Login | Register

Towards a Global Perspective on Web Tracking

Title:

Towards a Global Perspective on Web Tracking

Samarasinghe, Nayanamana and Mannan, Mohammad (2019) Towards a Global Perspective on Web Tracking. Computers & Security . p. 101569. ISSN 01674048 (In Press)

[img]
Preview
Text (In press, accepted manuscript) (application/pdf)
Towards-a-Global-Perspective-on-Web-Tracking_2019_Computers---Security.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.
3MB

Official URL: http://dx.doi.org/10.1016/j.cose.2019.101569

Abstract

Several past measurement studies uncovered various aspects of web-based tracking and its serious impact on user privacy. Most studies used institutional resources, e.g., computers hosted at well-known universities, or cloud-computing infrastructures such as Amazon EC2, confining the study to a particular geolocation or a few locations. Would there be any difference if web tracking is measured from actual user-owned residential machines? Does a user’s geolocation affect web tracking? Past studies do not adequately answer these important questions, although web users come from across the globe, and tracking primarily targets home users. As a step forward, we leverage the Luminati proxy service to run a measurement study using residential machines from 56 countries. We rely on the OpenWPM web privacy measurement framework to analyze third-party scripts and cookies in 2050 distinct URLs (Alexa Top-1000 home pages and Alexa Top-50 country-specific home pages for all 56 countries, and shared URLs via Twitter from Alexa Top-1000 domains for 10 countries). Our findings reveal that the prevalence of web tracking varies across the globe. In addition to location, tracking also seems to depend on factors such as data privacy policies, Internet speed and censorship. We also observe that despite legal efforts for strengthening privacy, such as the EU cookie law, violations are common and very blatant in some cases, highlighting the need for more effective tools and frameworks for compliance monitoring and enforcement.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Article
Refereed:Yes
Authors:Samarasinghe, Nayanamana and Mannan, Mohammad
Journal or Publication:Computers & Security
Date:11 July 2019
Digital Object Identifier (DOI):10.1016/j.cose.2019.101569
Keywords:geolocation; internet; privacy; tracking; web
ID Code:985610
Deposited By: MONIQUE LANE
Deposited On:26 Jul 2019 13:17
Last Modified:11 Jul 2021 01:00

References:

G. Acar, C. Eubank, S. Englehardt, M.Juarez, A. Narayanan, C. Diaz The web never forgets: Persistent tracking mechanisms in the wild CCS’14,Scottsdale, Arizona, USA (2014)

Akamai, 2017. Internet connection speeds and adoption rates by geography. Online article (Jun 1,). https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/state-of-the-internet-connectivity-visualization.jsp.

Analytics Help, (2019) Understanding PII in Google’s contracts and policies. Online article. https://support.google.com/analytics/answer/7686480?hl=en.

S. Aryan, H. Aryan, A. J. Halderman Internet censorship in Iran: A first look
USENIX Workshop on Free and Open Communications on the Internet (FOCI’13), Washington DC,USA (2013)

M.A. Bashir, S. Arshad, W.K. Robertson, C. Wilson Tracing information flows between ad exchanges using retargeted ads USENIX Security Symposium’16, Austin, TX, USA (2016)

Bell Canada, (2019). Online advertising program. Online article. https://www.bell.ca/online-marketing.

Canadian Radio-television and Telecommunications Commission (CRTC), 2018. The CRTC collaborates with international partners to fight illegitimate online marketing activities. News article (Mar 21,). https://www.canada.ca/en/radio-television-telecommunications/news/2018/03/the-crtc-collaborates-with-international-partners-to-fight-illegitimate-online-marketing-activities.html.

T. Chung, D. Choffnes, A. Mislove Tunneling for transparency: A large-scale analysis of end-to-end violations in the Internet IMC’16,Santa Monica, CA, USA (2016)

T.Chung, R. van Rijswijk-Deij, B. Chandrasekaran, D. Choffnes, D. Levin, B.M. Maggs, A.Mislove, C. Wilson A longitudinal, end-to-end view of the DNSSEC ecosystem
USENIX Security Symposium’17, Vancouver, British Colombia, Canada (2017)

Citizen Lab, (2019). URL testing lists intended for discovering website censorship. Online article. https://github.com/citizenlab/test-lists/.

