Tracking on the Web, Mobile and the Internet-of-Things

‘Tracking’ is the collection of data about an individual’s activity across multiple distinct contexts and the retention, use, or sharing of data derived from that activity outside the context in which it occurred. This paper aims to introduce tracking on the web, smartphones, and the Internet of Things, to an audience with little or no previous knowledge. It covers these topics primarily from the perspective of computer science and humancomputer interaction, but also includes relevant law and policy aspects. Rather than a systematic literature review, it aims to provide an overarching narrative spanning this large research space. Section 1 introduces the concept of tracking. Section 2 provides a short history of the major developments of tracking on the web. Section 3 presents research covering the detection, measurement and analysis of web tracking technologies. Section 4 delves into the countermeasures against web tracking and mechanisms that have been proposed to allow users to control and limit tracking, as well as studies into end-user perspectives on tracking. Section 5 focuses on tracking on ‘smart’ devices including smartphones and the internet of things. Section 6 covers emerging issues affecting the future of tracking across these different platforms.

[1]  Benjamin L. Edelman,et al.  Does Google Leverage Market Power Through Tying and Bundling , 2015 .

[2]  Nigel Shadbolt,et al.  A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps , 2021, SOUPS @ USENIX Security Symposium.

[3]  Benjamin Livshits,et al.  Who Filters the Filters: Understanding the Growth, Usefulness and Efficiency of Crowdsourced Ad Blocking , 2020, SIGMETRICS.

[4]  Narseo Vallina-Rodriguez,et al.  50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System , 2019, USENIX Security Symposium.

[5]  Reuben Binns,et al.  Dissolving Privacy, One Merger at a Time: Competition, Data and Third Party Tracking , 2018, Comput. Law Secur. Rev..

[6]  Christopher Krügel,et al.  PiOS: Detecting Privacy Leaks in iOS Applications , 2011, NDSS.

[7]  Hamed Haddadi,et al.  Towards Automatic Identification and Blocking of Non-Critical IoT Traffic Destinations , 2020, ArXiv.

[8]  Sonia Chiasson,et al.  'Think secure from the beginning': A Survey with Software Developers , 2019, CHI.

[9]  Herman T. Tavani,et al.  Privacy protection, control of information, and privacy-enhancing technologies , 2001, CSOC.

[10]  Robin Berjon The Fiduciary Duties of User Agents , 2021, SSRN Electronic Journal.

[11]  Matthew Green,et al.  A Protocol for Privately Reporting Ad Impressions at Scale , 2016, CCS.

[12]  Arnaud Legout,et al.  Missed by Filter Lists: Detecting Unknown Third-Party Trackers with Invisible Pixels , 2020, Proc. Priv. Enhancing Technol..

[13]  Veronica Marotta,et al.  Online Tracking and Publishers’ Revenues: An Empirical Analysis , 2019 .

[14]  Claude Castelluccia,et al.  Data Harvesting 2.0: from the Visible to the Invisible Web , 2013, WEIS 2013.

[15]  Yang Wang,et al.  Folk Models of Online Behavioral Advertising , 2017, CSCW.

[16]  Theodore L. Glasser,et al.  Normative Theories of the Media: Journalism in Democratic Societies , 2009 .

[17]  L. Baruh,et al.  Online Privacy Concerns and Privacy Management: A Meta-Analytical Review , 2017 .

[18]  Narseo Vallina-Rodriguez,et al.  Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem , 2018, NDSS.

[19]  Andrew C. Simpson,et al.  Connected Vehicles: A Privacy Analysis , 2019, SpaCCS Workshops.

[20]  Michael Carl Tschantz,et al.  A Methodology for Information Flow Experiments , 2014, 2015 IEEE 28th Computer Security Foundations Symposium.

[21]  Ahmad-Reza Sadeghi,et al.  IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT , 2016, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[22]  Frank Stajano,et al.  Inglorious Installers: Security in the Application Marketplace , 2010, WEIS.

[23]  Norman M. Sadeh,et al.  What do they know about me? Contents and Concerns of Online Behavioral Profiles , 2015, ArXiv.

[24]  Nataliia Bielova Survey on JavaScript security policies and their enforcement mechanisms in a web browser , 2013, J. Log. Algebraic Methods Program..

[25]  Jun Zhao,et al.  `I make up a silly name': Understanding Children's Perception of Privacy Risks Online , 2019, CHI.

[26]  Spyros Kokolakis,et al.  Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon , 2017, Comput. Secur..

[27]  Jun Zhao,et al.  Measuring Third-party Tracker Power across Web and Mobile , 2018, ACM Trans. Internet Techn..

[28]  Narseo Vallina-Rodriguez,et al.  Tracking the Trackers: Towards Understanding the Mobile Advertising and Tracking Ecosystem , 2016, ArXiv.

[29]  Edward W. Felten,et al.  Timing attacks on Web privacy , 2000, CCS.

