DeepAI
Log In Sign Up

User Tracking in the Post-cookie Era: How Websites Bypass GDPR Consent to Track Users

During the past few years, mostly as a result of the GDPR and the CCPA, websites have started to present users with cookie consent banners. These banners are web forms where the users can state their preference and declare which cookies they would like to accept, if such option exists. Although requesting consent before storing any identifiable information is a good start towards respecting the user privacy, yet previous research has shown that websites do not always respect user choices. Furthermore, considering the ever decreasing reliance of trackers on cookies and actions browser vendors take by blocking or restricting third-party cookies, we anticipate a world where stateless tracking emerges, either because trackers or websites do not use cookies, or because users simply refuse to accept any. In this paper, we explore whether websites use more persistent and sophisticated forms of tracking in order to track users who said they do not want cookies. Such forms of tracking include first-party ID leaking, ID synchronization, and browser fingerprinting. Our results suggest that websites do use such modern forms of tracking even before users had the opportunity to register their choice with respect to cookies. To add insult to injury, when users choose to raise their voice and reject all cookies, user tracking only intensifies. As a result, users' choices play very little role with respect to tracking: we measured that more than 75 users had the opportunity to make a selection in the cookie consent banner, or when users chose to reject all cookies.

READ FULL TEXT
08/01/2022

The Hitchhiker's Guide to Facebook Web Tracking with Invisible Pixels and Click IDs

Over the past years, advertisement companies have used a variety of trac...
05/03/2019

Characterising Third Party Cookie Usage in the EU after GDPR

The recently introduced General Data Protection Regulation (GDPR) requir...
05/23/2019

Beyond Cookie Monster Amnesia: Real World Persistent Online Tracking

Browser fingerprinting is a relatively new method of uniquely identifyin...
07/03/2019

On Privacy Risks of Public WiFi Captive Portals

Open access WiFi hotspots are widely deployed in many public places, inc...
04/12/2021

Accept All: The Landscape of Cookie Banners in Greece and the UK

Cookie banners are devices implemented by websites to allow users to man...
04/08/2022

CookieEnforcer: Automated Cookie Notice Analysis and Enforcement

Online websites use cookie notices to elicit consent from the users, as ...
07/30/2019

Clash of the Trackers: Measuring the Evolution of the Online Tracking Ecosystem

Websites are constantly adapting the methods used, and intensity with wh...