New Research/Report Provides “Archaeological Study” About Use of Third-Party Tracking Technology on the Web

From the University of Washington:

At the USENIX Security Conference in Austin, Texas, a team of University of Washington researchers on Aug. 12 presented the first-ever comprehensive analysis of third-party web tracking across three decades and a new tool, TrackingExcavator, which they developed to extract and analyze tracking behaviors on a given web page. They saw a four-fold increase in third-party tracking on top sites from 1996 to 2016, and mapped the growing complexity of trackers stretching back decades.
“Third-party tracking started quite early in the history of the web,” said Adam Lerner, a graduate student in the UW Department of Computer Science & Engineering who presented the team’s findings at the conference. “People are becoming more concerned about the potential impact of third-party web tracking, but we lacked a comprehensive history of how trackers — and the types of information they collect — have evolved over time.”
Lerner and fellow doctoral student Anna Kornfeld Simpson set out to fill the gaps in our understanding of tracking, working with computer science and engineering assistant professor Franziska Roesner and associate professor Tadayoshi Kohno of the UW Security and Privacy Laboratory.

Read the Complete News Release/Highlights from U. of Washington
More From IEEE Spectrum

For comparison, a study by Princeton computer science researcher Arvind Narayanan and colleagues that was released in January looked at one million websites and found that top websites host an average of 25 to 30 third parties. Chris Jay Hoofnagle, a privacy and law scholar at UC Berkeley, says his own research has found that 36 of the 100 most popular sites send more than 150 requests each, with one site logging more than 300. The definition of a tracker or a third-party request, and the methods used to identify them, may also vary between analyses.
“It’s not so much that I would invest a lot of confidence in the idea that there were X number of trackers on any given site,” Hoofnagle says of the University of Washington team’s results. “Rather, it’s the trend that’s important.”
[Clip]
Modern ad blockers can prevent sites from installing cookies and have become popular with users in recent years. Perhaps due in part to this shift, the authors also found that the behaviors that third parties exhibit have become more sophisitcated and wider in scope. For example, a new tactic avoids the use of cookies by recording a users’ device fingerprints, or identifiable characteristics such as screen size of their smartphone, laptop, or tablet.

Read the Complete Article
More From the U. of Washington CSE Dept:

“Reconstructing tracking behavior from the Wayback Machine is difficult because it was designed to archive web content, not tracking techniques,” Kornfeld Simpson told UW News. “We had to develop techniques to extract tracking information from the archive. For example, we collected tracking cookies from archived HTTP headers and Javascript and then simulated the browser’s cookie storage behaviors to detect tracking behavior.”
They found that activity on popular websites by third-party trackers—such as advertisers, analytics engines and social media widgets—has increased four-fold over the past two decades. Tracking has also become more complex, evolving from simple cookies and pop-up windows to more sophisticated methods.

Read the Complete Article
Resources
Tracking Excavator: Uncovering Tracking in the Web’s Past (Project Website)
Research Article: “Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016” (17 pages; PDF)
See Also: Princeton Study Mentioned Above:

• “Online Tracking: A 1-Million-Site Measurement and Analysis” (May 23, 2016)

and

• Conference Paper: “Cookies That Give You Away: The Surveillance Implications of Web Tracking” (May 23, 2015)

Filed under: Journal Articles, News, Patrons and Users