Missed by Filter Lists: Detecting Unknown Third-Party Trackers with Invisible Pixels

[1] Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juárez, Arvind Narayanan, and Claudia Díaz. The web never forgets: Persistent tracking mechanisms in the wild. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pages 674–689, 2014.Search in Google Scholar

[2] Gunes Acar, Marc Juárez, Nick Nikiforakis, Claudia Díaz, Seda F. Gürses, Frank Piessens, and Bart Preneel. Fpdetective: dusting the web for fingerprinters. In 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS’13), pages 1129–1140, 2013.Search in Google Scholar

[3] Adblock offcial website. https://getadblock.com/.Search in Google Scholar

[4] Adblock list parser. https://github.com/scrapinghub/adblockparser.Search in Google Scholar

[5] Adblock Plus Official website. https://adblockplus.org/.Search in Google Scholar

[6] David Martin Adil Alsaid. Detecting web bugs with bugnosis: Privacy advocacy through education. In Privacy Enhancing Technologies, 2002.Search in Google Scholar

[7] Alexa official website. https://www.alexa.com/.Search in Google Scholar

[8] Google-analytics service. https://developers.google.com/analytics/devguides/collection/protocol/v1/devguide.Search in Google Scholar

[9] Mika D Ayenson, Dietrich James Wambach, Ashkan Soltani, Nathan Good, and Chris Jay Hoofnagle. Flash cookies and privacy ii: Now with html5 and etag respawning. Technical report, Available at SSRN: https://ssrn.com/abstract=1898390orhttp://dx.doi.org/10.2139/ssrn.1898390, 2011.Search in Google Scholar

[10] Muhammad Ahmad Bashir, Sajjad Arshad, Engin Kirda, William K. Robertson, and Christo Wilson. How tracking companies circumvented ad blockers using websockets. In Internet Measurement Conference 2018, pages 471–477, 2018.Search in Google Scholar

[11] Muhammad Ahmad Bashir, Sajjad Arshad, William Robertson, and Christo Wilson. Tracing Information Flows Between Ad Exchanges Using Retargeted Ads. In Proceedings of the 25th USENIX Security Symposium, 2016.Search in Google Scholar

[12] Muhammad Ahmad Bashir and Christo Wilson. Diffusion of User Tracking Data in the Online Advertising Ecosystem. In Proceedings on Privacy Enhancing Technologies (PETS 2018), 2018.Search in Google Scholar

[13] Yinzhi Cao, Song Li, and Erik Wijmans. (cross-)browser fingerprinting via os and hardware level features. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, 26 February - 1 March, 2017, 2017.Search in Google Scholar

[14] Symantec categorization service. http://sitereview.bluecoat.com/#/.Search in Google Scholar

[15] Anupam Das, Gunes Acar, Nikita Borisov, and Amogh Pradeep. The web’s sixth sense: A study of scripts accessing smartphone sensors. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15-19, 2018, 2018.Search in Google Scholar

[16] Disconnect Official website. https://disconnect.me/.Search in Google Scholar

[17] Disconnect List. https://disconnect.me/trackerprotection/blocked.Search in Google Scholar

[18] Jaromir Dobias. Privacy effects of web bugs amplified by web 2.0. In Privacy and Identity Management for Life - 6th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6/PrimeLife International Summer School, Helsingborg, Sweden, August 2-6, 2010, Revised Selected Papers, pages 244–257, 2010.Search in Google Scholar

[19] Doubleclick cookie syncing. https://developers.google.com/ad-exchange/rtb/cookie-guide.Search in Google Scholar

[20] EasyList filter lists. https://easylist.to/.Search in Google Scholar

[21] EasyPrivacy filter lists. https://easylist.to/easylist/easyprivacy.txt.Search in Google Scholar

[22] Peter Eckersley. How Unique is Your Web Browser? In Proceedings of the 10th International Conference on Privacy Enhancing Technologies, PETS’10, pages 1–18. Springer-Verlag, 2010.Search in Google Scholar

