The web is watching you: A comprehensive review of web-tracking techniques and countermeasures

Web tracking is a commonly-used practice on the Internet devoted to retrieve user information for activities such as personalization or advertisement. These techniques are said to drive the web economy, although they are commonly used to invade users’ privacy. In the last years, a general concern raised about web tracking, looking forward to combat it in many ways like regulations, anti-tracking methods and even standardization. In this paper, we analyze and discuss the current techniques for web-tracking as well as techniques for its detection and analysis, and countermeasures to prevent web tracking.

[1]  Xiang Pan,et al.  I Do Not Know What You Visited Last Summer: Protecting users from stateful third-party web tracking with TrackingFree browser , 2015, NDSS.

[2]  Wouter Joosen,et al.  PriVaricator: Deceiving Fingerprinters with Little White Lies , 2015, WWW.

[3]  Hovav Shacham,et al.  Pixel Perfect : Fingerprinting Canvas in HTML 5 , 2012 .

[4]  Wouter Joosen,et al.  Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting , 2013, 2013 IEEE Symposium on Security and Privacy.

[5]  Lorrie Faith Cranor,et al.  Searching for Privacy: Design and Implementation of a P3P-Enabled Search Engine , 2004, Privacy Enhancing Technologies.

[6]  E. Weippl,et al.  Fast and Reliable Browser Identification with JavaScript Engine Fingerprinting , 2013 .

[7]  Benjamin Livshits,et al.  RePriv: Re-imagining Content Personalization and In-browser Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[8]  Sorin Lerner,et al.  Staged information flow for javascript , 2009, PLDI '09.

[9]  Dan Boneh,et al.  An Analysis of Private Browsing Modes in Modern Browsers , 2010, USENIX Security Symposium.

[10]  Arvind Narayanan,et al.  The Web Never Forgets: Persistent Tracking Mechanisms in the Wild , 2014, CCS.

[11]  Avi Goldfarb,et al.  Privacy Regulation and Online Advertising , 2010, Manag. Sci..

[12]  Chris Jay Hoofnagle,et al.  Flash Cookies and Privacy , 2009, AAAI Spring Symposium: Intelligent Information Privacy Management.

[13]  Opinion 04 / 2012 on Cookie Consent Exemption Adopted on 7 June 2012 , 2012 .

[14]  Jasmine Schwartz Giving the Web a Memory Cost Its Users Privacy , 2001 .

[15]  Hovav Shacham,et al.  Fingerprinting Information in JavaScript Implementations , 2011 .

[16]  Arnar Birgisson,et al.  JSFlow: tracking information flow in JavaScript and its APIs , 2014, SAC.

[17]  Igor Santos,et al.  Tracking Users Like There is No Tomorrow: Privacy on the Current Internet , 2015, CISIS-ICEUTE.

[18]  David Wetherall,et al.  Detecting and Defending Against Third-Party Tracking on the Web , 2012, NSDI.

[19]  Helen Nissenbaum,et al.  Adnostic: Privacy Preserving Targeted Advertising , 2010, NDSS.

[20]  Matthew Richardson,et al.  Targeted, Not Tracked: Client-Side Solutions for Privacy-Friendly Behavioral Advertising , 2011 .

[21]  Balachander Krishnamurthy,et al.  Generating a privacy footprint on the internet , 2006, IMC '06.

[22]  Xiang Pan I Do Not Know What You Visited Last Summer : Protecting Users from Third-party Web Tracking with TrackingFree Browser , 2015 .

[23]  Koushik Sen,et al.  Jalangi: a selective record-replay and dynamic analysis framework for JavaScript , 2013, ESEC/FSE 2013.

[24]  Sorin Lerner,et al.  An empirical study of privacy-violating information flows in JavaScript web applications , 2010, CCS '10.

[25]  John C. Mitchell,et al.  Third-Party Web Tracking: Policy and Technology , 2012, 2012 IEEE Symposium on Security and Privacy.

[26]  Edward W. Felten,et al.  Cookies That Give You Away: The Surveillance Implications of Web Tracking , 2015, WWW.

[27]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[28]  Chris Jay Hoofnagle,et al.  Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning , 2011 .

[29]  Balachander Krishnamurthy,et al.  WWW 2009 MADRID! Track: Security and Privacy / Session: Web Privacy Privacy Diffusion on the Web: A Longitudinal Perspective , 2022 .

[30]  Anthony D. Miyazaki Online Privacy and the Disclosure of Cookie Use: Effects on Consumer Trust and Anticipated Patronage , 2008 .

[31]  Frank Piessens,et al.  FPDetective: dusting the web for fingerprinters , 2013, CCS.

[32]  Arvind Narayanan,et al.  Do Not Track: A Universal Third-Party Web Tracking Opt Out , 2011 .

[33]  Saikat Guha,et al.  Privad: Practical Privacy in Online Advertising , 2011, NSDI.

[34]  Ftc Staff,et al.  Protecting Consumer Privacy in an Era of Rapid Change–A Proposed Framework for Businesses and Policymakers , 2011 .

[35]  Dominique Devriese,et al.  FlowFox: a web browser with flexible and precise information flow control , 2012, CCS '12.

[36]  William West,et al.  Analysis of privacy and security in HTML5 web storage , 2012 .

[37]  Aniket Kate,et al.  ObliviAd: Provably Secure and Practical Online Behavioral Advertising , 2012, 2012 IEEE Symposium on Security and Privacy.