Skip to main content

2023 | OriginalPaper | Buchkapitel

Exploring the Cookieverse: A Multi-Perspective Analysis of Web Cookies

verfasst von : Ali Rasaii, Shivani Singh, Devashish Gosain, Oliver Gasser

Erschienen in: Passive and Active Measurement

Verlag: Springer Nature Switzerland

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Web cookies have been the subject of many research studies over the last few years. However, most existing research does not consider multiple crucial perspectives that can influence the cookie landscape, such as the client’s location, the impact of cookie banner interaction, and from which operating system a website is being visited. In this paper, we conduct a comprehensive measurement study to analyze the cookie landscape for Tranco top-10k websites from different geographic locations and analyze multiple different perspectives. One important factor which influences cookies is the use of cookie banners. We develop a tool, BannerClick, to automatically detect, accept, and reject cookie banners with an accuracy of 99%, 97%, and 87%, respectively. We find banners to be 56% more prevalent when visiting websites from within the EU region. Moreover, we analyze the effect of banner interaction on different types of cookies (i.e., first-party, third-party, and tracking). For instance, we observe that websites send, on average, \(5.5\times \) more third-party cookies after clicking “accept”, underlining that it is critical to interact with banners when performing Web measurements. Additionally, we analyze statistical consistency, evaluate the widespread deployment of consent management platforms, compare landing to inner pages, and assess the impact of visiting a website on a desktop compared to a mobile phone. Our study highlights that all of these factors substantially impact the cookie landscape, and thus a multi-perspective approach should be taken when performing Web measurement studies.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
We take extra precautions to filter out unlikely banner elements. For instance, if an element has a word from our corpus, but the element is set as invisible, we discard the element (as the banner should be visible to the user). See Appendix A for details.
 
2
One can simply detect the \(\texttt {<button>}\) tags and search for words inside them. However, we observe that banner buttons are not always implemented in this manner. Instead, many websites use other types of tags like \(\texttt {<input>}\) or \(\texttt {<div>}\) to implement buttons.
 
3
Some websites show banners that do not overtly show the “accept” option. For instance banner on bitly.com, just states that “By continuing to use this site you are giving us your consent to do this”.
 
4
Selenium timeout indicates the duration that Selenium waits for a website to be loaded by the browser.
 
5
OpenWPM timeout forces the current website crawl to stop upon expiration. That is useful, as Selenium freezes during the loading of some websites (e.g., bet365.com).
 
6
The slightly lower number of rejects in Sweden compared to Germany is due to a lack of Swedish reject-related words in our corpus.
 
7
The MWU test is a statistical post hoc test, i.e., it allows to find differences in the cookie distribution between all pairs of VP locations. Our setup fulfills the MWU assumptions, i.e., all test samples from both groups are independent of each other, the samples are ordinal. The distributions of both populations are identical under \(H_0\) and not identical under \(H_1\).
 
8
Desktop: “Mozilla/5.0 (X11; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0”; mobile: “Mozilla/5.0 (Android 12; Mobile; rv:68.0) Gecko/68.0 Firefox/93.0”.
 
9
Desktop: 1366\(\,\times \,\)768; mobile: 340\(\,\times \,\)695.
 
10
In some cases this also changes the URL, e.g., by prepending m. or mobile. to the domain name.
 
11
We use 8 different phrases for searching DNSMPI hyperlinks (e.g., “do not sell my info”) as suggested by Van Nortwick et al. [78].
 
12
These are cookies that are managed by Web trackers to identify users and are clearly subject to explicit consent according to the GDPR.
 
13
cld3 at its core uses neural networks to detect the language of any given document. We manually select 20 websites belonging to 10 different languages (i.e., two websites for each language). We identify the language of these websites using cld3 library and find it to be 100% accurate.
 