[30]  Benjamin Livshits,et al.  AdGraph: A Graph-Based Approach to Ad and Tracker Blocking , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[31]  Nigel Shadbolt,et al.  Computationally Mediated Pro-Social Deception , 2016, CHI.

[32]  Dan S. Wallach,et al.  An Empirical Study of Mobile Ad Targeting , 2015, ArXiv.

[33]  Steven M. Bellovin,et al.  A Privacy Analysis of Cross-device Tracking , 2017, USENIX Security Symposium.

[34]  Arvind Narayanan,et al.  Do Not Track: A Universal Third-Party Web Tracking Opt Out , 2011 .

[35]  Norman M. Sadeh,et al.  Modeling Users' Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings , 2014, SOUPS.

[36]  G. Loewenstein,et al.  Privacy and human behavior in the age of information , 2015, Science.

[37]  J. Penney Chilling Effects: Online Surveillance and Wikipedia Use , 2016 .

[38]  Reuben Binns,et al.  Good News for People Who Love Bad News: Centralization, Privacy, and Transparency on US News Sites , 2019, WebSci.

[39]  William Enck,et al.  HomeSnitch: behavior transparency and control for smart home IoT devices , 2019, WiSec.

[40]  Gloria Gonzlez Fuster The Emergence of Personal Data Protection as a Fundamental Right of the EU , 2014 .

[41]  Laura A. Dabbish,et al.  "My Data Just Goes Everywhere: " User Mental Models of the Internet and Implications for Privacy and Security , 2015, SOUPS.

[42]  Edgar R. Weippl,et al.  Block Me If You Can: A Large-Scale Study of Tracker-Blocking Tools , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[43]  D. Asch,et al.  What web browsing reveals about your health , 2015, BMJ : British Medical Journal.

[44]  Arnaud Legout,et al.  Demo: ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic , 2016, MobiSys.

[45]  Rico Neumann,et al.  Obfuscation: A user’s guide for privacy and protest , 2017, New Media Soc..

[46]  I. Brown Interoperability as a tool for competition regulation , 2020 .

[47]  Bettina Berendt,et al.  PETs in the Surveillance Society: A Critical Review of the Potentials and Limitations of the Privacy as Confidentiality Paradigm , 2010, Data Protection in a Profiled World.

[48]  Chris Jay Hoofnagle,et al.  Big Brother's Little Helpers: How Choicepoint and Other Commercial Data Brokers Collect, Process, and Package Your Data for Law Enforcement , 2003 .

[49]  Blase Ur,et al.  A Large-Scale Evaluation of U.S. Financial Institutions’ Standardized Privacy Notices , 2016 .

[50]  A. Narayanan,et al.  Web Privacy Measurement : Scientific principles , engineering platform , and new results Draft – Jun 1 , 2014 , 2014 .

[51]  Nick Feamster,et al.  User Perceptions of Smart Home IoT Privacy , 2018, Proc. ACM Hum. Comput. Interact..

[52]  Lorrie Faith Cranor,et al.  Token attempt: the misrepresentation of website privacy policies through the misuse of p3p compact policy tokens , 2010, WPES '10.

[53]  Arvind Narayanan,et al.  Characterizing the Use of Browser-Based Blocking Extensions To Prevent Online Tracking , 2018, SOUPS @ USENIX Security Symposium.

[54]  Jonathan Hassid,et al.  Media Commercialization and Authoritarian Rule in China , 2015 .

[55]  Lorrie Faith Cranor,et al.  A "nutrition label" for privacy , 2009, SOUPS.

[56]  Christo Wilson,et al.  Should You Use the App for That?: Comparing the Privacy Implications of App- and Web-based Online Services , 2016, Internet Measurement Conference.

[57]  Arvind Narayanan,et al.  The Web Never Forgets: Persistent Tracking Mechanisms in the Wild , 2014, CCS.

[58]  Norman M. Sadeh,et al.  PrivOnto: A semantic framework for the analysis of privacy policies , 2017 .

[59]  Robert H. Deng,et al.  Comparing Mobile Privacy Protection through Cross-Platform Applications , 2013, NDSS.

[60]  Timothy Libert,et al.  An Automated Approach to Auditing Disclosure of Third-Party Data Collection in Website Privacy Policies , 2018, WWW.

[61]  Athina Markopoulou,et al.  The TV is Smart and Full of Trackers: Measuring Smart TV Advertising and Tracking , 2020, Proc. Priv. Enhancing Technol..

[62]  Tristan Allard,et al.  "Guess Who ?" Large-Scale Data-Centric Study of the Adequacy of Browser Fingerprints for Web Authentication , 2020, IMIS.

[63]  Nigel Shadbolt,et al.  Strangers in the Room: Unpacking Perceptions of 'Smartness' and Related Ethical Concerns in the Home , 2020, Conference on Designing Interactive Systems.

