ABSTRACT
Targeted online advertising has become an inextricable part of the way Web content and applications are monetized. At the beginning, online advertising consisted of simple ad-banners broadly shown to website visitors. Over time, it evolved into a complex ecosystem that tracks and collects a wealth of data to learn user habits and show targeted and personalized ads. To protect users against tracking, several countermeasures have been proposed, ranging from browser extensions that leverage filter lists, to features natively integrated into popular browsers like Firefox and Brave to combat more modern techniques like browser fingerprinting. Nevertheless, few browsers offer protections against IP address-based tracking techniques. Notably, the most popular browsers, Chrome, Firefox, Safari and Edge do not offer any.
In this paper, we study the stability of the public IP addresses a user device uses to communicate with our server. Over time, a same device communicates with our server using a set of distinct IP addresses, but we find that devices reuse some of their previous IP addresses for long periods of time. We call this IP address retention and, the duration for which an IP address is retained by a device, is named the IP address retention period.
We present an analysis of 34,488 unique public IP addresses collected from 2,230 users over a period of 111 days and we show that IP addresses remain a prime vector for online tracking. 87 % of participants retain at least one IP address for more than a month and 45 % of ISPs in our dataset allow keeping the same IP address for more than 30 days. Furthermore, we also detect the presence of cycles of IP addresses in a user’s history and highlight their potential to be abused to infer traits of the user behaviour, as well as mobility traces. Our findings paint a bleak picture of the current state of online tracking at a time where IP addresses are overlooked compared to other techniques like cookies or fingerprinting.
- 2019. Tor Browser - Tor Project Official website. https://www.torproject.org/projects/torbrowser.html.Google Scholar
- Accessed on 2019-10-04. AmIUnique: Platform to collect browser fingerprints. https://amiunique.orgGoogle Scholar
- AdBlock. 2018. AdBlock. https://getadblock.com/Google Scholar
- Miguel E. Andrés, Nicolás E. Bordenabe, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. 2013. Geo-indistinguishability: Differential Privacy for Location-based Systems. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security(CCS ’13). ACM, New York, NY, USA, 901–914. https://doi.org/10.1145/2508859.2516735Google ScholarDigital Library
- Mika D Ayenson, Dietrich James Wambach, Ashkan Soltani, Nathan Good, and Chris Jay Hoofnagle. 2011. Flash cookies and privacy II: Now with HTML5 and ETag respawning. Available at SSRN 1898390(2011).Google Scholar
- Facebook business. 2019. Help your ads find the people who will love your business.https://www.facebook.com/business/ads/ad-targetingGoogle Scholar
- Yves-Alexandre De Montjoye, César A Hidalgo, Michel Verleysen, and Vincent D Blondel. 2013. Unique in the crowd: The privacy bounds of human mobility. Scientific reports 3(2013), 1376.Google Scholar
- Arthur Edelstein. 2019. Protections Against Fingerprinting and Cryptocurrency Mining Available in Firefox Nightly and Beta. https://blog.mozilla.org/futurereleases/2019/04/09/protections-against-fingerprinting-and-cryptocurrency-mining-available-in-firefox-nightly-and-beta/Google Scholar
- Steven Englehardt and Arvind Narayanan. 2016. Online tracking: A 1-million-site measurement and analysis. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, 1388–1401.Google ScholarDigital Library
- Steven Englehardt, Dillon Reisman, Christian Eubank, Peter Zimmerman, Jonathan Mayer, Arvind Narayanan, and Edward W Felten. 2015. Cookies that give you away: The surveillance implications of web tracking. In Proceedings of the 24th International Conference on World Wide Web. International World Wide Web Conferences Steering Committee, 289–299.Google ScholarDigital Library
- Electronic Frontier Foundation. 2018. Privacy Badger. https://www.eff.org/fr/node/99095Google Scholar
- Cliqz International GmbH. 2018. Ghostery. https://www.ghostery.comGoogle Scholar
- Eyeo GmbH. 2018. Adblock Plus. https://adblockplus.org/Google Scholar
