All of the top five tracking tools found on websites are from Google-owned properties.
And new, cookie-replacing methods of identifying computers, called fingerprinting, is being used by advertisers, a new study found. Fingerprinting can work by sending audio files to individual web browsers. The method identifies the PC, Princeton University explains in its research (PDF).
Princeton says its study, completed in January, is the biggest assessment of online tracking ever. The university trawled a million of the “top” websites.
Privacy concerns about tracking
Advertisers want to track users’ behavior online so that they can more accurately pitch products at them. However, privacy advocates say some methods can impact privacy. And indeed, web privacy measurement, of the kind performed by Princeton in its massive study, has “repeatedly forced companies to improve their privacy practices,” the report says. “Public pressure, press coverage and regulatory action” follow the exposure.
The problem is it’s hard to measure the privacy impacts. Princeton says its tool, called OpenWPM solves that. It functions, among other things, by supposedly improving the realism, scalability and repeatability needed for collecting the tracking data from the websites.
+ More on Network World: Browser fingerprints, and why they are so hard to erase +
The team made over 90 million requests to determine the number of third parties, which are advertisers or analytics companies. One way they’ve been able, historically, to track users is by embedding cookies in a web page. The advertisers' cookies load alongside the websites’ cookies.
One can, in fact, watch for third parties as web pages load—the domain won’t match the website’s URL in the browser status bar.
Princeton’s study found 81,000 third parties on at least two first parties—the website visited. However, “the number of third parties that a regular user will encounter on a daily basis is relatively small,” the report says. That’s because “the prevalence of third parties quickly drops off.” The study discovered that only 123 of the total 81,000 were found on more than 1 percent of sites.
All of the top five tracking tools found on websites are from Google-owned properties. Twelve of the top 20 are, too. Google owns ad-firm DoubleClick, for example.
“In fact, Google, Facebook and Twitter are the only third-party entities present on more than 10 percent of sites,” the paper says.
So, Big Internet is performing the tracking, not "Mom and Pop." That’s probably a good result for privacy because those organization are more exposed to scrutiny than smaller operators. But it’s not so positive for business competition or power distribution.
How prevalent is fingerprinting?
Princeton also researched the prevalence of fingerprinting. Canvas fingerprinting wasn’t as common on the major trackers as it has been in previous years, but it was more popular on smaller ones. The university says the reduction by the big trackers is due to its exposure of the practice in 2014.
“The public backlash following that study was effective,” it says on its website.
Canvas fingerprinting uses HTML 5’s Canvas element rather than cookies. Canvas draws a hidden graphic that’s turned into a token, which is distributed to the advertiser. Fonts can be used.
But intriguingly a new kind of fingerprinting, called AudioContext Fingerprinting, is showing up. It uses an audio signal to reveal unique browsers and computers.
It was found in only three scripts on 67 sites, however. But then—the night is young.
This article is published as part of the IDG Contributor Network. Want to Join?