Journey to the Center of the Cookie Ecosystem: Unraveling Actors' Roles and Relationships

2021 IEEE Symposium on Security and Privacy (SP) Pub Date : 2021-05-01 DOI:10.1109/SP40001.2021.9796062

Iskander Sánchez-Rola, Matteo Dell'Amico, D. Balzarotti, Pierre-Antoine Vervier, Leyla Bilge

{"title":"Journey to the Center of the Cookie Ecosystem: Unraveling Actors' Roles and Relationships","authors":"Iskander Sánchez-Rola, Matteo Dell'Amico, D. Balzarotti, Pierre-Antoine Vervier, Leyla Bilge","doi":"10.1109/SP40001.2021.9796062","DOIUrl":null,"url":null,"abstract":"Web pages have been steadily increasing in complexity over time, including code snippets from several distinct origins and organizations. While this may be a known phenomenon, its implications on the panorama of cookie tracking received little attention until now. Our study focuses on filling this gap, through the analysis of crawl results that are both large-scale and fine-grained, encompassing the whole set of events that lead to the creation and sharing of around 138 million cookies from crawling more than 6 million webpages. Our analysis lets us paint a highly detailed picture of the cookie ecosystem, discovering an intricate network of connections between players that reciprocally exchange information and include each other's content in web pages whose owners may not even be aware. We discover that, in most webpages, tracking cookies are set and shared by organizations at the end of complex chains that involve several middlemen. We also study the impact of cookie ghostwriting, i.e., a common practice where an entity creates cookies in the name of another party, or the webpage. We attribute and define a set of roles in the cookie ecosystem, related to cookie creation and sharing. We see that organizations can and do follow different patterns, including behaviors that previous studies could not uncover: for example, many cookie ghostwriters send cookies they create to themselves, which makes them able to perform cross-site tracking even for users that deleted third-party cookies in their browsers. While some organizations concentrate the flow of information on themselves, others behave as dispatchers, allowing other organizations to perform tracking on the pages that include their content.","PeriodicalId":6786,"journal":{"name":"2021 IEEE Symposium on Security and Privacy (SP)","volume":"223 1","pages":"1990-2004"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"22","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP40001.2021.9796062","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 22

Abstract

Web pages have been steadily increasing in complexity over time, including code snippets from several distinct origins and organizations. While this may be a known phenomenon, its implications on the panorama of cookie tracking received little attention until now. Our study focuses on filling this gap, through the analysis of crawl results that are both large-scale and fine-grained, encompassing the whole set of events that lead to the creation and sharing of around 138 million cookies from crawling more than 6 million webpages. Our analysis lets us paint a highly detailed picture of the cookie ecosystem, discovering an intricate network of connections between players that reciprocally exchange information and include each other's content in web pages whose owners may not even be aware. We discover that, in most webpages, tracking cookies are set and shared by organizations at the end of complex chains that involve several middlemen. We also study the impact of cookie ghostwriting, i.e., a common practice where an entity creates cookies in the name of another party, or the webpage. We attribute and define a set of roles in the cookie ecosystem, related to cookie creation and sharing. We see that organizations can and do follow different patterns, including behaviors that previous studies could not uncover: for example, many cookie ghostwriters send cookies they create to themselves, which makes them able to perform cross-site tracking even for users that deleted third-party cookies in their browsers. While some organizations concentrate the flow of information on themselves, others behave as dispatchers, allowing other organizations to perform tracking on the pages that include their content.

查看原文本刊更多论文

饼干生态系统的中心之旅:解开演员的角色和关系

随着时间的推移，Web页面的复杂性一直在稳步增长，包括来自几个不同来源和组织的代码片段。虽然这可能是一种已知的现象，但直到现在，它对cookie跟踪全景的影响还很少受到关注。我们的研究重点是填补这一空白，通过分析大规模和细粒度的抓取结果，包括从抓取超过600万个网页中产生和共享约1.38亿个cookie的整个事件集。我们的分析让我们描绘了一幅非常详细的cookie生态系统的画面，发现了玩家之间相互交换信息的复杂连接网络，并将彼此的内容包含在所有者甚至不知道的网页中。我们发现，在大多数网页中，跟踪cookie是由位于涉及多个中间商的复杂链末端的组织设置和共享的。我们还研究了cookie代写的影响，即一个实体以另一方或网页的名义创建cookie的常见做法。我们在cookie生态系统中定义了一系列与cookie创建和共享相关的角色。我们发现组织可以并且确实遵循不同的模式，包括以前的研究无法揭示的行为:例如，许多cookie代笔者将他们自己创建的cookie发送给自己，这使得他们能够执行跨站点跟踪，甚至对于在浏览器中删除第三方cookie的用户。虽然一些组织将信息流集中在自己身上，但其他组织充当调度员，允许其他组织在包含其内容的页面上执行跟踪。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE Symposium on Security and Privacy (SP)

自引率

0.00%

发文量