100 lines
4.8 KiB
TeX
100 lines
4.8 KiB
TeX
\chapter{Defenses against Tracking}%
|
|
\label{chap:defenses against tracking}
|
|
|
|
The proliferation of tracking across the web has led to the development of a
|
|
myriad of tools that each have their own advantages and disadvantages. Some
|
|
tracking methods can be easily mitigated by changing browser settings or by
|
|
disabling certain technologies. More often than not, these methods not only stop
|
|
or limit tracking but also severely hamper the internet experience for end
|
|
users. Especially some of the more advanced tools require user input to know
|
|
which items to block and which to let through. This in turn requires expertise
|
|
that few regular internet users possess, further complicating defending against
|
|
tracking. This chapter introduces methods and tools that have been proven to be
|
|
effective against tracking on the web. It is split into two parts, with the
|
|
first surveying techniques that can be applied to limit tracking and the second
|
|
presenting tools to managing tracking on the web. The focus lies on defending
|
|
against the methods discussed in chapter~\ref{chap:tracking methods}.
|
|
|
|
\section{Techniques}
|
|
\label{sec:techniques}
|
|
|
|
The aim of this section is to present comparatively simple techniques that a
|
|
user can employ to limit tracking. The benefit of these methods is that they are
|
|
built into modern browsers and therefore do not require specific user knowledge
|
|
of installing any additional tools. Although their implementations vary from
|
|
one browser to another, the basic idea of the underlying functionality remains
|
|
the same.
|
|
|
|
\subsection{Opt-out and Opt-in}
|
|
\label{subsec:Opt-out}
|
|
|
|
To opt-out in the context of web tracking means to make use of the possibility
|
|
of turning off data collection by a web site. After the user has opted-out of
|
|
either all data collection or only a subset of all the data that a web site
|
|
collects, an opt-out cookie is set, indicating the user's preference. Whereas
|
|
opting-out generally means that data collection happens by default, opt-in
|
|
requires that data collection is turned off by default. In theory it allows
|
|
users to have fine-grained control over which aspects of their online presence
|
|
they are comfortable with sharing by either opting-out or opting-in (depending
|
|
on how web sites ask for consent). In practice however, the seemingly irrelevant
|
|
difference between those two lead to very different outcomes with respect to the
|
|
amount of users that are tracked.
|
|
|
|
For either opt-out or opt-in to work, a web site has to provide an option for
|
|
doing so. Because web sites increasingly use third parties to manage data
|
|
collection on their site, consent or rejection has to be passed to these third
|
|
parties and they have to be willing to accept such a decision. Since the
|
|
European's \gls{GDPR} came into force in 2018, service providers operating in
|
|
the European Union are required to ask users for explicit consent before
|
|
collecting any data, except when that data is absolutely necessary to ensure
|
|
basic functionality. It is not allowed to notify the user that by continuing to
|
|
visit the web site, consent to data collection is given. Furthermore, if consent
|
|
is not given, the web site provider is not allowed to block the user from
|
|
visiting the web site. Even before the \gls{GDPR}, the EU required web sites to
|
|
ask for informed consent via the ePrivacy Directive which came into force in
|
|
2013. \citet{trevisanYearsEUCookie2019} use their tool \emph{CookieCheck} to
|
|
evaluate how many of the surveyed 35.000 sites comply with the legislation put
|
|
forth in the ePrivacy Directive. Their findings indicate that almost half (49\%)
|
|
of the web sites use profiling technologies without consent. Similarly,
|
|
\citet{sanchez-rolaCanOptOut2019a} show that tracking is still prevalent and
|
|
happens already before user consent is given after the \gls{GDPR} has been in
|
|
force for a year. \citet{huCharacterisingThirdParty2019} come to a a similar
|
|
conclusion while only looking at third party tracking: the amount of cookies
|
|
stored on a user's computer has not changed significantly since before the
|
|
\gls{GDPR}. In yet another survey of the top 500 web sites as ranked by Alexa,
|
|
\citet{degelingWeValueYour2019} conclude that the amount of tracking before and
|
|
after the \gls{GDPR} stayed the same and only 37 sites ask for consent before
|
|
storing any cookies.
|
|
|
|
\subsection{Clearing Browser History}
|
|
\label{subsec:Clearing Browser History}
|
|
|
|
\subsection{Private Browsing Mode}
|
|
\label{subsec:Private Browsing Mode}
|
|
|
|
\subsection{Do Not Track}
|
|
\label{subsec:Do Not Track}
|
|
|
|
\subsection{Privacy-focused Search Engines}
|
|
\label{subsec:Privacy-focused Search Engines}
|
|
|
|
\section{Tools}
|
|
\label{sec:tools}
|
|
|
|
\subsection{Blacklists}
|
|
\label{subsec:blacklists}
|
|
|
|
\subsection{TOR}
|
|
\label{subsec:tor}
|
|
|
|
\subsection{Virtual Private Networks}
|
|
\label{subsec:virtual private networks}
|
|
|
|
\subsection{Privacy Badger}
|
|
\label{subsec:privacy badger}
|
|
|
|
\subsection{Request Policy}
|
|
\label{subsec:Request Policy}
|
|
|
|
|