M. Degeling, C. Utz, C. Lentzsch, H.Hosseini, F. Schaub, T. Holz We value your privacy... Now take some cookies: Measuring the GDPR’s impact on web privacy
NDSS’19, San Diego, CA, USA (2019)

DLA Piper, (2019). Data protection laws of the world. Online article. https://www.dlapiperdataprotection.com/.

EasyList, a. EasyList. https://easylist.to/.

EasyList, b. Other supplementary filter lists and easylist variants. https://easylist.to/pages/other-supplementary-filter-lists-and-easylist-variants.html.

S. Englehardt, A. Narayanan Online tracking: A 1-million-site measurement and analysis CCS’16, Vienna, Austria (2016)

S. Englehardt, D.Reisman, C. Eubank, P. Zimmerman, J. Mayer, A. Narayanan, E.W. Felten Cookies that give you away: The surveillance implications of web tracking
WWW’15, Florence, Italy (2015)

M. Falahrastegar, H. Haddadi, S. Uhlig, R.Mortier The rise of panopticons: Examining region-specific third-party web tracking TMA’14, London UK (2014)

Felten, E., Mayer, J., 2013. How the NSA piggy-backs on third-party trackers. Blog article (Dec 13,). http://www.slate.com/blogs/future_tense/2013/12/13/nsa_surveillance_and_third_party_trackers_how_cookies_help_government_spies.html.

Freedom House, a. Freedom of the press 2017. Online article (April 2017). https://freedomhouse.org/sites/default/files/FOTP_2017_booklet_FINAL_April28.pdf.

Freedom House, b. Freedom on the Net 2017 - Egypt. (Apr. 2017). https://freedomhouse.org/report/freedom-net/2017/egypt.

N. Fruchter, H. Miao, S. Stevenson, R. Balebako Variations in tracking in relation to geographic location WTSP’15,San Jose, CA, USA (2015)

A. Gervais, A. Filios, V. Lenders, S. Capkun Quantifying web adblocker privacy
European Symposium on Research in Computer Security’17, Oslo, Norway (2017)

Ghost Proxies, (2019). The difference between residential and datacenter proxies. Blog article. http://ghostproxies.com/blog/2016/06/residential-datacenter/.

Google Ad Manager, (2019). How exchange bidding works. Online article. https://support.google.com/admanager/answer/7128958?hl=en.

Google Ads, 2019. Understanding Google Ads and AdWords express country restrictions. Online article. https://support.google.com/google-ads/answer/6163740?hl=en.

Hola,. Hola VPN. http://hola.org/.

S. Huang, F. Cuadrado, S. Uhlig Middleboxes in the Internet: a HTTP perspective
TMA’16,Paris, France (2017)

M. Jiang The business and politics of search engines: A comparative study of Baidu and Google’s search results of Internet events in China New Media & Society, 16 (2) (2014), pp. 212-233

Joshua Roesslein, 2018. Tweepy. Online article (Nov 30,). https://github.com/tweepy/tweepy.

B. Krishnamurthy, K. Naryshkin, C. Wills Privacy leakage vs. protection measures: the growing disconnect WTSP’11 (2011)

P. Laperdrix, W. Rudametkin, B. Baudry Beauty and the beast: Diverting modern web browsers to build unique browser fingerprints IEEE Symposium on Security and Privacy’16,San Jose, CA, USA (2016)

A. Lerner, A.K. Simpson, T. Kohno, F. Roesner Internet jones and the raiders of the lost trackers: An archaeological study of web tracking from 1996 to 2016
USENIX Security Symposium’16, Austin, TX, USA (2016)

Luminati,. Luminati proxy network. http://luminati.io/.