[64]  Martino Trevisan,et al.  Uncovering the Flop of the EU Cookie Law , 2017, ArXiv.

[65]  Claude Castelluccia,et al.  On the Unicity of Smartphone Applications , 2015, WPES@CCS.

[66]  Ivan Martinovic,et al.  To Update or Not to Update: Insights From a Two-Year Study of Android App Evolution , 2017, AsiaCCS.

[67]  Lorrie Faith Cranor Agents of Choice: Tools that Facilitate Notice and Choice about Web Site Data Practices , 2000, ArXiv.

[68]  J. Bennett Introduction: The Utopia of Independent Media: Independence, Working with Freedom and Working for Free , 2014 .

[69]  Norbert Nthala,et al.  “It did not give me an option to decline”: A Longitudinal Analysis of the User Experience of Security and Privacy in Smart Home Products , 2021, CHI.

[70]  Dan S. Wallach,et al.  A case of collusion: a study of the interface between ad libraries and their apps , 2013, SPSM '13.

[71]  Paul Dourish,et al.  Collective Information Practice: Exploring Privacy and Security as Social and Cultural Phenomena , 2006, Hum. Comput. Interact..

[72]  Helen Nissenbaum,et al.  Privacy in Context - Technology, Policy, and the Integrity of Social Life , 2009 .

[73]  Benjamin Edelman,et al.  Android and competition law: exploring and assessing Google’s practices in mobile , 2016 .

[74]  Maya Cakmak,et al.  Toys that Listen: A Study of Parents, Children, and Internet-Connected Toys , 2017, CHI.

[75]  R Barreras,et al.  The leaking battery. , 1988, Journal of biological photography.

[76]  Tom Chothia,et al.  Breaking All the Things - A Systematic Survey of Firmware Extraction Techniques for IoT Devices , 2018, CARDIS.

[77]  Predrag V. Klasnja,et al.  Exploring Privacy Concerns about Personal Sensing , 2009, Pervasive.

[78]  Nikita Borisov,et al.  The Web's Sixth Sense: A Study of Scripts Accessing Smartphone Sensors , 2018, CCS.

[79]  O. Lynskey Aligning data protection rights with competition law remedies? The GDPR right to data portability , 2017 .

[80]  Roxana Geambasu,et al.  XRay: Enhancing the Web's Transparency with Differential Correlation , 2014, USENIX Security Symposium.

[81]  David Garcia,et al.  Leaking privacy and shadow profiles in online social networks , 2017, Science Advances.

[82]  Nigel Shadbolt,et al.  Exploring Design and Governance Challenges in the Development of Privacy-Preserving Computation , 2021, CHI.

[83]  Martin Ortlieb,et al.  "If You Put All The Pieces Together...": Attitudes Towards Data Combination and Sharing Across Services and Companies , 2016, CHI.

[84]  Dear Mr Sotiropoulos ARTICLE 29 Data Protection Working Party , 2013 .

[85]  Chris Jay Hoofnagle,et al.  Flash Cookies and Privacy , 2009, AAAI Spring Symposium: Intelligent Information Privacy Management.

[86]  Joe Deville,et al.  Digital subprime: tracking the credit trackers , 2019, The Sociology of Debt.

[87]  Tadayoshi Kohno,et al.  Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016 , 2016, USENIX Security Symposium.

[88]  Gerald L. Lohse,et al.  International Differences in Information Privacy Concerns: A Global Survey of Consumers , 2004, Inf. Soc..

[89]  A. Narayanan,et al.  Shining the Floodlights on Mobile Web Tracking — A Privacy Survey , 2013 .

[90]  Robert Gellman,et al.  Fair Information Practices: A Basic History - Version 2.20 , 2017 .

[91]  Louise Barkhuus The mismeasurement of privacy: using contextual integrity to reconsider privacy in HCI , 2012, CHI.

[92]  César A. Hidalgo,et al.  Unique in the Crowd: The privacy bounds of human mobility , 2013, Scientific Reports.

[93]  Arvind Narayanan,et al.  Privacy Policies over Time: Curation and Analysis of a Million-Document Dataset , 2020, WWW.

[94]  Alfred Kobsa,et al.  User Models in Dialog Systems , 1989, Symbolic Computation.

[95]  Serge Egelman,et al.  "What Can't Data Be Used For?": Privacy Expectations about Smart TVs in the U.S. , 2018 .

[96]  Helen Nissenbaum,et al.  Measuring Privacy: An Empirical Test Using Context To Expose Confounding Variables , 2015 .

[97]  Yuanchun Li,et al.  Why Are They Collecting My Data? , 2018, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[98]  Midas Nouwens,et al.  Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence , 2020, CHI.

[99]  Edward W. Felten,et al.  A Precautionary Approach to Big Data Privacy , 2016 .

[100]  Jasmine Schwartz Giving the Web a Memory Cost Its Users Privacy , 2001 .

