Towards Understanding First-Party Cookie Tracking in the Field

by   Nurullah Demir, et al.

Third-party web tracking is a common, and broadly used technique on the Web. Almost every step of users' is tracked, analyzed, and later used in different use cases (e.g., online advertisement). Different defense mechanisms have emerged to counter these practices (e.g., the recent step of browser vendors to ban all third-party cookies). However, all of these countermeasures only target third-party trackers, and ignore the first party because the narrative is that such monitoring is mostly used to improve the utilized service (e.g., analytical services). In this paper, we present a large-scale measurement study that analyzes tracking performed by the first party but utilized by a third party to circumvent standard tracking preventing techniques (i.e., the first party performs the tracking in the name of the third party). We visit the top 15,000 websites to analyze first-party cookies used to track users and a technique called "DNS CNAME cloaking", which can be used by a third party to place first-party cookies. Using this data, we show that 76 effectively utilize such tracking techniques, and in a long-running analysis, we show that the usage of such cookies increased by more than 50 Furthermore, we shed light on the ecosystem utilizing first-party trackers, and find that the established trackers already use such tracking, presumably to avoid tracking blocking.


COOKIEGRAPH: Measuring and Countering First-Party Tracking Cookies

Recent privacy protections by browser vendors aim to limit the abuse of ...

By the user, for the user: A user-centric approach to quantifying the privacy of websites

Third-party tracking is common on almost all commercially operated websi...

Third Party Tracking in the Mobile Ecosystem

Third party tracking allows companies to identify users and track their ...

Trackers Bounce Back: Measuring Evasion of Partitioned Storage in the Wild

This work presents a systematic study of navigational tracking, the late...

Pool-Party: Exploiting Browser Resource Pools as Side-Channels for Web Tracking

We identify a new class of side-channels in browsers that are not mitiga...

On Privacy Risks of Public WiFi Captive Portals

Open access WiFi hotspots are widely deployed in many public places, inc...

The CNAME of the Game: Large-scale Analysis of DNS-based Tracking Evasion

Online tracking is a whack-a-mole game between trackers who build and mo...

Please sign up or login with your details

Forgot password? Click here to reset