Luminati,. Monetization SDK. https://luminati.io/sdk.

Luminati, 2017. X-Forwarded-For # issue 70. Online article (Nov 17,). https://github.com/luminati-io/luminati-proxy/issues/70.

J.R. Mayer, J.C. Mitchel Third-party web tracking: Policy and technology
IEEE S&P’12, San Francisco, CA, USA (2012)

MDN web docs, 2018. X-Forwarded-For. Online article (July 20,). https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For.

MedCalc, (2019). Values of the Chi-squared distribution. Online article. https://www.medcalc.org/manual/chi-square-table.php.

G. Merzdovnik, M. Huber, D. Buhov, N. Nikiforakis, S. Neuner, M. Schmiedecker, E. Weippl Block me if you can: A large-scale study of tracker-blocking tools IEEE EuroS&P’17, Paris, France (2017)

X. Mi, Y. Liu, X. Feng, X. Liao, B.Liu, X. Wang, F. Qian, Z. Li, S. Alrwais, L. Sun Resident evil: Understanding residential IP proxy as a dark service IEEE S&P’19, San Fansisco, CA, USA (2019)

Michael Carter, 2010. pywhois. Online article (Oct 18,). https://pypi.python.org/pypi/pywhois/0.1.

Official Journal of the European Union, 2016. EU GDPR. Online article (Apr 26,). https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN.

A. Panchenko, F. Lanze, J.Pennekamp, T. Engel, A. Zinnen, M. Henze, K. Wehrle Website fingerprinting at Internet scale NDSS’16, San Diego, CA, USA (2016)

P. Pearce, B. Jones, F. Li, R. Ensafi, N.Feamster, N. Weaver, V. Paxson Global measurement of DNS manipulation USENIX Security Symposium’17, Vancouver, British Colombia, Canada (2017)

Recode.net, 2017. Google leads the world in digital and mobile ad revenue. News article (July 24,). https://www.recode.net/2017/7/24/16020330/google-digital-mobile-ad-revenue-world-leader-facebook-growth.

S. Schelter, J. Kunegis Tracking the trackers: A large-scale analysis of embedded web trackers ICWSM’16, Cologne, Germany (2016)

School of Psychology University of New England,. Z-scores. (2019) Online article. https://webstat.une.edu.au/unit_materials/c4_descriptive_statistics/z_scores.htm.

ScoreCard Research,.2017ScoreCard Research - Privacy policy. Online article (Dec 19,). http://www.scorecardresearch.com/privacy.aspx?newlanguage=1.

Shivam Agarwal,. BlockListParser. 2016Online article (Jun 02,). https://github.com/shivamagarwal-iitb/BlockListParser.

P.P. Swire, K. Ahmad Foundations of information privacy and data protection: A survey of global concepts, laws and practices International Association of Privacy Professionals (2012)

The EU Internet Handbook,. Cookies. Online article (Dec 10,). http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm.

M. Trevisan, S. Traverso, H. Metwalley, M. Mellia Uncovering the flop of the EU cookie law (2017)

G. Tyson, S. Huang, F.Cuadrado, I. Castro, V. Perta, A. Sathiaseelan, S. Uhlig Exploring HTTP header manipulation in-the-wild WWW’17,Perth, Australia (2017)

WashingtonPost.com, 2013. NSA uses Google cookies to pinpoint targets for hacking. News article (Dec 10,). https://www.washingtonpost.com/news/the-switch/wp/2013/12/10/nsa-uses-google-cookies-to-pinpoint-targets-for-hacking/.

Wollsén, F., 2018. OpenWPM WebExtension experiment / API. Online article (July 30,). https://github.com/mozilla/OpenWPM-WebExtension-Experiment.

S. Zimmeck, J.S. Li, H. Kim, S.M. Bellovin, T. Jebara A privacy analysis of cross-device tracking USENIX Security Symposium’17, Vancouver, British Colombia, Canada (2017)
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top