[101]  Jérôme Kunegis,et al.  On the Ubiquity of Web Tracking: Insights from a Billion-Page Web Crawl , 2016, J. Web Sci..

[102]  Narseo Vallina-Rodriguez,et al.  Beyond Google Play: A Large-Scale Comparative Study of Chinese Android App Markets , 2018, Internet Measurement Conference.

[103]  Nigel Shadbolt,et al.  Are iPhones Really Better for Privacy? Comparative Study of iOS and Android Apps , 2021, ArXiv.

[104]  Jan Nierhoff,et al.  Tracking and Tricking a Profiler: Automated Measuring and Influencing of Bluekai's Interest Profiling , 2018, WPES@CCS.

[105]  Narseo Vallina-Rodriguez,et al.  The Price is (Not) Right: Comparing Privacy in Free and Paid Apps , 2020, Proc. Priv. Enhancing Technol..

[106]  Athina Markopoulou,et al.  PingPong: Packet-Level Signatures for Smart Home Device Events , 2019, ArXiv.

[107]  Balachander Krishnamurthy,et al.  Privacy leakage vs . Protection measures : the growing disconnect , 2011 .

[108]  Natasa Milic-Frayling,et al.  Network Analysis of Third Party Tracking: User Exposure to Tracking Cookies through Search , 2013, 2013 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT).

[109]  Ke Sun,et al.  "Alexa, stop spying on me!": speech privacy protection against voice assistants , 2020, SenSys.

[110]  Blase Ur,et al.  Oh, the Places You've Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing , 2019, CCS.

[111]  Rebecca Balebako,et al.  Variations in Tracking in Relation to Geographic Location , 2015, ArXiv.

[112]  M. Wendy Hennequin,et al.  The Future of the Internet and How to Stop It , 2011 .

[113]  Heng Xu,et al.  Information Privacy Research: An Interdisciplinary Review , 2011, MIS Q..

[114]  Irina Shklovski,et al.  Leakiness and creepiness in app space: perceptions of privacy and mobile app use , 2014, CHI.

[115]  Wilfried Sand-Zantman,et al.  The Value of Personal Information in Markets with Endogenous Privacy , 2015 .

[116]  Lujo Bauer,et al.  Privacy Expectations and Preferences in an IoT World , 2017, SOUPS.

[117]  Sherrie Penland,et al.  Terms Of Service , 2014 .

[118]  Heather Richter Lipford,et al.  I don't own the data": End User Perceptions of Smart Home Device Data Practices and Risks , 2019, SOUPS @ USENIX Security Symposium.

[119]  Nadezhda Purtova From Knowing by Name to Personalisation: Meaning of Identification Under the GDPR , 2021 .

[120]  Sarvapali D. Ramchurn,et al.  Doing the laundry with agents: a field trial of a future smart energy system in the home , 2014, CHI.

[121]  Balachander Krishnamurthy,et al.  Generating a privacy footprint on the internet , 2006, IMC '06.

[122]  Bruce Schneier,et al.  Architecture of Privacy , 2009, IEEE Security & Privacy Magazine.

[123]  Yuchen Zhou,et al.  Understanding and Monitoring Embedded Web Scripts , 2015, 2015 IEEE Symposium on Security and Privacy.

[124]  Shruti Sannon,et al.  "Alexa is my new BFF": Social Roles, User Satisfaction, and Personification of the Amazon Echo , 2017, CHI Extended Abstracts.

[125]  Urs Hengartner,et al.  PrivacyGuard: A VPN-based Platform to Detect Information Leakage on Android Devices , 2015, SPSM@CCS.

[126]  Jason Nieh,et al.  A measurement study of google play , 2014, SIGMETRICS '14.

[127]  Zubair Shafiq,et al.  Inferring Tracker-Advertiser Relationships in the Online Advertising Ecosystem using Header Bidding , 2019, Proc. Priv. Enhancing Technol..

[128]  Dan Boneh,et al.  AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning , 2019, CCS.

[129]  David N. Chin KNOME: Modeling What the User Knows in UC , 1989 .

[130]  Frederik J. Zuiderveen Borgesius,et al.  Singling out people without knowing their names - Behavioural targeting, pseudonymous data, and the new Data Protection Regulation , 2016, Comput. Law Secur. Rev..

[131]  Edward W. Felten,et al.  Cookies That Give You Away: The Surveillance Implications of Web Tracking , 2015, WWW.

[132]  Benjamin Livshits,et al.  THEMIS: Decentralized and Trustless Ad Platform with Reporting Integrity , 2020, ArXiv.

[133]  Jun Zhao,et al.  Third Party Tracking in the Mobile Ecosystem , 2018, WebSci.

[134]  M. Culnan Protecting Privacy Online: Is Self-Regulation Working? , 2000 .

