browsing histories are covertly surveilled in order that their product preferences may be deduced from their online behavior. Due to a failure of regulation, Internet users have virtually no means to control such surveillance, and it contravenes a host of well-established social norms.
    [Show full text]
  • Pre-Requisites
    WordPress is very popular content management system and widely used by many big companies for their business web sites. It offers more flexibility for creating personal and professional web sites. With this increasing popularity of WordPress demand of skilled WordPress professional also increaes. This 3 module WordPress course is designed to learn eaverthing you need to become a professional WordPress developer. We includes all the WordPress concepts that are used while development of real time web sites using WordPress. Every concept is explain with the help of live practical example _________________________________________________________ Pre-requisites • Basic Knowledge of PHP/MySQL • Basic knowledge of CSS/HTML • You can use any suitable editor for programming like dreamweaver,notepad++ etc. Who Can Join • Anyone looking for easy and afforable way to create their own web site. • Any WordPress user or developer to expand their knowledge in WordPress development. • Any web developer want to become a highly skilled and professional WordPress Developer. Module-1 [ WordPress Basics ] Section 1 [WordPress Introduction] Section 2 [Getting Started with WordPress • Getting into WordPress • Using wordpress.com to create free blog • Understanding the common terms • How to Install WordPress on localhost • Why to use WordPress • wp-admin panel • Features of WordPress latest version • wp-admin dashboard . • WP resources,codex,plugin and • What is Gravatar theme Section 3 [Blog Content using post] Section 4 [Pages, Menus,Media libraries] • Adding
    [Show full text]
  • Automattic Drives Customer-Centric Improvements on Wordpress.Com
    CASE STUDY Automattic drives customer-centric improvements on Wordpress.com Headquarters: San Francisco, CA Founded: 2005 Unites a geographically distributed team to focus on optimizations Industry: Consumer technology with greatest impact The challenge The challenge Making product improvements It is estimated that about 25 percent of all websites are built using Wordpress, a based on support requests popular website platform managed by parent company Automattic. As an open source didn’t yield substantially better project run by the Wordpress Foundation, the platform is built and maintained by experiences hundreds of community volunteers as well as several ‘Automatticians.’ The solution Due to its open source nature and because there isn’t tracking analytics on Outside perspective provided by Wordpress.org, the team does not have much insight into what’s working and what’s UserTesting panel yields valuable, not working on the site. And this was a serious issue for the organization, which shareable customer insights actively cultivates a culture that is focused on its customers. The outcome Alignment across a distributed The solution team for optimized product releases results in higher quality The team turned to UserTesting to identify potential pain points and areas of friction products for users. Collecting user feedback and sharing findings has enabled the team to make strategic product improvements before each release. Additionally, without a central office and with teams meeting in-person only a few times each year, the ability to easily share insights has been invaluable. Design Engineer Mel Choyce notes, “It’s particularly useful for us as a distributed team because we can’t all do everything in person.
    [Show full text]
  • Staying Without Power a Case Study of the Drupal Content Management System by Qi Zhang
    Staying without Power A Case Study of the Drupal Content Management System By Qi Zhang Bachelor of Science in Engineering, Jiangxi Science and Technology Normal University (1999) Interfaculty initiative in information studies program, University of Tokyo (2006) Master of international studies, University of Tokyo (2008) Submitted to the System Design and Management Program in Partial Fulfillment of the Requirements for the degree of Master of Science In EngIneerIng and Management ARCHNES At the A/SSACHUSETTS INS fW E OF TECHNOLOGY Massachusetts Institute of Technology AUG 20 2013 May 2012 y2012 RRARIES C 2012 Massachusetts Institute of Technology Signature of Author Qi Zhang Certified by -. Michael A. Cusumano SMR Distinguished Professor of Management T( esis Supervisor Certified by_ Patrick Hale Director System Design and Management Program THIS PAGE IS INTENTIONALLY LEFT BLANK Acknowledgements I run the knowledge that I learned from M.I.T the most wisdom school of the world. It works AMAZING! I would also like to thank Michael, Imran and Pat who staying with me when I am without power. Love in M.I.T; Love in USA XlApq, M31 THIS PAGE IS INTENTIONALLY LEFT BLANK Staying without Power By Qi Zhang Submitted to the System Design and Management Program in Partial Fulfillment of the Requirements for the degree of Master of Science In Engineering and Management ABSTRACT This main focus of this thesis is not to describe the inner workings of the Ecosystem or software; it is to help young entrepreneurs with limited resources to not just survive, but thrive in a competitive business environment. Thesis Supervisor: Michael A.