Literatur
1.
Zurück zum Zitat Acar, G., et al.: The web never forgets: Persistent tracking mechanisms in the wild. In: CCS 2014 Acar, G., et al.: The web never forgets: Persistent tracking mechanisms in the wild. In: CCS 2014
2.
Zurück zum Zitat Acar, G., et al.: FPDetective: dusting the web for fingerprinters. In: CCS 2013 Acar, G., et al.: FPDetective: dusting the web for fingerprinters. In: CCS 2013
3.
Zurück zum Zitat Aqeel, W., et al.: on landing and internal web pages: the strange case of Jekyll and Hyde in web performance measurement. In: IMC 2020 Aqeel, W., et al.: on landing and internal web pages: the strange case of Jekyll and Hyde in web performance measurement. In: IMC 2020
4.
Zurück zum Zitat Bangera, P., Gorinsky, S.: Ads versus regular contents: dissecting the web hosting ecosystem. In: IFIP Networking 2017 Bangera, P., Gorinsky, S.: Ads versus regular contents: dissecting the web hosting ecosystem. In: IFIP Networking 2017
6.
Zurück zum Zitat Cahn, A., et al.: An empirical study of web cookies. In: WWW (2016) Cahn, A., et al.: An empirical study of web cookies. In: WWW (2016)
9.
Zurück zum Zitat Chen, R., et al.: Fighting the fog: evaluating the clarity of privacy disclosures in the age of CCPA. In: WPES 2021 Chen, R., et al.: Fighting the fog: evaluating the clarity of privacy disclosures in the age of CCPA. In: WPES 2021
13.
Zurück zum Zitat Dabrowski, A., et al.: Measuring cookies and web privacy in a post-GDPR world. In: PAM 2019 Dabrowski, A., et al.: Measuring cookies and web privacy in a post-GDPR world. In: PAM 2019
14.
Zurück zum Zitat Degeling, M., et al.: We value your privacy... now take some cookies: measuring the GDPR’s impact on web privacy. In: NDSS 2019 Degeling, M., et al.: We value your privacy... now take some cookies: measuring the GDPR’s impact on web privacy. In: NDSS 2019
16.
Zurück zum Zitat Durumeric, Z., et al.: ZMap: fast internet-wide scanning and its security applications. In: USENIX Security 2013 Durumeric, Z., et al.: ZMap: fast internet-wide scanning and its security applications. In: USENIX Security 2013
17.
Zurück zum Zitat Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: CCS 2016 Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: CCS 2016
18.
Zurück zum Zitat Englehardt, S., et al.: Cookies that give you away: The surveillance implications of web tracking. In: WWW 2015 Englehardt, S., et al.: Cookies that give you away: The surveillance implications of web tracking. In: WWW 2015
21.
Zurück zum Zitat Falahrastegar, M., et al.: The rise of panopticons: examining region-specific third-party web tracking. In: TMA 2014 Falahrastegar, M., et al.: The rise of panopticons: examining region-specific third-party web tracking. In: TMA 2014
22.
Zurück zum Zitat Felt, A.P., et al.: Measuring HTTPS adoption on the web. In: USENIX Security 2017 Felt, A.P., et al.: Measuring HTTPS adoption on the web. In: USENIX Security 2017
26.
Zurück zum Zitat Gonzalez, R., et al.: The cookie recipe: untangling the use of cookies in the wild. In: TMA (2017) Gonzalez, R., et al.: The cookie recipe: untangling the use of cookies in the wild. In: TMA (2017)
28.
Zurück zum Zitat Götze, M., et al.: Measuring web cookies in governmental websites. In: WebSci (2022) Götze, M., et al.: Measuring web cookies in governmental websites. In: WebSci (2022)
29.
Zurück zum Zitat Hils, M., et al.: Measuring the emergence of consent management on the web. In: IMC (2020) Hils, M., et al.: Measuring the emergence of consent management on the web. In: IMC (2020)
30.
Zurück zum Zitat Holm, S.: A simple sequentially rejective multiple test procedure. Scand. J. Statist. 6, 65–70 (1979) Holm, S.: A simple sequentially rejective multiple test procedure. Scand. J. Statist. 6, 65–70 (1979)
34.
Zurück zum Zitat Iordanou, C., et al.: Tracing cross border web tracking. In: IMC (2018) Iordanou, C., et al.: Tracing cross border web tracking. In: IMC (2018)
35.
Zurück zum Zitat Jha, N., et al.: The internet with privacy policies: measuring the web upon consent. TWEB 16(3), 1–24 (2021) Jha, N., et al.: The internet with privacy policies: measuring the web upon consent. TWEB 16(3), 1–24 (2021)
40.
Zurück zum Zitat Kretschmer, M., et al.: Cookie banners and privacy policies: measuring the impact of the gdpr on the web. TWEB 15(4) Kretschmer, M., et al.: Cookie banners and privacy policies: measuring the impact of the gdpr on the web. TWEB 15(4)
41.
Zurück zum Zitat Laperdrix, P., et al.: Browser fingerprinting: a survey. TWEB 14(2), 1–33 (2020) Laperdrix, P., et al.: Browser fingerprinting: a survey. TWEB 14(2), 1–33 (2020)
42.
Zurück zum Zitat Le Pochat, V., et al.: Tranco: a research-oriented top sites ranking hardened against manipulation. In: NDSS (2019) Le Pochat, V., et al.: Tranco: a research-oriented top sites ranking hardened against manipulation. In: NDSS (2019)
43.
Zurück zum Zitat Lerner, A., et al.: Internet jones and the raiders of the lost trackers: an archaeological study of web tracking from 1996 to 2016. In: USENIX Security (2016) Lerner, A., et al.: Internet jones and the raiders of the lost trackers: an archaeological study of web tracking from 1996 to 2016. In: USENIX Security (2016)
