| Title | : | Exploring the Cookieverse: A Multi-Perspective Analysis of Web Cookies |
| Speaker | : | Devashish Gosain (Ph.D., IIIT Delhi in Network Security) |
| Details | : | Tue, 19 Sep, 2023 4:00 PM @ MR1 (SSB 233) |
| Abstract: | : | Web cookies serve various purposes, like keeping the user logged in or storing a user's preferences for multiple visits to the same website. However, besides their originally intended use, cookies have been exploited for commercial activities like user tracking and targeted advertisement. Thus, web cookies have been extensively studied over the last few years. However, most existing research does not consider multiple crucial perspectives that can influence the cookie landscape and may lead to incorrect inferences. These perspectives include the client's location and operating system, landing vs. inner web pages, desktop vs. mobile phone, and cookie banner interaction. In this talk, I will present the challenges in analyzing the cookie landscape due to these perspectives and elaborate on the methods we use to study them through our measurement research. Our research demonstrates that "cookie banners" (or cookie notices) are one of the most crucial factors influencing the cookie ecosystem. They are essentially alert messages on the website allowing users to "accept" or "reject" cookies. Thus, we developed the first tool, BannerClick, to automatically detect, accept, and reject cookie banners with an accuracy of 99%. By using BannerClick on the Tranco top-10k websites from different geographic locations, we observe that websites send, on average, 5.5x more third-party cookies after clicking "accept," underlining that it is critical to interact with banners when performing Web measurement. Interestingly, we also found that a new form of paywall-like cookie banner has taken hold on the Web, allowing users to either accept cookies (and consequently user tracking) or buy a paid subscription for a tracking-free website experience. Thus, we performed the first completely automated analysis of cookiewalls, i.e., cookie banners acting as a paywall. We find cookiewalls on 0.6% of all queried 45k websites. Moreover, cookiewalls are deployed to a large extent on European websites, e.g., for Germany, we see cookiewalls on 8.5% of the top 1k websites. |
