The CNAME of the Game: Large-scale Analysis of DNS-based Tracking Evasion
| Autor: | Wouter Joosen, Yana Dimova, Tom Van Goethem, Lukasz Olejnik, Gunes Acar |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2021 |
| Předmět: |
FOS: Computer and information sciences
Scheme (programming language) Computer Science - Cryptography and Security BitTorrent tracker Computer science Evasion (network security) Context (language use) 02 engineering and technology Computer security computer.software_genre evasion 03 medical and health sciences cname 0202 electrical engineering electronic engineering information engineering CNAME record 030304 developmental biology General Environmental Science computer.programming_language Block (data storage) Hostname Ethics 0303 health sciences QA75.5-76.95 tracking BJ1-1725 Information sensitivity Electronic computers. Computer science General Earth and Planetary Sciences 020201 artificial intelligence & image processing Cryptography and Security (cs.CR) computer |
| Zdroj: | Proceedings on Privacy Enhancing Technologies, Vol 2021, Iss 3, Pp 394-412 (2021) |
| Popis: | Online tracking is a whack-a-mole game between trackers who build and monetize behavioral user profiles through intrusive data collection, and anti-tracking mechanisms, deployed as a browser extension, built-in to the browser, or as a DNS resolver. As a response to pervasive and opaque online tracking, more and more users adopt anti-tracking tools to preserve their privacy. Consequently, as the information that trackers can gather on users is being curbed, some trackers are looking for ways to evade these tracking countermeasures. In this paper we report on a large-scale longitudinal evaluation of an anti-tracking evasion scheme that leverages CNAME records to include tracker resources in a same-site context, effectively bypassing anti-tracking measures that use fixed hostname-based block lists. Using historical HTTP Archive data we find that this tracking scheme is rapidly gaining traction, especially among high-traffic websites. Furthermore, we report on several privacy and security issues inherent to the technical setup of CNAME-based tracking that we detected through a combination of automated and manual analyses. We find that some trackers are using the technique against the Safari browser, which is known to include strict anti-tracking configurations. Our findings show that websites using CNAME trackers must take extra precautions to avoid leaking sensitive information to third parties. To be published in PETS 2021. 21 pages, 7 figures |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|