Friday, 11th April 2014
Cookies that give you away: Evaluating the surveillance implications of web tracking
Source: Center for Information Technology Policy, Princeton University
From Freedom to Tinker blog entry:
Over the past three months we’ve learnt that NSA uses third-party tracking cookies for surveillance. These cookies, provided by a third-party advertising or analytics network (e.g. doubleclick.com, scorecardresearch.com), are ubiquitous on the web, and tag users’ browsers with unique pseudonymous IDs. In a new paper, we study just how big a privacy problem this is. We quantify what an observer can learn about a user’s web traffic by purely passively eavesdropping on the network, and arrive at surprising answers.
At first sight it doesn’t seem possible that eavesdropping alone can reveal much. First the eavesdropper on the Internet backbone sees millions of HTTP requests and responses. How can he associate the third-party HTTP request containing a user’s cookie with request to the first-party web page that the browser visited, which doesn’t contain the cookie? Second, how can visits to different first parties be linked to each other? And finally, even if all the web traffic for a single user can be linked together, how can the adversary go from a set pseudonymous cookies to the user’s real-world identity?
+ Direct link to paper (PDF; 993 KB)
+ Blog entry
Having begun his career in academic libraries, Adrian Janes has subsequently worked extensively in public libraries, chiefly in enquiry work as an Information Services librarian. In this role he has had particular responsibility for information from both the UK Government and the European Union. He wrote a detailed report on sources for the latter which was published by FreePint in 2007, and has contributed articles to FreePint and ResourceShelf. He is involved in training in information literacy and the use of online reference resources.
A Contributing Editor to DocuTicker, he also write reviews for Pennyblackmusic.
More articles by Adrian Janes »
Please note: DocuTicker's editors collect citations for full-text PDF reports freely available on the web but we do not archive these reports. When you click a link to find and/or download the report, you are leaving the DocuTicker site. DocuTicker makes no representations regarding the ongoing availability of any report or any external resource. Links were accurate as of the date of posting.