[23] Steven Englehardt, Jeffrey Han, and Arvind Narayanan. I never signed up for this! privacy implications of email tracking. In Privacy Enhancing Technologies, 2018.Search in Google Scholar

[24] Steven Englehardt and Arvind Narayanan. Online tracking: A 1-million-site measurement and analysis. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security ACM CCS, pages 1388–1401, 2016.Search in Google Scholar

[25] Steven Englehardt, Dillon Reisman, Christian Eubank, Peter Zimmerman, Jonathan Mayer, Arvind Narayanan, and Edward W. Felten. Cookies that give you away: The surveil-lance implications of web tracking. In Proceedings of WWW 2015, pages 289–299, 2015.Search in Google Scholar

[26] The new Firefox. Fast for good. https://www.mozilla.org/en-US/firefox/new/.Search in Google Scholar

[27] Ghostery Official website. https://www.ghostery.com/.Search in Google Scholar

[28] Muhammad Ikram, Hassan Jameel Asghar, Mohamed Ali Kaafar, Anirban Mahanti, and Balachandar Krishnamurthy. Towards seamless tracking-free web: Improved detection of trackers via one-class learning. In Privacy Enhancing Technologies, 2017.Search in Google Scholar

[29] Costas Iordanou, Georgios Smaragdakis, Ingmar Poese, and Nikolaos Laoutaris. Tracing cross border web tracking. In ACM Internet Measurement Conference (IMC), 2018.Search in Google Scholar

[30] Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson, and Engin Kirda. Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. In Network and Distributed System Security Symposium, NDSS, 2017.Search in Google Scholar

[31] Adam Lerner, Anna Kornfeld Simpson, Tadayoshi Kohno, and Franziska Roesner. Internet jones and the raiders of the lost trackers: An archaeological study of web tracking from 1996 to 2016. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, 2016.Search in Google Scholar

[32] Timothy Libert, Lucas Graves, and Rasmus Kleis Nielsen. Changes in third-party content on european news websites after gdpr„ 2018. https://timlibert.me/pdf/Libert_et_al-2018-Changes_in_Third-Party_Content_on_EU_News_After_GDPR.pdf.Search in Google Scholar

[33] Timothy Libert and Rasmus Kleis Nielsen. Third-party web content on eu news sites: Potential challenges and paths to privacy improvement, 2018. https://timlibert.me/pdf/Libert_Nielsen-2018-Third_Party_Content_EU_News_GDPR.pdf.Search in Google Scholar

[34] David Martin, Hailin Wu, and Adil Alsaid. Hidden surveil-lance by web sites: Web bugs in contemporary use. 2003.Search in Google Scholar

[35] Georg Merzdovnik, Markus Huber, Damjan Buhov, Nick Nikiforakis, Sebastian Neuner, Martin Schmiedecker, and Edgar Weippl. Block me if you can: A large-scale study of tracker-blocking tools. In 2nd IEEE European Symposium on Security and Privacy, Paris, France, 2017. To appear.Search in Google Scholar

[36] Steve Nichols. Big brother is watching: An update on web bugs. In SANS Institute, 2001.Search in Google Scholar

[37] Nick Nikiforakis, Alexandros Kapravelos, Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna. Cookieless monster: Exploring the ecosystem of web-based device fingerprinting. In IEEE Symposium on Security and Privacy, SP 2013, pages 541–555, 2013.Search in Google Scholar

[38] Lukasz Olejnik, Minh-Dung Tran, and Claude Castelluccia. Selling off user privacy at auction. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014, 2014.Search in Google Scholar

[39] Panagiotis Papadopoulos, Nicolas Kourtellis, and Evangelos P. Markatos. Cookie synchronization: Everything you always wanted to know but were afraid to ask. In The World Wide Web Conference, WWW 2019, San Francisco, CA, USA, May 13-17, 2019, pages 1432–1442, 2019.Search in Google Scholar

[40] Panagiotis Papadopoulos, Pablo Rodríguez Rodríguez, Nicolas Kourtellis, and Nikolaos Laoutaris. If you are not paying for it, you are the product: how much do advertisers pay to reach you? In Internet Measurement Conference, IMC, pages 142–156, 2017.Search in Google Scholar

