An Analysis of First-Party Cookie Exfiltration due to CNAME Redirections

Ren, Tongwei; Wittmany, Alexander; Carli, Lorenzo De; Davidsony, Drew

doi:10.14722/madweb.2021.23018

Cited by 3 publications

(5 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another option for a third party to set and access cookies in a first-party context is that the first party redirects requests on DNS level to another domain ("CNAME cloaking" -see Section 3.3). Previous work has shown the extend of CNAME based tracking in the wild [9,38,11]. In this work, we show that this technique is also present in the first-party cookie tracking ecosystems, and we replicate high level results of previous work to highlight the presence of this novel tracking technique.…”

Section: First-party Cookie Tracking Via Cname Cloakingsupporting

confidence: 85%

“…Our results show that CNAME cloaking is commonly used but also abused to disguise trackers, which is in line with previous work [9,38,11]. To get a better understanding of who embeds trackers that use these techniques, we analyzed the sites' rank and category in our dataset which do so.…”

Section: First-party Cookie Tracking Via Cname Cloakingsupporting

confidence: 84%

“…Dao et al also provide a first mitigation strategy for CNAME based cloaking, using machine learning [8]. Complementary to our work, Ren et al take a look at the effect of CNAME cloaking on browser cookie policies and how they propagate in the ecosystem [38]. They find that CNAME cloaking is often use to circumvent browser policies and that sensitive data is leaked by this bypass.…”

Section: Related Workmentioning

confidence: 64%

“…Previous work that analyzed the tracking ecosystem almost exclusively focused on third-party trackers from various perspectives (e.g., [1,14,13,16,15]). Other works focused on analyzed tracking attempts performed in the first party context using CNAME cloaking [9,11,38] (see Section 2). CNAME cloaking is one way to pace for a third party to place an identifier in the first-party context of a site (see Section 4.4).…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Towards Understanding First-Party Cookie Tracking in the Field

Demir¹,

Theis²,

Urban³

et al. 2022

Preprint

View full text Add to dashboard Cite

Third-party web tracking is a common, and broadly used technique on the Web. Almost every step of users' is tracked, analyzed, and later used in different use cases (e.g., online advertisement). Different defense mechanisms have emerged to counter these practices (e.g., the recent step of browser vendors to ban all third-party cookies). However, all of these countermeasures only target third-party trackers, and ignore the first party because the narrative is that such monitoring is mostly used to improve the utilized service (e.g., analytical services).In this paper, we present a large-scale measurement study that analyzes tracking performed by the first party but utilized by a third party to circumvent standard tracking preventing techniques (i.e., the first party performs the tracking in the name of the third party). We visit the top 15,000 websites to analyze first-party cookies used to track users and a technique called "DNS CNAME cloaking", which can be used by a third party to place firstparty cookies. Using this data, we show that 76% sites in our dataset effectively utilize such tracking techniques, and in a long-running analysis we show that the usage of such cookies increased by more than 50% over 2021. Furthermore, we shed light on the ecosystem utilizing first-party trackers, and find that the established trackers already use such tracking, presumably to avoid tracking blocking.

show abstract

Section: First-party Cookie Tracking Via Cname Cloakingsupporting

confidence: 85%

Section: First-party Cookie Tracking Via Cname Cloakingsupporting

confidence: 84%

Section: Related Workmentioning

confidence: 64%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Towards Understanding First-Party Cookie Tracking in the Field

Demir¹,

Theis²,

Urban³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…This technique allows trackers to share their first party cookies, because the browser is fooled into attaching cookies from the original website's subdomain rather than the third party domain it redirects to [19]. Trackers can access session cookies, even those belonging to financial institutions, this way [8,43]. In this work, we focus on redirection-based circumvention only.…”

Section: Related Workmentioning

confidence: 99%

Trackers Bounce Back: Measuring Evasion of Partitioned Storage in the Wild

Randall¹,

Snyder²,

Ukani³

et al. 2022

Preprint

View full text Add to dashboard Cite

This work presents a systematic study of navigational tracking, the latest development in the cat-and-mouse game between browsers and online trackers. Navigational tracking allows trackers to aggregate users' activities and behaviors across sites by modifying their navigation requests. This technique is particularly important because it circumvents the increasing efforts by browsers to partition or block third-party storage, which was previously necessary for most cross-website tracking. While previous work has studied specific navigational tracking techniques (i.e. "bounce tracking"), our work is the first effort to systematically study and measure the entire category of navigational tracking techniques. We describe and measure the frequency of two different navigational tracking techniques on the Web, and find that navigational tracking is present on slightly more than ten percent of all navigations that we made. Our contributions include identifying 214 domains belonging to at least 104 organizations tracking users across sites through link decoration techniques using direct or indirect navigation flows. We identify a further 23 domains belonging to at least 16 organizations tracking users through bounce tracking (i.e. bouncing users through unrelated third parties to generate user profiles). We also improve on prior techniques for differenting user identifiers from non-sensitive information, which is necessary to detect one class of navigational tracking. We discuss how our findings can used to protect users from navigational tracking, and commit to releasing both our complete dataset and our measurement pipeline.

show abstract