Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
149 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Understanding the Privacy Risks of Popular Search Engine Advertising Systems (2308.15309v3)

Published 29 Aug 2023 in cs.CY

Abstract: We present the first extensive measurement of the privacy properties of the advertising systems used by privacy-focused search engines. We propose an automated methodology to study the impact of clicking on search ads on three popular private search engines which have advertising-based business models: StartPage, Qwant, and DuckDuckGo, and we compare them to two dominant data-harvesting ones: Google and Bing. We investigate the possibility of third parties tracking users when clicking on ads by analyzing first-party storage, redirection domain paths, and requests sent before, when, and after the clicks. Our results show that privacy-focused search engines fail to protect users' privacy when clicking ads. Users' requests are sent through redirectors on 4% of ad clicks on Bing, 86% of ad clicks on Qwant, and 100% of ad clicks on Google, DuckDuckGo, and StartPage. Even worse, advertising systems collude with advertisers across all search engines by passing unique IDs to advertisers in most ad clicks. These IDs allow redirectors to aggregate users' activity on ads' destination websites in addition to the activity they record when users are redirected through them. Overall, we observe that both privacy-focused and traditional search engines engage in privacy-harming behaviors allowing cross-site tracking, even in privacy-enhanced browsers.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (40)
  1. Last accessed September 11, 2023. Ad Block engine in Rust. https://www.npmjs.com/package/adblock-rs
  2. Last accessed September 11, 2023. Disconnect Entity List. https://github.com/mozilla-services/shavar-prod-lists/blob/master/disconnect-entitylist.json
  3. Last accessed September 11, 2023. DuckDuckGo seach engine. https://duckduckgo.com/
  4. Last accessed September 11, 2023a. EasyList. https://easylist.to/easylist/easylist.txt
  5. Last accessed September 11, 2023b. EasyPrivacy. https://easylist.to/easylist/easyprivacy.txt
  6. Last accessed September 11, 2023. MovieLens. https://movielens.org/
  7. Last accessed September 11, 2023a. Puppeteer. https://www.npmjs.com/package/puppeteer
  8. Last accessed September 11, 2023b. Puppeteer Extra Plugin Stealth. https://www.npmjs.com/package/puppeteer-extra-plugin-stealth
  9. Last accessed September 11, 2023. Qwant seach engine. https://www.qwant.com/
  10. Last accessed September 11, 2023. StartPage seach engine. https://www.startpage.com/
  11. Brave. Last accessed September 11, 2023. What are the best private search engines? https://brave.com/learn/no-tracking-search-engine/
  12. Preserving user’s privacy in web search engines. Computer Communications 32, 13 (2009), 1541–1551. https://doi.org/10.1016/j.comcom.2009.05.009
  13. Cookie Swap Party: Abusing First-Party Cookies for Web Tracking. In Proceedings of the Web Conference 2021 (Ljubljana, Slovenia) (WWW ’21). Association for Computing Machinery, New York, NY, USA, 2117–2129. https://doi.org/10.1145/3442381.3449837
  14. Google Click Identifier (GCLID): Definition. Last accessed September 11, 2023. Google Click Identifier (GCLID): Definition. https://support.google.com/google-ads/answer/9744275
  15. Towards Understanding First-Party Cookie Tracking in the Field.
  16. MDN Web Docs. Last accessed September 11, 2023a. The Anchor element - ping attribute. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#ping
  17. MDN Web Docs. Last accessed September 11, 2023b. Redirections in HTTP. https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections
  18. DuckDuckGo and Microsoft. Last accessed September 11, 2023. DuckDuckGo Help Pages - Company Ads by Microsoft on DuckDuckGo Private Search. https://help.duckduckgo.com/duckduckgo-help-pages/company/ads-by-microsoft-on-duckduckgo-private-search/
  19. EasyList. Last accessed September 11, 2023. Overview. https://easylist.to/
  20. Github. Last accessed September 11, 2023. PyEnchant. https://pyenchant.github.io/pyenchant/
  21. Google. Last accessed: September 11, 2023. Stats and Analysis. https://trends.google.com/trends
  22. Challenges in Measuring Online Advertising Systems. In Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (Melbourne, Australia) (IMC ’10). Association for Computing Machinery, New York, NY, USA, 81–87. https://doi.org/10.1145/1879141.1879152
  23. Measuring Personalization of Web Search. In Proceedings of the 22nd International Conference on World Wide Web (Rio de Janeiro, Brazil) (WWW ’13). Association for Computing Machinery, New York, NY, USA, 527–538. https://doi.org/10.1145/2488388.2488435
  24. Google Analytics Help. Last accessed September 11, 2023a. Common questions about Google Ads Clicks and Analytics Sessions. https://support.google.com/analytics/answer/4588454?hl=en
  25. Microsoft Help. Last accessed September 11, 2023b. Auto-tagging of Microsoft Click ID. https://help.ads.microsoft.com/apex/index/3/en/60000
  26. In-Depth Evaluation of Redirect Tracking and Link Usage. Proceedings on Privacy Enhancing Technologies 2020 (10 2020), 394–413. https://doi.org/10.2478/popets-2020-0079
  27. Milica Mihajlija. Last accessed September 11, 2023a. Cookies Having Independent Partitioned State (CHIPS). https://developer.chrome.com/docs/privacy-sandbox/chips/
  28. Milica Mihajlija. Last accessed September 11, 2023b. Cookies Having Independent Partitioned State (CHIPS) origin trial. https://developer.chrome.com/blog/chips-origin-trial/
  29. NordVPN. Last accessed September 11, 2023. The best private search engines for secure browsing. https://nordvpn.com/blog/private-search-engines/
  30. DuckDuckGo Help Pages. Last accessed September 11, 2023a. Company - Advertising and Affiliates. https://help.duckduckgo.com/duckduckgo-help-pages/company/advertising-and-affiliates/
  31. DuckDuckGo Help Pages. Last accessed September 11, 2023b. Privacy - Anonymous Localized Results. https://help.duckduckgo.com/privacy/anonymous-localized-results/
  32. Qwant. Last accessed September 11, 2023. Legal information. https://about.qwant.com/en/legal/confidentialite
  33. Measuring UID smuggling in the wild. In Proceedings of the 22nd ACM Internet Measurement Conference. 230–243.
  34. Evaluating Web Search Engines Results for Personalization and User Tracking. (2022). https://doi.org/10.48550/ARXIV.2211.11518
  35. Detecting and Defending against Third-Party Tracking on the Web. In Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation (San Jose, CA) (NSDI’12). USENIX Association, USA, 12.
  36. Privacy Protection in Personalized Search. SIGIR Forum 41, 1 (jun 2007), 4–17. https://doi.org/10.1145/1273221.1273222
  37. StartPage. Last accessed September 11, 2023a. Can I advertise on StartPage? https://support.startpage.com/hc/en-us/articles/5076181310612-Can-I-advertise-on-Startpage-
  38. StartPage. Last accessed September 11, 2023b. Privacy Policy. https://www.startpage.com/en/privacy-policy
  39. WebKit. Last accessed September 11, 2023. Tracking Prevention Policy. https://webkit.org/tracking-prevention-policy/
  40. Privacy-Enhancing Personalized Web Search (WWW ’07). Association for Computing Machinery, New York, NY, USA, 591–600. https://doi.org/10.1145/1242572.1242652
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now