Measuring UID smuggling in the wild

“…This was initially possible because browsers had a common cookie storage containing all cookies, and trackers could read their corresponding cookies regardless of which first-party website allowed the tracker cookie to be set (see Figure 1). However, several browsers, such as Safari, Firefox, and Brave, have implemented partitioned storage to prevent using cookies for cross-site tracking [33]. These browsers use a partitioned cookies storage with a hierarchical namespace where a tracker accesses a different storage area on each website that loads it, preventing trackers from matching or assigning the same identifiers to users across multiple websites.…”

“…(3) If the redirector also sets third-party cookies on websites A and B, it will not be able to link the activity of the user on website A with the activity of the user on website B, and with the activity of the user that goes through its own site (through redirects) since they do not share the same user ID [33]. Hence, while bounce tracking allows to a certain degree, cross-site tracking, it does not have the same coverage as the traditional (and soon-to-be obsolete) third-party cookie tracking.…”

“…UID smuggling is more powerful than bounce tracking. Trackers using UID smuggling regain the ability to share UIDs across websites with different domains and can circumvent restrictions from partitioned cookie storage spaces [33]. For example, they can link the user's visits to the website A with the user's visits to website B and the user's activity that goes through its site (through redirects) since they can all be linked to the same user ID.…”

“…Puppeteer allows us to record cookies and local storage for each request. However, it does not guarantee that it can attach request handlers to a web page before it sends any requests [33]. Hence, detecting and collecting web requests only using Puppeteer might cause losing some of them.…”

“…Furthermore, we find that all search engines in our study engage in navigation-based tracking. Navigation-based tracking refers to tracking techniques that are redirecting users through one or more redirectors when navigating from one website to another in order to share user information across sites [33]. Navigation-based tracking does not require third-party cookies and can be used to circumvent browsers' privacy protections from cross-site tracking using partitioned cookies storage.…”

Understanding the Privacy Risks of Popular Search Engine Advertising Systems

“…This was initially possible because browsers had a common cookie storage containing all cookies, and trackers could read their corresponding cookies regardless of which first-party website allowed the tracker cookie to be set (see Figure 1). However, several browsers, such as Safari, Firefox, and Brave, have implemented partitioned storage to prevent using cookies for cross-site tracking [33]. These browsers use a partitioned cookies storage with a hierarchical namespace where a tracker accesses a different storage area on each website that loads it, preventing trackers from matching or assigning the same identifiers to users across multiple websites.…”

“…(3) If the redirector also sets third-party cookies on websites A and B, it will not be able to link the activity of the user on website A with the activity of the user on website B, and with the activity of the user that goes through its own site (through redirects) since they do not share the same user ID [33]. Hence, while bounce tracking allows to a certain degree, cross-site tracking, it does not have the same coverage as the traditional (and soon-to-be obsolete) third-party cookie tracking.…”

“…UID smuggling is more powerful than bounce tracking. Trackers using UID smuggling regain the ability to share UIDs across websites with different domains and can circumvent restrictions from partitioned cookie storage spaces [33]. For example, they can link the user's visits to the website A with the user's visits to website B and the user's activity that goes through its site (through redirects) since they can all be linked to the same user ID.…”

“…Puppeteer allows us to record cookies and local storage for each request. However, it does not guarantee that it can attach request handlers to a web page before it sends any requests [33]. Hence, detecting and collecting web requests only using Puppeteer might cause losing some of them.…”

“…Furthermore, we find that all search engines in our study engage in navigation-based tracking. Navigation-based tracking refers to tracking techniques that are redirecting users through one or more redirectors when navigating from one website to another in order to share user information across sites [33]. Navigation-based tracking does not require third-party cookies and can be used to circumvent browsers' privacy protections from cross-site tracking using partitioned cookies storage.…”

Understanding the Privacy Risks of Popular Search Engine Advertising Systems

Information flow control for comparative privacy analyses

Undefined-oriented Programming: Detecting and Chaining Prototype Pollution Gadgets in Node.js Template Engines for Malicious Consequences