Flash Cookies and Privacy

Soltani, Ashkan; Canty, Shannon; Mayo, Quentin; Thomas, Lauren; Hoofnagle, Chris Jay

doi:10.2139/ssrn.1446862

Cited by 105 publications

(104 citation statements)

References 3 publications

Supporting

Mentioning

104

Contrasting

Order By: Relevance

“…Some websites use Adobe's Flash LSO supercookies as a way to 'regenerate' normal cookies that the user has deleted, or more discretely, to link the user's previous cookie ID with a newly assigned cookie ID [12].…”

Section: Fingerprint + Ip Address As Cookie Regeneratorsmentioning

confidence: 99%

How Unique Is Your Web Browser?

Eckersley¹

2010

Lecture Notes in Computer Science

582

641

View full text Add to dashboard Cite

Abstract. We investigate the degree to which modern web browsers are subject to "device fingerprinting" via the version and configuration information that they will transmit to websites upon request. We implemented one possible fingerprinting algorithm, and collected these fingerprints from a large sample of browsers that visited our test side, panopticlick.eff.org. We observe that the distribution of our fingerprint contains at least 18.1 bits of entropy, meaning that if we pick a browser at random, at best we expect that only one in 286,777 other browsers will share its fingerprint. Among browsers that support Flash or Java, the situation is worse, with the average browser carrying at least 18.8 bits of identifying information. 94.2% of browsers with Flash or Java were unique in our sample. By observing returning visitors, we estimate how rapidly browser fingerprints might change over time. In our sample, fingerprints changed quite rapidly, but even a simple heuristic was usually able to guess when a fingerprint was an "upgraded" version of a previously observed browser's fingerprint, with 99.1% of guesses correct and a false positive rate of only 0.86%. We discuss what privacy threat browser fingerprinting poses in practice, and what countermeasures may be appropriate to prevent it. There is a tradeoff between protection against fingerprintability and certain kinds of debuggability, which in current browsers is weighted heavily against privacy. Paradoxically, anti-fingerprinting privacy technologies can be selfdefeating if they are not used by a sufficient number of people; we show that some privacy measures currently fall victim to this paradox, but others do not.

show abstract

Section: Fingerprint + Ip Address As Cookie Regeneratorsmentioning

confidence: 99%

How Unique Is Your Web Browser?

Eckersley¹

2010

Lecture Notes in Computer Science

582

641

View full text Add to dashboard Cite

show abstract

“…Today Google is the most prominent tracker, through various third-party domains, and can track users across nearly 80% of sites [27]. Web tracking has expanded from simple HTTP cookies to include more persistent tracking techniques to "respawn" or re-instantiate HTTP cookies through Flash cookies [37], cache E-Tags, and HTML5 localStorage [10]. Overall, tracking is moving from stateful to stateless techniques: device fingerprinting attempts to identify users by a combination of the device's properties [16,25].…”

Section: Related Workmentioning

confidence: 99%

I never signed up for this! Privacy implications of email tracking

Englehardt

Han

Narayanan

2018

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract:We show that the simple act of viewing emails contains privacy pitfalls for the unwary. We assembled a corpus of commercial mailing-list emails, and find a network of hundreds of third parties that track email recipients via methods such as embedded pixels. About 30% of emails leak the recipient's email address to one or more of these third parties when they are viewed. In the majority of cases, these leaks are intentional on the part of email senders, and further leaks occur if the recipient clicks links in emails. Mail servers and clients may employ a variety of defenses, but we analyze 16 servers and clients and find that they are far from comprehensive. We propose, prototype, and evaluate a new defense, namely stripping tracking tags from emails based on enhanced versions of existing web tracking protection lists.

show abstract

“…A number of papers [17,18] have also looked specifically at the efficacy and completeness of disclosures in privacy policies though, again, without regard to cross-device tracking. Finally, some researchers have looked at noncookies tracking mechanisms such as Flash Cookies [19] or digital fingerprinting [21]. Our paper focuses primarily on how often sites connect to third-party services; we do not analyze in detail what methods companies might use to keep state on user activity.…”

Section: Introductionmentioning

confidence: 99%

Cross-Device Tracking: Measurement and Disclosures

Brookman

Rouge

Alva

et al. 2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Internet advertising and analytics technology companies are increasingly trying to find ways to link behavior across the various devices consumers own. This cross-device tracking can provide a more complete view into a consumer's behavior and can be valuable for a range of purposes, including ad targeting, research, and conversion attribution. However, consumers may not be aware of how and how often their behavior is tracked across different devices. We designed this study to try to assess what information about cross-device tracking (including data flows and policy disclosures) is observable from the perspective of the end user. Our paper demonstrates how data that is routinely collected and shared online could be used by online third parties to track consumers across devices.

show abstract

Flash Cookies and Privacy

Cited by 105 publications

References 3 publications

How Unique Is Your Web Browser?

How Unique Is Your Web Browser?

I never signed up for this! Privacy implications of email tracking

Cross-Device Tracking: Measurement and Disclosures

Contact Info

Product

Resources

About