Security News > 2021 > February > Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy.
In other words, CNAME cloaking makes tracking code look like it's first-party when in fact, it is not, with the resource resolving through a CNAME that differs from that of the first party domain.
Perhaps the most troubling of the revelations is that cookie data leaks were found on 7,377 sites out of the 7,797 sites that used CNAME tracking, all of which sent cookies containing private information such as full names, locations, email addresses, and even authentication cookies to trackers of other domains without the user's explicit affirmation.
With many CNAME trackers included over HTTP as opposed to HTTPS, the researchers also raise the possibility that a request sending analytics data to the tracker could be intercepted by a malicious adversary in what's a man-in-the-middle attack.
While Firefox doesn't ban CNAME cloaking out of the box, users can download an add-on like uBlock Origin to block such sneaky first-party trackers.
"The emerging CNAME tracking technique evades anti-tracking measures," Olejnik said.