[135]  Cristiana Santos,et al.  Do Cookie Banners Respect my Choice? : Measuring Legal Compliance of Banners from IAB Europe’s Transparency and Consent Framework , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[136]  K. Chowdhury,et al.  CONSUMER ATTITUDE TOWARD MOBILE ADVERTISING IN AN EMERGING MARKET: AN EMPIRICAL STUDY , 2006 .

[137]  Tom Rodden,et al.  Smart grids, smart users? The role of the user in demand side management , 2014 .

[138]  Mauro Conti,et al.  Peek-a-boo: i see your smart home activities, even encrypted! , 2018, WISEC.

[139]  Jinyan Zang,et al.  Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps , 2015 .

[140]  Adam Chandler,et al.  Using Piwik Instead of Google Analytics at the Cornell University Library , 2016 .

[141]  Nigel Shadbolt,et al.  Before and after GDPR: tracking in mobile apps , 2021, Internet Policy Rev..

[142]  Michelle L. Mazurek,et al.  You are Not Your Developer, Either: A Research Agenda for Usable Security and Privacy Research Beyond End Users , 2016, 2016 IEEE Cybersecurity Development (SecDev).

[143]  Alfred Kobsa,et al.  Understanding user privacy in Internet of Things environments , 2016, 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT).

[144]  Helen Nissenbaum,et al.  Engineering Privacy and Protest: A Case Study of AdNauseam , 2017, IWPE@SP.

[145]  Lorrie Faith Cranor,et al.  The Privacy and Security Behaviors of Smartphone App Developers , 2014 .

[146]  Ivan Flechais,et al.  Exploring Communal Technology Use in the Home , 2019, HTTF.

[147]  Wolfie Christl,et al.  How Companies Use Personal Data Against People. Automated Disadvantage, Personalized Persuasion, and the Societal Ramifications of the Commercial Use of Personal Information , 2017 .

[148]  Haoyu Wang,et al.  LibRadar: Fast and Accurate Detection of Third-Party Libraries in Android Apps , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering Companion (ICSE-C).

[149]  Judy Kay,et al.  Viewing and Controlling Personal Sensor Data: What Do Users Want? , 2013, PERSUASIVE.

[150]  Seounmi Youn Teenagers' Perceptions of Online Privacy and Coping Behaviors: A Risk–Benefit Appraisal Approach , 2005 .

[151]  Jun Wang,et al.  Real-time bidding for online advertising: measurement and analysis , 2013, ADKDD '13.

[152]  Nathaniel Good,et al.  Empirical Studies on Software Notices to Inform Policy Makers and Usability Designers , 2007, Financial Cryptography.

[153]  Zinaida Benenson,et al.  Android and iOS users' differences concerning security and privacy , 2013, CHI Extended Abstracts.

[154]  Mark Fischetti,et al.  Weaving the web - the original design and ultimate destiny of the World Wide Web by its inventor , 1999 .

[155]  Tom Rodden,et al.  At home with agents: exploring attitudes towards future smart energy infrastructures , 2013, IJCAI.

[156]  Dan Boneh,et al.  Protecting browser state from web privacy attacks , 2006, WWW '06.

[157]  Sencun Zhu,et al.  Errors, Misunderstandings, and Attacks: Analyzing the Crowdsourcing Process of Ad-blocking Systems , 2019, Internet Measurement Conference.

[158]  J. Winn Consumer protection in the age of the 'information economy' , 2006 .

[159]  Christo Wilson,et al.  How Tracking Companies Circumvented Ad Blockers Using WebSockets , 2018, Internet Measurement Conference.

[160]  Sahin Albayrak,et al.  Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications , 2011, 2011 6th International Conference on Malicious and Unwanted Software.

[161]  Norbert Pohlmann,et al.  Measuring the Impact of the GDPR on Data Sharing in Ad Networks , 2018, AsiaCCS.

[162]  Records, Computers and the Rights of Citizens , 1973 .

[163]  Jennifer King How Come I'm Allowing Strangers to Go Through My Phone? Smartphones and Privacy Expectations. , 2012 .

[164]  Wouter Joosen,et al.  Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting , 2013, 2013 IEEE Symposium on Security and Privacy.

[165]  Lorrie Faith Cranor,et al.  Use of a P3P user agent by early adopters , 2002, WPES '02.

[166]  Indrajit Ray,et al.  Behavioral Fingerprinting of IoT Devices , 2018, ASHES@CCS.

[167]  Joanne Gray,et al.  Creating in an age of algorithms: won’t somebody think of the children? , 2019 .

[168]  Colin Potts,et al.  Privacy policies as decision-making tools: an evaluation of online privacy notices , 2004, CHI.

[169]  Helen Nissenbaum,et al.  On Notice: The Trouble with Notice and Consent , 2009 .

[170]  Jun Zhao,et al.  Privacy Languages: Are we there yet to enable user controls? , 2016, WWW.

[171]  "It's your private information. it's your life.": young people's views of personal data use by online technologies , 2020, IDC.