    [Show full text]
  • Nidan a Security Search Engine for the World Wide Web
    Nidan A Security Search Engine for The World Wide Web Master’s Thesis - 10th Semester Software Engineering ds103f19 Cassiopeia Department of Computer Science Aalborg University Copyright © Aalborg University 2014 Written in LATEXfrom a template made by Jesper Kjær Nielsen. Software Engineering Aalborg University https://www.cs.aau.dk/ Title: Abstract: Nidan: A Security Search Engine for The World Wide Web In this report, the development and usage of Nidan and KNAS are described. Nidan Theme: is a systematic webcrawler which collects all Security in distributed systems loaded JavaScript, cookies, and related meta- data and stores it in a well-strutured rela- Project Period: tional database. KNAS is a data-processing Spring Semester 2019 tool that detects vulnerabilities connected to each visted website. These include vulner- Project Group: abilities in the implemented JavaScript li- ds103f19 braries, CMSs, and server software. Nidan and KNAS has been tested on around 2 % Participant(s): of the entire .dk zone file. This test showed Jesper Windelborg Nielsen that KNAS detected vulnerable software on Mathias Jørgen Bjørnum Leding 40.47 % of the websites. 92.49 % of the vulnerable websites have vulnerabilities from Supervisor(s): last year or older, meaning that the vast René Rydhof Hansen majority of vulnerable sites rarely update Thomas Panum their software. From the data collected by Nidan, it is also possible to analyze the cook- Copies: 4 ies. Since Nidan makes no interaction with the websites other than visiting, all tracking Page Numbers: 37 cookies sat break the GDPR and EU’s cookie law. Date of Completion: June 2, 2019 The content of this report is freely available, but publication (with reference) may only be pursued due to agreement with the author.
    [Show full text]
  • Wordpress and Make Your 2Nd Edition Blog the Best It Can Be Open the Book and Find
    Spine: .816” Internet/Web Page Design ™ 2nd Edition Discover why bloggers love Making Everything Easier! WordPress and make your 2nd Edition blog the best it can be Open the book and find: Blogs are as much a part of life today as the evening • Advice for creating a blog that ® WordPress newspaper was fifty years ago, and for much the same draws readers reason: Inquiring minds want to know. WordPress powers • Tips on managing comments, some of the most popular blogs on the Web, and with trackbacks, and spam this guide to help, it can work for you, too. Here’s what WordPress does, how to set it up and use it, and some cool • How to use the Dashboard WordPress bells and whistles to make your blog stand out. • Wonderful widgets and plugins to add • Pick your flavor — decide whether to use the WordPress.com hosted service or self-host your blog with WordPress.org • How to make permalinks work with your Web server • Customization — discover CSS and template tags and how to use them to create your own unique style • The standard templates and how to tweak them • Blogging 101 — find out about archiving, interacting with readers through comments, tracking back, and handling spam • Ten popular WordPress themes ® • Host with the most — get the scoop on domain registration, Web • Where to find help when you hosting providers, basic tools like FTP, and more need it • Do it yourself — install WordPress.org, set up a MySQL® database, explore RSS feeds, and organize a blogroll • Beef up your blog — insert audio, video, images, and photos Go to • Think theme — discover where to find WordPress themes, dummies.com® Learn to: explore various options, and work with template tags to create a for more! • Use the latest upgrades to WordPress 2.7 unique look • Explore theme development and tweak free WordPress themes • Create a unique blog theme and presentation by using tags with CSS $24.99 US / $26.99 CN / £15.99 UK Lisa Sabin-Wilson is a designer of blogs and Web sites and founder ISBN 978-0-470-40296-2 of E.Webscapes Design Studio.
    [Show full text]
  • Online Tracking and Zombie Cookies Today
    ONLINE TRACKING AND ZOMBIE COOKIES TODAY 1. tracking mechanisms 2. prevalence: web 3. prevalence: mobile 4. consumer choice 5. existing incentives 6. what to do BROWSERS PRIVACY BY DESIGN 3rd Party beacon HTTP beacon http://pixel.quantserve.com/seg/p-6fTutip1SMLM2.js GET /seg/p-6fTutip1SMLM2.js HTTP/1.1 Host: pixel.quantserve.com User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.huffingtonpost.com/2011/01/24/google-chrome-firefox-do-not-track_n_813189.html Cookie: mc=4d441f48-a100a-1f66c-277f6; d=EM0BPAGBBoHxDBi6IIgwALhQnyAAiCD8sQmnDMQLEAC_UA HTTP observer identifier activity http://pixel.quantserve.com/seg/p-6fTutip1SMLM2.js GET /seg/p-6fTutip1SMLM2.js HTTP/1.1 Host: pixel.quantserve.com User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.huffingtonpost.com/2011/01/24/google-chrome-firefox-do-not-track_n_813189.html Cookie: mc=4d441f48-a100a-1f66c-277f6; d=EM0BPAGBBoHxDBi6IIgwALhQnyAAiCD8sQmnDMQLEAC_UA PROFILE observer identifier activity + + = PROFILES cobalt - - [ 3/Aug/2011:15:45:36 -0700] "GET http://www.google.com/search?sourceid=chrome&ie=UTF- 8&q=artisan+hotel+las+vegas
    [Show full text]