π€ AI Summary
This study addresses the growing prevalence of covert first-party and server-side web tracking mechanisms, which evade conventional client-side detection approaches. Conducting the first large-scale measurement across mainstream websites, this work proposes a provider-agnostic identification methodology that integrates script similarity clustering, network graph modeling, and request behavior analysis to systematically characterize the ecosystem of such tracking practices. The findings reveal that over 54% of websites employ these techniques, with dominant vendors orchestrating a highly interconnected tracking infrastructure. Leveraging these insights, the authors derive blocking rules that intercept 63% more tracking requests than existing filter lists, substantially enhancing defensive efficacy against modern tracking threats.
π Abstract
Web user tracking has always been a cat-and-mouse game between privacy-conscious users and trackers. Recently, this conflict has driven a shift from third-party tracking toward first-party tracking (FPT) and server-side tracking (SST). By relocating tracking logic to the browser's first-party context or the website's backend, these mechanisms obscure data flows and render traditional client-side detection tools increasingly ineffective. Despite the growing adoption of these techniques, our understanding of their deployment at scale remains limited, and generalized protection mechanisms are lacking.
In this work, we conduct a large-scale measurement of top sites to assess this shift and the prevalence of FPT and SST. We develop a provider-independent methodology to detect these mechanisms and find that over 54% of analyzed sites now deploy FPT or SST-related techniques. By clustering scripts based on their similarity and constructing a network graph, we demonstrate that the ecosystem is densely connected and dominated by major vendors like Google. Finally, we demonstrate that current filter lists are largely ineffective against first-party tracking, and we propose new rules to address this gap. We show that these rules block 63% more requests than traditional filter lists.