[172]  Marc Langheinrich To FLoC or Not? , 2021, IEEE Pervasive Comput..

[173]  Curtis R. Taylor,et al.  The Economics of Privacy , 2016 .

[174]  Joseph Gray Jackson,et al.  Privacy and Freedom , 1968 .

[175]  Midas Nouwens,et al.  Consent Management Platforms under the GDPR: processors and/or controllers? , 2021, APF.

[176]  Guozi Sun,et al.  AppTrace: Dynamic trace on Android devices , 2015, 2015 IEEE International Conference on Communications (ICC).

[177]  Arnaud Legout,et al.  ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic , 2015, MobiSys.

[178]  Jessica Colnago,et al.  Informing the Design of a Personalized Privacy Assistant for the Internet of Things , 2020, CHI.

[179]  Amit Elazari Bar On,et al.  On The Ridiculousness of Notice and Consent: Contradictions in App Privacy Policies , 2019 .

[180]  Nikita Borisov,et al.  Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses , 2016, NDSS.

[181]  Nick Feamster,et al.  Security and Privacy Analyses of Internet of Things Children’s Toys , 2019, IEEE Internet of Things Journal.

[182]  M. V. Kleek,et al.  “Money makes the world go around”: Identifying Barriers to Better Privacy in Children’s Apps From Developers’ Perspectives , 2021, CHI.

[183]  Joon Sang Baek,et al.  Definitions and Attributes of Smart Home Appliances , 2019, Proceedings of the Design Society: International Conference on Engineering Design.

[184]  Mark S. Ackerman,et al.  Beyond Concern: Understanding Net Users' Attitudes About Online Privacy , 1999, ArXiv.

[185]  Yang Wang,et al.  Why Johnny can't opt out: a usability evaluation of tools to limit online behavioral advertising , 2012, CHI.

[186]  Nishanth R. Sastry,et al.  Multi-country Study of Third Party Trackers from Real Browser Histories , 2020, 2020 IEEE European Symposium on Security and Privacy (EuroS&P).

[187]  Hovav Shacham,et al.  Pixel Perfect : Fingerprinting Canvas in HTML 5 , 2012 .

[188]  Feiyue Wang,et al.  A survey on real time bidding advertising , 2014, Proceedings of 2014 IEEE International Conference on Service Operations and Logistics, and Informatics.

[189]  Zhiyun Qian,et al.  The ad wars: retrospective measurement and analysis of anti-adblock filter lists , 2017, Internet Measurement Conference.

[190]  Wouter Joosen,et al.  The CNAME of the Game: Large-scale Analysis of DNS-based Tracking Evasion , 2021, Proc. Priv. Enhancing Technol..

[191]  Cristiana Santos,et al.  Dark Patterns and the Legal Requirements of Consent Banners: An Interaction Criticism Perspective , 2020, ArXiv.

[192]  Serge Gutwirth,et al.  Profiling the European Citizen , 2017 .

[193]  Malcolm Hall,et al.  ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing , 2013, MobiSys '13.

[194]  Celia Lury,et al.  Cultural Rights: Technology, Legality and Personality.@@@The Panoptic Sort: A Political Economy of Personal Information. , 1993 .

[195]  Meg Leta Jones Cookies: a legacy of controversy , 2020 .

[196]  Karrie Karahalios,et al.  Communicating Algorithmic Process in Online Behavioral Advertising , 2018, CHI.

[197]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[198]  Martin Degeling,et al.  (Un)informed Consent: Studying GDPR Consent Notices in the Field , 2019, CCS.

[199]  Tim Wu,et al.  The Curse of Bigness: Antitrust in the New Gilded Age , 2018 .

[200]  Arvind Narayanan,et al.  I never signed up for this! Privacy implications of email tracking , 2018, Proc. Priv. Enhancing Technol..

[201]  Qi Li,et al.  Building accountability into the Internet of Things: the IoT Databox model , 2018, Journal of Reliable Intelligent Environments.

[202]  Aleecia M. McDonald,et al.  The Cost of Reading Privacy Policies , 2009 .

[203]  Angelos D. Keromytis,et al.  The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[204]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[205]  Lachlan Urquhart,et al.  Responsible Domestic Robotics: Exploring Ethical Implications of Robots in the Home , 2018, J. Inf. Commun. Ethics Soc..

[206]  Elias Grünewald,et al.  TILT: A GDPR-Aligned Transparency Information Language and Toolkit for Practical Privacy Engineering , 2020, ArXiv.

[207]  Shoshana Zuboff,et al.  Big other: surveillance capitalism and the prospects of an information civilization , 2015, J. Inf. Technol..

[208]  Heng Yin,et al.  Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis , 2018, NDSS.

[209]  R. Gray Entropy and Information Theory , 1990, Springer New York.

[210]  University of California,et al.  Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors , 2020, 2021 IEEE Symposium on Security and Privacy (SP).