- Raymond Hill. 2018. uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean.https://github.com/gorhill/uBlockGoogle Scholar
- Umar Iqbal, Peter Snyder, Shitong Zhu, Benjamin Livshits, Zhiyun Qian, and Zubair Shafiq. 2020. ADGRAPH: A Graph-Based Approach to Ad and Tracker Blocking. IEEE Security and Privacy(2020).Google Scholar
- Pierre Laperdrix, Walter Rudametkin, and Benoit Baudry. 2016. Beauty and the beast: Diverting modern web browsers to build unique browser fingerprints. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 878–894.Google ScholarCross Ref
- Timothy Libert. 2015. Exposing the Invisible Web: An Analysis of Third-Party HTTP Requests on 1 Million Websites. International Journal of Communication 9, 0 (2015). https://ijoc.org/index.php/ijoc/article/view/3646Google Scholar
- Ioana Livadariu, Karyn Benson, Ahmed Elmokashfi, Amogh Dhamdhere, and Alberto Dainotti. 2018. Inferring carrier-grade NAT deployment in the wild. In IEEE INFOCOM 2018-IEEE Conference on Computer Communications. IEEE, 2249–2257.Google ScholarCross Ref
- Gregor Maier, Anja Feldmann, Vern Paxson, and Mark Allman. 2009. On dominant characteristics of residential broadband internet traffic. In Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement. ACM, 90–102.Google ScholarDigital Library
- Jonathan R Mayer and John C Mitchell. 2012. Third-party web tracking: Policy and technology. In 2012 IEEE symposium on security and privacy. IEEE, 413–427.Google ScholarDigital Library
- Xianghang Mi, Ying Liu, Xuan Feng, Xiaojing Liao, Baojun Liu, XiaoFeng Wang, Feng Qian, Zhou Li, Sumayah Alrwais, and Limin Sun. 2019. Resident Evil: Understanding residential ip proxy as a dark service. In Resident Evil: Understanding Residential IP Proxy as a Dark Service. IEEE, 0.Google Scholar
- Opera. 2019. Free VPN | Browser with built-in VPN | Download | Opera. https://www.opera.com/computer/features/free-vpnGoogle Scholar
- Ramakrishna Padmanabhan, Amogh Dhamdhere, Emile Aben, kc claffy, and Neil Spring. 2016. Reasons Dynamic Addresses Change. In Proceedings of the 2016 Internet Measurement Conference(IMC ’16). ACM, New York, NY, USA, 183–198. https://doi.org/10.1145/2987443.2987461Google ScholarDigital Library
- Justin Schuh. 2019. Building a more private web. https://www.blog.google/products/chrome/building-a-more-private-web/Google Scholar
- Antoine Vastel, Pierre Laperdrix, Walter Rudametkin, and Romain Rouvoy. 2018. FP-STALKER: Tracking Browser Fingerprint Evolutions. In IEEE S&P 2018-39th IEEE Symposium on Security and Privacy. IEEE, 1–14.Google Scholar
- John Wilander. 2017. Intelligent Tracking Prevention | WebKit. https://webkit.org/blog/7675/intelligent-tracking-prevention/Google Scholar
- Philipp Winter, Richard Köwer, Martin Mulazzani, Markus Huber, Sebastian Schrittwieser, Stefan Lindskog, and Edgar Weippl. 2014. Spoiled onions: Exposing malicious Tor exit relays. In International Symposium on Privacy Enhancing Technologies Symposium. Springer, 304–331.Google ScholarCross Ref
- Yinglian Xie, Fang Yu, Kannan Achan, Eliot Gillum, Moises Goldszmidt, and Ted Wobber. 2007. How dynamic are IP addresses?. In ACM SIGCOMM Computer Communication Review, Vol. 37. ACM, 301–312.Google Scholar
- Ting-Fang Yen, Yinglian Xie, Fang Yu, Roger Peng Yu, and Martin Abadi. 2012. Host Fingerprinting and Tracking on the Web: Privacy and Security Implications.. In NDSS, Vol. 62. Citeseer, 66.Google Scholar
- Sebastian Zimmeck, Jie S Li, Hyungtae Kim, Steven M Bellovin, and Tony Jebara. 2017. A privacy analysis of cross-device tracking. In 26th USENIX Security Symposium (USENIX Security 17). 1391–1408.Google ScholarDigital Library
Index Terms
- Don’t Count Me Out: On the Relevance of IP Address in the Tracking Ecosystem
Recommendations
IP routing on logical address group
IC3N '97: Proceedings of the 6th International Conference on Computer Communications and NetworksIn principle, more than one routers are intervened between different IP subnets. IETF RFC1577 "Classical IP and ARP over ATM", which is specified to provide IP services on an ATM network, also requires that the router be used between different logical ...
Extending the IP internet through address reuse
The two most compelling problems facing the IP Internet are IP address depletion and scaling in routing. This paper discusses the characteristics of one of the proposed solutions---address reuse. The solution is to place Network Address Translators (Nat)...
Comments