Online trackers have learned to bypass ban on tracing Internet users

Online Trackers Bypass Ban
Written by Valdis Koks

Creators of the uBlock Origin banner blocker have discovered a new technique, with the help of which online trackers can bypass the ban on tracing Internet users.

The method is based on the manipulation of DNS queries and allows the online tracker to integrate into the exchange of data between the site and the client.

Researchers described this technology in 2010 and 2014. Its essence is to mask the tracker as one of the elements of the site accessed by the browser.

For this, the site creator allocates a special subdomain, and the script developer binds it to a third-party server through the DNS CNAME record. It allows using the main cookie to collect data on visits to all sites within the specified domain”, – say uBlock Origin developers.

By driving traffic through data collection service, marketers and web analytics can create user profiles, even if the latter disabled such tracking. For the browser, this intermediate step looks like the legitimate part of loading the target site. Therefore, blocking third-party scripts, which has recently been turned on by default in Firefox and Safari, in this case would not work.

As the experts found out, currently several Internet companies are simultaneously promoting their analytical solutions as an opportunity to circumvent the bans of developers and users.

Read also: Unsuccessful Google experiment “broke” Chrome in companies around the world

Experts see such actions as a direct violation of the European GDPR regulation, which obliges Internet sites to inform visitors about the tracking of their actions.

In a commentary to The Register reporters, Augustine Fou, an expert on ad technology, said that as creators of the script-trackers emphasize the inability to track the activity of their products, this activity is clearly illegal.

This is not an accidental error, but an exploit”, — the researcher emphasized. — “The developers of such scripts take hidden and sequential actions to issue third-party cookies for the file of the main site. As a result, they ignore the legal restrictions and wishes of the users themselves.”

The developers proposed a method by which users can block such activity. The technology works only in Firefox – there is an API in the browser that can detect manipulations with CNAME.

Chrome does not support such actions. In addition, Google representatives previously stated that they did not intend to deny advertisers the opportunity to monitor the activity of the audience. At the same time, corporation experts are working to ensure that users see only the ads they need and can block unwanted banners.

Earlier, experts warned Android users about the threat of free applications. As the experts found out, such utilities often transmit private data through insecure channels and sell information to third parties.

About the author

Valdis Koks

Security engineer, reverse engineering and memory forensics

Leave a Comment