[41] Privacy Badger Official website - Electronic Frontier Foundation. https://www.eff.org/privacybadger.Search in Google Scholar

[42] Abbas Razaghpanah, Rishab Nithyanand, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Mark Allman, Christian Kreibich, and Phillipa Gill. Apps, trackers, privacy, and regulators: A global study of the mobile tracking ecosystem. In Network and Distributed System Security Symposium, NDSS, 2018.Search in Google Scholar

[43] Franziska Roesner, Tadayoshi Kohno, and David Wetherall. Detecting and defending against third-party tracking on the web. In Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2012, pages 155–168, 2012.Search in Google Scholar

[44] Jukka Ruohonen and Ville Leppänen. Invisible pixels are dead, long live invisible pixels! In Workshop on Privacy in the Electronic Society, WPES@CCS, pages 28–32, 2018.Search in Google Scholar

[45] Same Origin Policy. https://www.w3.org/Security/wiki/Same_Origin_Policy.Search in Google Scholar

[46] Ashkan Soltani, Shannon Canty, Quentin Mayo, Lauren Thomas, and Chris Jay Hoofnagle. Flash cookies and privacy. In AAAI Spring Symposium: Intelligent Information Privacy Management, 2010.Search in Google Scholar

[47] uBlock Origin - An efficient blocker for Chromium and Fire-fox. Fast and lean. https://github.com/gorhill/uBlock.Search in Google Scholar

[48] Whois library. https://pypi.org/project/whois/.Search in Google Scholar

[49] Zhonghao Yu, Sam Macbeth, Konark Modi, and Josep M. Pujol. Tracking the trackers. In International Conference on World Wide Web, WWW, pages 121–132, 2016.Search in Google Scholar

• Proof-of-Vax: Studying User Preferences and Perception of Covid Vaccination Certificates

• AriaNN: Low-Interaction Privacy-Preserving Deep Learning via Function Secret Sharing

• Zen and the art of model adaptation: Low-utility-cost attack mitigations in collaborative machine learning

• Making the Most of Parallel Composition in Differential Privacy

• OmniCrawl: Comprehensive Measurement of Web Tracking With Real Desktop and Mobile Browsers

• Toward Uncensorable, Anonymous and Private Access Over Satoshi Blockchains

• User Perceptions of Gmail’s Confidential Mode

• The Effectiveness of Adaptation Methods in Improving User Engagement and Privacy Protection on Social Network Sites

• Multiparty Reach and Frequency Histogram: Private, Secure, and Practical

• Circuit-PSI With Linear Complexity via Relaxed Batch OPPRF

• Differentially private partition selection

• Setting the Bar Low: Are Websites Complying With the Minimum Requirements of the CCPA?

• Polaris: Transparent Succinct Zero-Knowledge Arguments for R1CS with Efficient Verifier

• MLEFlow: Learning from History to Improve Load Balancing in Tor

• From “Onion Not Found” to Guard Discovery

• (∈, δ)-Indistinguishable Mixing for Cryptocurrencies

• Masking Feedforward Neural Networks Against Power Analysis Attacks

• Forward and Backward-Secure Range-Searchable Symmetric Encryption

• Privacy-Preserving High-dimensional Data Collection with Federated Generative Autoencoder

• Personal information inference from voice recordings: User awareness and privacy concerns

• Disparate Vulnerability to Membership Inference Attacks

• Editors’ Introduction

• If You Like Me, Please Don’t “Like” Me: Inferring Vendor Bitcoin Addresses From Positive Reviews

• Privacy-preserving FairSwap: Fairness and privacy interplay

• Polymath: Low-Latency MPC via Secure Polynomial Evaluations and Its Applications

• If This Context Then That Concern: Exploring users’ concerns with IFTTT applets

• Ulixes: Facial Recognition Privacy with Adversarial Machine Learning

• SoK: Cryptographic Confidentiality of Data on Mobile Devices

• Towards Improving Code Stylometry Analysis in Underground Forums

• DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures

• How Can and Would People Protect From Online Tracking?