[211]  Sören Preibusch,et al.  Unwillingness to Pay for Privacy: A Field Experiment , 2011, SSRN Electronic Journal.

[212]  Sonia Chiasson,et al.  User Perceptions of Sharing, Advertising, and Tracking , 2015, SOUPS.

[213]  Serge Egelman,et al.  Fingerprinting Web Users Through Font Metrics , 2015, Financial Cryptography.

[214]  O. Gandy The Panoptic Sort: A Political Economy of Personal Information. Critical Studies in Communication and in the Cultural Industries. , 1993 .

[215]  Norman M. Sadeh,et al.  Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing , 2012, UbiComp.

[216]  Reuben Binns,et al.  Informing the Design of Privacy-Empowering Tools for the Connected Home , 2020, CHI.

[217]  Hamed Haddadi,et al.  Targeted Advertising on the Handset: Privacy and Security Challenges , 2011, Pervasive Advertising.

[218]  Jennifer M. Urban,et al.  Privacy and Modern Advertising: Most US Internet Users Want 'Do Not Track' to Stop Collection of Data about their Online Activities , 2012 .

[219]  Arnar Birgisson,et al.  JSFlow: tracking information flow in JavaScript and its APIs , 2014, SAC.

[220]  Athina Markopoulou,et al.  NoMoATS: Towards Automatic Detection of Mobile Tracking , 2020, Proc. Priv. Enhancing Technol..

[221]  Yang Wang,et al.  What matters to users?: factors that affect users' willingness to share information with online advertisers , 2013, SOUPS.

[222]  Benjamin Livshits,et al.  MoRePriv: mobile OS support for application personalization and privacy , 2014, ACSAC.

[223]  Bill Fitzgerald,et al.  Tracking the Trackers , 2016 .

[224]  Toru Nakamura,et al.  I Read but Don't Agree: Privacy Policy Benchmarking using Machine Learning and the EU GDPR , 2018, WWW.

[225]  Haiqing Yu,et al.  Media and Cultural Transformation in China , 2009 .

[226]  Nick Feamster,et al.  Discovering Smart Home Internet of Things Privacy Norms Using Contextual Integrity , 2018, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[227]  Christo Wilson,et al.  Diffusion of User Tracking Data in the Online Advertising Ecosystem , 2018, Proc. Priv. Enhancing Technol..

[228]  Norbert Pohlmann,et al.  Beyond the Front Page:Measuring Third Party Dynamics in the Field , 2020, WWW.

[229]  Zhou Li,et al.  From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR , 2021, NDSS.

[230]  Lili Jiang,et al.  The cookie recipe: Untangling the use of cookies in the wild , 2017, 2017 Network Traffic Measurement and Analysis Conference (TMA).

[231]  Stine Lomborg,et al.  Infrastructures of tracking: Mapping the ecology of third-party services across top sites in the EU , 2020, New Media Soc..

[232]  R. McChesney,et al.  Surveillance Capitalism: Monopoly-Finance Capital, the Military-Industrial Complex, and the Digital Age , 2014 .

[233]  Gildas Avoine,et al.  Browser Fingerprinting: A survey , 2019 .

[234]  Timothy Libert,et al.  Preserving Needles in the Haystack: A search engine and multi-jurisdictional forensic documentation system for privacy violations on the web , 2021 .

[235]  John C. Mitchell,et al.  Third-Party Web Tracking: Policy and Technology , 2012, 2012 IEEE Symposium on Security and Privacy.

[236]  Catherine Tucker,et al.  Government Surveillance and Internet Search Behavior , 2017 .

[237]  Christo Wilson,et al.  Tracing Information Flows Between Ad Exchanges Using Retargeted Ads , 2018, USENIX Security Symposium.

[238]  Josep M. Pujol,et al.  WhoTracks.Me: Monitoring the online tracking landscape at scale , 2018, ArXiv.

[239]  Balachander Krishnamurthy,et al.  Towards Seamless Tracking-Free Web: Improved Detection of Trackers via One-class Learning , 2016, Proc. Priv. Enhancing Technol..

[240]  F. Cate The Failure of Fair Information Practice Principles , 2006 .

[241]  Lina M. Khan Amazon's Antitrust Paradox , 2017 .

[242]  Roger A. Clarke,et al.  Information technology and dataveillance , 1988, CACM.

[243]  Nick Feamster,et al.  Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices , 2019, CCS.

[244]  Allison Woodruff,et al.  Would a Privacy Fundamentalist Sell Their DNA for $1000 ... If Nothing Bad Happened as a Result? The Westin Categories, Behavioral Intentions, and Consequences , 2014, SOUPS.

[245]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[246]  Rick Wash,et al.  Too Much Knowledge? Security Beliefs and Protective Behaviors Among United States Internet Users , 2015, SOUPS.

