COOKIEGRAPH: Measuring and Countering First-Party Tracking Cookies

by   Shaoor Munir, et al.

Recent privacy protections by browser vendors aim to limit the abuse of third-party cookies for cross-site tracking. While these countermeasures against third-party cookies are widely welcome, there are concerns that they will result in advertisers and trackers abusing first-party cookies instead. We provide the first empirical evidence of how first-party cookies are abused by advertisers and trackers by conducting a differential measurement study on 10K websites with third-party cookies allowed and blocked. We find that advertisers and trackers implement cross-site tracking despite third-party cookie blocking by storing identifiers, based on probabilistic and deterministic attributes, in first-party cookies. As opposed to third-party cookies, outright first-party cookie blocking is not practical because it would result in major breakage of legitimate website functionality. We propose CookieGraph, a machine learning approach that can accurately and robustly detect first-party tracking cookies. CookieGraph detects first-party tracking cookies with 91.06 CookieBlock approach by 10.28 against cookie name manipulation while CookieBlock's accuracy drops by 15.68 We also show that CookieGraph does not cause any major breakage while CookieBlock causes major breakage on 8 deployment of CookieGraph shows that first-party tracking cookies are used on 93.43 tracking cookies are set by major advertising entities such as Google as well as many specialized entities such as Criteo.


page 4

page 5


Towards Understanding First-Party Cookie Tracking in the Field

Third-party web tracking is a common, and broadly used technique on the ...

PURL: Safe and Effective Sanitization of Link Decoration

While privacy-focused browsers have taken steps to block third-party coo...

Tracking the Pixels: Detecting Web Trackers via Analyzing Invisible Pixels

Web tracking has been extensively studied over the last decade. To detec...

Pool-Party: Exploiting Browser Resource Pools as Side-Channels for Web Tracking

We identify a new class of side-channels in browsers that are not mitiga...

Third Party Tracking in the Mobile Ecosystem

Third party tracking allows companies to identify users and track their ...

TrackerSift: Untangling Mixed Tracking and Functional Web Resources

Trackers have recently started to mix tracking and functional resources ...

Invisible Pixels Are Dead, Long Live Invisible Pixels!

Privacy has deteriorated in the world wide web ever since the 1990s. The...

Please sign up or login with your details

Forgot password? Click here to reset