An Empirical Analysis of Web Storage and Its Applications to Web Tracking-Reference-Cited by-同舟云学术

An Empirical Analysis of Web Storage and Its Applications to Web Tracking

Published:2023-10-11 Issue:1 Volume:18 Page:1-28
ISSN:1559-1131
Container-title:ACM Transactions on the Web
language:en
Short-container-title:ACM Trans. Web

Author:

Ahmad Zubair¹^ORCID,Casarin Samuele¹^ORCID,Calzavara Stefano¹^ORCID

Affiliation:

1. Università Ca’ Foscari Venezia, Italy

Abstract

In this article, we present a large-scale empirical analysis of the use of web storage in the wild.By using dynamic taint tracking at the level of JavaScript and by performing an automated classification of the detected information flows, we shed light on the key characteristics of web storage uses in the Tranco Top 10k. Our analysis shows that web storage is routinely accessed by third parties, including known web trackers, who are particularly eager to have both read and write access to persistent web storage information. We then deep dive in web tracking as a prominent case study: our analysis shows that web storage is not yet as popular as cookies for tracking purposes; however, taint tracking is useful to detect potential new trackers not included in standard filter lists. Moreover, we observe that many websites do not comply with the General Data Protection Regulation directives when it comes to their use of web storage.

Funder

SERICS

MUR National Recovery and Resilience Plan

European Union–NextGenerationEU

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications

Link

https://dl.acm.org/doi/pdf/10.1145/3623382

Reference33 articles.

1. European Parliament. 2016. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

2. HTML. n.d. Web Storage. Retrieved September 15 2023 from https://html.spec.whatwg.org/multipage/webstorage.html

3. A Survey of Dynamic Analysis and Test Generation for JavaScript

4. Adam Barth. n.d. HTTP State Management Mechanism. Retrieved September 15 2023 from https://datatracker.ietf.org/doc/html/rfc6265

5. I Know What You Did Last Summer: New Persistent Tracking Mechanisms in the Wild

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Information flow control for comparative privacy analyses;International Journal of Information Security;2024-07-14