[247]  Jonathan Mayer,et al.  A Promising Direction for Web Tracking Countermeasures , 2013 .

[248]  Wei Zhang,et al.  HoMonit: Monitoring Smart Home Apps from Encrypted Traffic , 2018, CCS.

[249]  David A. Wagner,et al.  Choice Architecture and Smartphone Privacy: There's a Price for That , 2012, WEIS.

[250]  Yongming Zhou,et al.  Historicizing Online Politics , 2005 .

[251]  Hamed Haddadi,et al.  Information Exposure From Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach , 2019, Internet Measurement Conference.

[252]  Brian Krupp,et al.  An Analysis of Web Tracking Domains in Mobile Applications , 2021, WebSci.

[253]  Nina Gerber,et al.  FoxIT: enhancing mobile users' privacy behavior by increasing knowledge and awareness , 2017, STAST '17.

[254]  Arvind Narayanan,et al.  Online Tracking: A 1-million-site Measurement and Analysis , 2016, CCS.

[255]  Chris Jay Hoofnagle,et al.  Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning , 2011 .

[256]  Paul Francis,et al.  Non-tracking web analytics , 2012, CCS.

[257]  M. Hildebrandt,et al.  BEING PROFILED:COGITAS ERGO SUM , 2018 .

[258]  Blase Ur,et al.  Parents' and Teens' Perspectives on Privacy In a Technology-Filled World , 2014, SOUPS.

[259]  Florian Schaub,et al.  "We Can't Live Without Them!" App Developers' Adoption of Ad Networks and Their Considerations of Consumer Risks , 2019, SOUPS @ USENIX Security Symposium.

[260]  Jun Zhao,et al.  Better the Devil You Know: Exposing the Data Sharing Practices of Smartphone Apps , 2017, CHI.

[261]  Jun Zhao,et al.  X-Ray Refine: Supporting the Exploration and Refinement of Information Exposure Resulting from Smartphone Apps , 2018, CHI.

[262]  Thorsten Holz,et al.  On the Robustness of Mobile Device Fingerprinting: Can Mobile Users Escape Modern Web-Tracking Mechanisms? , 2015, ACSAC 2015.

[263]  Frederik Braun Origin Policy Enforcement in Modern Browsers A Case Study in Same Origin Implementations , 2013 .

[264]  Liselot Hudders,et al.  Knowledge as a strategy for privacy protection: How a privacy literacy training affects children's online disclosure behavior , 2020, Comput. Hum. Behav..

[265]  Justin M. Rao,et al.  The Unfavorable Economics of Measuring the Returns to Advertising , 2014 .

[266]  David A. Wagner,et al.  I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns , 2012, SPSM '12.

[267]  Jie Liu,et al.  DECAF: Detecting and Characterizing Ad Fraud in Mobile Apps , 2014, NSDI.

[268]  Frank A. Pasquale Privacy, Antitrust, and Power , 2013 .

[269]  Ryan Stevens,et al.  MAdFraud: investigating ad fraud in android applications , 2014, MobiSys.

[270]  Robert LaRose,et al.  Keeping our network safe: a model of online protection behaviour , 2008, Behav. Inf. Technol..

[271]  Ponnurangam Kumaraguru,et al.  Privacy Indexes: A Survey of Westin's Studies , 2005 .

[272]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[273]  C. Hawes The Power of the Internet in China: Citizen Activism Online , 2010 .

[274]  Michael F. McTear,et al.  User modelling for adaptive computer systems: a survey of recent developments , 1993, Artificial Intelligence Review.

[275]  Nora A Draper,et al.  From Privacy Pragmatist to Privacy Resigned: Challenging Narratives of Rational Choice in Digital Privacy Debates , 2017 .

[276]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[277]  T. Mansfield,et al.  A Study of Whois Privacy and Proxy Service Abuse , 2013 .

[278]  Stefan Katzenbeisser,et al.  Enabling Privacy Preserving Mobile Advertising via Private Information Retrieval , 2017, 2017 IEEE 42nd Conference on Local Computer Networks (LCN).

[279]  Minas Gjoka,et al.  AntMonitor: A System for On-Device Mobile Network Monitoring and its Applications , 2016, 1611.04268.

[280]  Noah A. Smith,et al.  Crowdsourcing Annotations for Websites' Privacy Policies: Can It Really Work? , 2016, WWW.

[281]  Evangelos P. Markatos,et al.  Cookie Synchronization: Everything You Always Wanted to Know But Were Afraid to Ask , 2018, WWW.

[282]  Yang Wang,et al.  Smart, useful, scary, creepy: perceptions of online behavioral advertising , 2012, SOUPS.

[283]  Jatinder Singh,et al.  Artificial intelligence as a service: Legal responsibilities, liabilities, and policy challenges , 2021, Comput. Law Secur. Rev..

[284]  Vinton G. Cerf,et al.  A brief history of the internet , 1999, CCRV.