44.
Zurück zum Zitat Li, T.C., et al.: Trackadvisor: taking back browsing privacy from third-party trackers. In: PAM (2015) Li, T.C., et al.: Trackadvisor: taking back browsing privacy from third-party trackers. In: PAM (2015)
45.
Zurück zum Zitat Linden, T., et al.: The privacy policy landscape after the GDPR. PoPETS (2020) Linden, T., et al.: The privacy policy landscape after the GDPR. PoPETS (2020)
47.
Zurück zum Zitat Mann, H.B., Whitney, D.R.: On a test of whether one of two random variables is stochastically larger than the other. Annal. Math. Stat. 18(1), 50–60 (1947) Mann, H.B., Whitney, D.R.: On a test of whether one of two random variables is stochastically larger than the other. Annal. Math. Stat. 18(1), 50–60 (1947)
48.
Zurück zum Zitat Matte, C., et al.: Do cookie banners respect my choice? measuring legal compliance of banners from IAB Europe’s transparency and consent framework. In: S &P (2020) Matte, C., et al.: Do cookie banners respect my choice? measuring legal compliance of banners from IAB Europe’s transparency and consent framework. In: S &P (2020)
53.
Zurück zum Zitat O’Connor, S., et al.: (Un) clear and (In) conspicuous: the right to opt-out of sale under CCPA. In: WPES (2021) O’Connor, S., et al.: (Un) clear and (In) conspicuous: the right to opt-out of sale under CCPA. In: WPES (2021)
56.
Zurück zum Zitat Partridge, C., Allman, M.: Ethical considerations in network measurement papers. CACM 59(10), 58–64 (2016) Partridge, C., Allman, M.: Ethical considerations in network measurement papers. CACM 59(10), 58–64 (2016)
59.
Zurück zum Zitat Razaghpanah, A., et al.: Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem. In: NDSS (2018) Razaghpanah, A., et al.: Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem. In: NDSS (2018)
61.
Zurück zum Zitat Sanchez-Rola, I., et al.: Can i opt out yet? GDPR and the global illusion of cookie control. In: CCS (2019) Sanchez-Rola, I., et al.: Can i opt out yet? GDPR and the global illusion of cookie control. In: CCS (2019)
62.
Zurück zum Zitat Santos, C., et al.: Cookie banners, what’s the purpose? analyzing cookie banner text through a legal lens. In: WPES 2021 (2021) Santos, C., et al.: Cookie banners, what’s the purpose? analyzing cookie banner text through a legal lens. In: WPES 2021 (2021)
63.
Zurück zum Zitat Scheitle, Q., et al.: A long way to the top: significance, structure, and stability of internet top lists. In: IMC (2018) Scheitle, Q., et al.: A long way to the top: significance, structure, and stability of internet top lists. In: IMC (2018)
64.
Zurück zum Zitat Schelter, S., Kunegis, J.: Tracking the trackers: a large-scale analysis of embedded web trackers. In: ICWSM (2016) Schelter, S., Kunegis, J.: Tracking the trackers: a large-scale analysis of embedded web trackers. In: ICWSM (2016)
65.
Zurück zum Zitat Schreiber, A.: Right to privacy and personal data protection in Brazilian law. In: Data Protection in the Internet (2020) Schreiber, A.: Right to privacy and personal data protection in Brazilian law. In: Data Protection in the Internet (2020)
68.
Zurück zum Zitat Soe, T.H., et al.: Circumvention by design-dark patterns in cookie consent for online news outlets. In: NordiCHI (2020) Soe, T.H., et al.: Circumvention by design-dark patterns in cookie consent for online news outlets. In: NordiCHI (2020)
69.
Zurück zum Zitat Sørensen, J., Kosta, S.: Before and after GDPR: the changes in third party presence at public and private European websites. In: WWW (2019) Sørensen, J., Kosta, S.: Before and after GDPR: the changes in third party presence at public and private European websites. In: WWW (2019)
74.
Zurück zum Zitat Trevisan, M., et al.: 4 years of EU cookie law: results and lessons learned. PoPETS 2019 Trevisan, M., et al.: 4 years of EU cookie law: results and lessons learned. PoPETS 2019
76.
Zurück zum Zitat Utz, C., et al.: (un) informed consent: Studying GDPR consent notices in the field. In: CCS (2019) Utz, C., et al.: (un) informed consent: Studying GDPR consent notices in the field. In: CCS (2019)
78.
Zurück zum Zitat Van Nortwick, M., Wilson, C.: Setting the bar low: are websites complying with the minimum requirements of the CCPA? In: PoPETS 2022 Van Nortwick, M., Wilson, C.: Setting the bar low: are websites complying with the minimum requirements of the CCPA? In: PoPETS 2022
81.
Zurück zum Zitat Yang, Z., Yue, C.: A comparative measurement study of web tracking on mobile and desktop environments. In: PoPETS (2020) Yang, Z., Yue, C.: A comparative measurement study of web tracking on mobile and desktop environments. In: PoPETS (2020)
82.
Zurück zum Zitat Zirngibl, J., et al.: It’s over 9000: analyzing early QUIC deployments with the standardization on the horizon. In: IMC (2021) Zirngibl, J., et al.: It’s over 9000: analyzing early QUIC deployments with the standardization on the horizon. In: IMC (2021)
Metadaten
Titel
Exploring the Cookieverse: A Multi-Perspective Analysis of Web Cookies
verfasst von
Ali Rasaii
Shivani Singh
Devashish Gosain
Oliver Gasser
Copyright-Jahr
2023
DOI
https://doi.org/10.1007/978-3-031-28486-1_26

Premium Partner