In this paper, the authors have tried to measure the effectiveness of third-party tracker blockers. First, they analyzed the architecture of different blocking solutions and then discuss the pros and cons of each method. The analysis also measures the protection offered against trackers present on more than 100,000 popular websites and 10,000 popular Android applications. In the world of internet, it is common for a website and mobile application to use the third party for various services such as advertisements, analytics, social integration widgets, and CDN-residing versions of popular JavaScript libraries. While there are several benefits to the website and app developers, this is linked with increased user tracking.
Web-based tracking includes two most commonly used methods: Stateful web tracking and stateless web tracking. Stateful web tracking makes use of persistent cookies i.e. the cookies which are unique across websites and unique identifiers which are stored in different locations. Stateless web tracking includes device specific information and user-specific configuration to uniquely identify the users. Mobile-based tracking involves phone’s immutable UDID to identify the users. Since 2013, this UDID has been replaced by advertisement IDs by phone makers which can be reset by the users, the trackers can still collect device IMEI and Wifi interface for tracking.
There are various tracker blocking methods which are currently available. DNS blocking uses address-based blacklists in order to block certain domains. But it has the limitation that it can block entire (sub)domain but not individual URIs. Interception proxies can intercept and modify the web traffic. But they cannot modify the encrypted TLS traffic. There are several browser extensions like AdBlocker and Ghostery that can reliably detect any third party content and modify the DOM loaded by the web browsers including encrypted traffic.
As per the results, rule-based browser extensions outperform learning-based ones, trackers with smaller footprints are more successful at avoiding being blocked, and CDNs pose a major threat towards the future of tracker-blocking tools. There are several limitations to this paper as well. First, the results only provide the lower bounds as it is not possible to obtain the registration accounts for thousands of websites. Also, the analysis of PrivacyBadger was done only on the top 1000 websites, which is quite small.
Link to the paper: https://www.sba-research.org/wp-content/uploads/publications/block_me_if_you_can.pdf
Rishabh Jain's Corner 