Towards Understanding First-Party Cookie Tracking in the Field. (arXiv:2202.01498v2 [cs.CR] UPDATED)
admin
1 min read
Third-party web tracking is a common, and broadly used technique on the Web.
Almost every step of users’ is tracked, analyzed, and later used in different
use cases (e.g., online advertisement). Different defense mechanisms have
emerged to counter these practices (e.g., the recent step of browser vendors to
ban all third-party cookies). However, all of these countermeasures only target
third-party trackers, and ignore the first party because the narrative is that
such monitoring is mostly used to improve the utilized service (e.g.,
analytical services).
In this paper, we present a large-scale measurement study that analyzes
tracking performed by the first party but utilized by a third party to
circumvent standard tracking preventing techniques (i.e., the first party
performs the tracking in the name of the third party). We visit the top 15,000
websites to analyze first-party cookies used to track users and a technique
called “DNS CNAME cloaking”, which can be used by a third party to place
first-party cookies. Using this data, we show that 76% sites in our dataset
effectively utilize such tracking techniques, and in a long-running analysis,
we show that the usage of such cookies increased by more than 50% over 2021.
Furthermore, we shed light on the ecosystem utilizing first-party trackers, and
find that the established trackers already use such tracking, presumably to
avoid tracking blocking.
.jpg)