CNAME-based tracking increasingly used to bypass browsers’ anti-tracking defenses

2021-02-24 14:16

As browser-makers move to defang third-party cookies, marketers are increasingly switching to alternative tracking techniques.

In 2019, Firefox was equipped with Enhanced Tracking Protection by default, blocking known trackers, third-party tracking cookies and cryptomining scripts.

"Total Cookie Protection confines cookies to the site where they were created, which prevents tracking companies from using these cookies to track your browsing from site to site," Mozillans Tim Huang, Johann Hofmann and Arthur Edelstein explained.

Since its inception, the Chromium-based Brave browser introduced privacy/anti-tracking features such as a system for hiding privacy-harming page elements and third-party tracking ads, browser fingerprint randomization, default removal of common tracking parameters from URLs, protection against query parameter tracking, temporary removal of Google's Reporting API, CNAME-based adblocking, etc.

According to researchers Yana Dimova, Gunes Acar, Lukasz Olejnik, Wouter Joosen, and Tom Van Goethem, CNAME cloaking is a tracking evasion scheme that is not new but is rapidly gaining in popularity.

"This is the most complete auto-updating repository of actively used hidden trackers by now, consisting of more than 6000 entries. The list is to be updated on a regular basis to add new hidden trackers as they're being detected," said Andrey Meshkov, CEO of AdGuard, but warned that that this isn't a definitive solution for the CNAME-cloaked tracking problem.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/vABt3E-DI5s/

#browser #bypass #defense #tracking