Web Users' Activities Tracking based on the Beacons Implementation Asyaev Grigorii, Medvedev Maxim, Mursalimov Ainur, Sinkov Anton South Ural State University 76, Lenin Prospekt, Chelyabinsk, Russian Federation Tel: 79617930538, E-mails: [email protected], [email protected], [email protected], [email protected] ABSTRACT The article considers the concept of web beacons, the purpose and principles of embedding web beacons into websites, the ways of the manual and automated detection of them and minimizing the effectiveness of tracking user’s activities in the Internet. The results of a study on the use of web beacons on the most popular websites are presented. Keywords: web, beacons, cookies, activity, tracking, user, privacy, advertisement, browser fingerprint 1. INTRODUCTION The interaction between the Internet users and website owners (in the broadest sense) is associated with a global age-old problem – on the one hand, the owners (particularly, the advertisers) declare that they want to constantly progress in understanding and predicting user interests and requests, on the other hand, users accuse the websites owners of collecting their personal information, which is essential for advertisers in order to show the content that depends on what pages the users visit. Tracking is important, for example, for social networks to exclude the need for users to authenticate once more when logging after starting another session, and online stores that collect information about user purchases, the current content of their virtual shopping cart and their preferences. Usually, the so-called cookies are used for this. There are 1st party cookies hosted on the domain where the user is located at the moment (which is needed to exclude the need to re-authenticate during a second session) and 3rd party cookies hosted on a third-party domain (used by advertisers to collect data on user’s actions and user's computer statistics). Users can disable the cookies (3rd party in most cases). This, in turn, is an obstacle for advertisers and malefactor who collect statistics. Thus, the creators of websites came to a simple but effective solution to the problem – the use of the so- called web beacons (clear GIFs, cleardots, web bugs [1], tracking pixels, tracking bugs etc.) allowing to monitor the activity of users on the network. In turn, malefactors that use web beacons can compromise the privacy of victims by sending them spam and phishing e-mails. Since the principles of operation of web beacons are based on the basic principles of HTTP functioning, and their implementation doesn’t 210 require any additional software and is done through the simplest HTML tags, user tracking technology being carried out by web beacons on the one hand is simple, on the other hand is very resistant to tracking itself by third-party software. The most important thing is that it is impossible to disable beacons like it is with cookies, which can lead to violations of the privacy of the Internet users, but it is possible to limit the functioning of web beacons. 2. DESCRIPTION OF THE WEB BEACON A web beacon is an image or an inline frame that is placed on a web page and, when loaded as the user visits this page or as an e-mail is opened, sends the information necessary for tracking user activities to the "owner" of the beacon [2]. The scenarios of using web beacons are most often limited by using them to collect statistics on website visits, to collect web analytics in order to optimize the display of content on the webpages, and to display targeted advertisements. Attackers are used to find out whether the e-mail address to which the beacon is sent is valid, for the purpose of sending to spam and phishing e-mails. When sending a GET request to the server, the address on which the request is sent can be converted by the server so as to transfer information about the user to the server (discussed later). Beacons most often work in conjunction with cookies: the server while sending responses to the web browser, adds a Set-Cookie header to it, and the web browser creates a cookie file while downloading the beacon [2]. 3. THE IMPLEMENTATION OF THE WEB BEACONS IN WEBPAGES Depending on the implementation method, web beacons can be classified as follows. 1. In the simplest case, the web beacon is an ordinary image in JPG, PNG, GIF format with a size of 1x1 pixels. This provides imperceptibility, complemented most often with setting the style attribute of style sheet language CSS for the HTML <img> tag, and also it provides beacon's fast loading that does not affect page load speed. In general, the format of such a web beacon in HTML looks as follows: <img src= "https://beaconurl.com/beacon.jpg" width="1" height="1">, or <img src= "https://beaconurl.com/beacon.png" style= "position:absolute; visibility:hidden">, or <img src= "https://beaconurl.com/beacon.gif" style= "display:none"> and so on. Being a simple picture, such a beacon is downloaded by the browser, and the server (1st party or 3rd party server, as it is with cookies) that posted the image on the page gets information that a web beacon has been downloaded to a computer having a certain IP address. Such beacons are imperceptible to the user, but theoretically it is not necessary – the beacon can be any image of any format and size. 211 Having limited functionality, web beacons-images are usually used to keep statistics of visiting different webpages by an individual user, in order to find out his interests by the contents of visited pages, because within a single session of work the user's IP address is constant. Figure 1 shows an example of a web beacon that is located on the https://www.theguardian.com/international page and sends data about the user software to a third party server: the version and type of OS, the location data (country, region), user's system language, as well as other information. The web beacons function in conjunction with cookies. Figure 1. Web beacon put in a GIF file collecting user’s software details, geolocation data and using cookies. Ironically, the information collected about the user is actually sent to the third-party server by the user himself : while the browser is downloading the web beacon it is also sending the GET request to the web beacon's URL. The information collected by the server is encoded in the URL's query string. For example: let the web beacon that is further downloaded by the browser be located at "https://beaconurl.com/beacon.gif". Accordingly, the GET request sent by the browser to the server will look, for example, like this: GET https://beaconurl.com/beacon.gif?devicetype=PC&datetime=20170912195151&ostype=microsoft&os mane=win10&screenresolution=1920x1080&country=en&region=chelyabinsk HTTP / 1.0 The parameters of the query string (stored after a "?" symbol) do not affect the display of the content and are ignored by the server, but the URL from the request is stored in the log files of the server for analysis. Here, after the "?" symbol, a structure is sent as parameters of the query string, which after being parsed by the server is converted to a list consisting of key-value pairs [3]. 2. Web beacons implemented as a link to an executable script. In the HTML language they look the same as web beacons-images, but the src attribute of the <img> tag contains the path to the executable script (for this type of beacon - the PHP script mostly). Usually, a different approach, called 301- redirect, is used. For example, let there be some server "beaconurl.com" and in the directory beaconurl.com/path the following files are stored: "beacon.jpg", "beacon.php". The HTML page displays the following: <img src = "https://beaconurl.com/path/beacon.jpg" width = "1" height = "1">. 212 As soon as the browser makes a request to the address "https://beaconurl.com/path/beacon.jpg", the request is redirected with the HTTP code 30x (x = 1,2,3,5 or 7) to the address "https://beaconurl.com/ path/beacon.php", which contains a script that allows the server to obtain the necessary information. The script is executed, in the address bar the user sees not the source link, but a link to the script. Such web beacons are not common and are replaced by more simple and reliable ones. 3. Iframe-beacons. They are the most "harmless" among all the others. They are to make sure that the user has viewed some content. Most of these beacons do not send information about the user to third- party servers. Used wherever a reliable collection of information is required. Web beacons-images are easily detected and disabled, since in most cases they are formatted in HTML-code according to some templates. To solve this problem, advertisers use Iframes inline frames [3]. The simplest examples of using Iframes are built-in web pages of audio/video players from third-party hosting websites. An inline frame is a certain area of a web page within which another webpage or its fragment is loaded, specified in the attributes of the <iframe> </iframe> paired tag. Navigation through this webpage (its fragment) is carried out regardless of navigation through the main webpage. A web beacon made in the form of the inline frame is an 1x1 pixel area imperceptible for the user, often with CSS style attributes that prevent it from being displayed, for example: <iframe src="https://beaconurl.com/beacon.html" style="display: none; width: 1px; height: 1px; opacity: 0;"></iframe> The beacon.html document contains executable JavaScript code.