how tracking companies circumvented ad blockers using
play

How Tracking Companies Circumvented Ad Blockers Using WebSockets - PowerPoint PPT Presentation

Sep 08, 2022 •300 likes •1.11k views

How Tracking Companies Circumvented Ad Blockers Using WebSockets Muhammad Ahmad Bashir, Sajjad Arshad, Engin Kirda, William Robertson, Christo Wilson Northeastern University Online Tracking 2 Online Tracking Surge in online

  1. 
 How Tracking Companies Circumvented Ad Blockers Using WebSockets Muhammad Ahmad Bashir, Sajjad Arshad, Engin Kirda, William Robertson, Christo Wilson 
 Northeastern University

  2. Online Tracking 2

  3. Online Tracking Surge in online advertising (internet economy) • Ad networks pour in billions of dollars. • Value for their investment? • Extensive tracking to serve targeted ads. 2

  4. Online Tracking Surge in online advertising (internet economy) • Ad networks pour in billions of dollars. • Value for their investment? • Extensive tracking to serve targeted ads. User concern over tracking • Led to the proliferation of ad blocking extensions 2

  5. Online Tracking Surge in online advertising (internet economy) • Ad networks pour in billions of dollars. • Value for their investment? • Extensive tracking to serve targeted ads. User concern over tracking • Led to the proliferation of ad blocking extensions Ad networks fight back • E.g Using anti ad blocking scripts 2

  6. Google & Safari • Google evaded Safari’s third-party cookie blocking policy (Jonathan Mayer) • … by submitting a form in an invisible iFrame • Google was fined $22.5M by FTC 3

  7. This Talk How Ad Networks leveraged a bug in Chrome API to bypass Ad Blockers using WebSockets 4

  8. This Talk How Ad Networks leveraged a bug in Chrome API to bypass Ad Blockers using WebSockets 1. What caused this? 2. How this bug was leveraged by ad networks? 4

  9. Web Sockets 5

  10. Web Sockets HTTP/S 5

  11. Web Sockets request HTTP/S response 5

  12. Web Sockets request HTTP/S response Chatting App 5

  13. Web Sockets request HTTP/S response anything new? Chatting App 5

  14. Web Sockets request HTTP/S response anything new? Chatting App Web Socket 5

  15. Web Sockets request HTTP/S response anything new? Chatting App bidirectional Web Socket • Both client and server can send/receive data • This is a persistent connection 5

  16. Web Sockets request HTTP/S response anything new? Chatting App bidirectional Web Socket ws:// or wss:// • Both client and server can send/receive data • This is a persistent connection 5

  17. Ad Blockers 6

  18. Ad Blockers • Chrome extension chrome.webRequest API • Extension can inspect / modify / drop outgoing requests 6

  19. Ad Blockers • Chrome extension chrome.webRequest API • Extension can inspect / modify / drop outgoing requests webRequest API 6

  20. Ad Blockers • Chrome extension chrome.webRequest API • Extension can inspect / modify / drop outgoing requests http://cnn.com/logo.jpeg webRequest API 6

  21. Ad Blockers • Chrome extension chrome.webRequest API • Extension can inspect / modify / drop outgoing requests http://cnn.com/logo.jpeg webRequest API Usually borrowed 
 Rule List from EasyList 6

  22. Ad Blockers • Chrome extension chrome.webRequest API • Extension can inspect / modify / drop outgoing requests http://cnn.com/logo.jpeg webRequest API url Usually borrowed 
 Rule List from EasyList 6

  23. Ad Blockers • Chrome extension chrome.webRequest API • Extension can inspect / modify / drop outgoing requests http://cnn.com/logo.jpeg webRequest API url Usually borrowed 
 Rule List from EasyList 6

  24. Ad Blockers • Chrome extension chrome.webRequest API • Extension can inspect / modify / drop outgoing requests http://cnn.com/logo.jpeg webRequest API url Usually borrowed 
 Rule List from EasyList 6

  25. Ad Blockers • Chrome extension chrome.webRequest API • Extension can inspect / modify / drop outgoing requests http://cnn.com/logo.jpeg webRequest API url Usually borrowed 
 Rule List from EasyList webRequest API 6

  26. Ad Blockers • Chrome extension chrome.webRequest API • Extension can inspect / modify / drop outgoing requests http://cnn.com/logo.jpeg webRequest API url Usually borrowed 
 Rule List from EasyList http://doubleclick.com/s1.js webRequest API 6

  27. Ad Blockers • Chrome extension chrome.webRequest API • Extension can inspect / modify / drop outgoing requests http://cnn.com/logo.jpeg webRequest API url Usually borrowed 
 Rule List from EasyList url http://doubleclick.com/s1.js webRequest API 6

  28. Ad Blockers • Chrome extension chrome.webRequest API • Extension can inspect / modify / drop outgoing requests http://cnn.com/logo.jpeg webRequest API url Usually borrowed 
 Rule List from EasyList url http://doubleclick.com/s1.js webRequest API 6

  29. Ad Blockers • Chrome extension chrome.webRequest API • Extension can inspect / modify / drop outgoing requests http://cnn.com/logo.jpeg webRequest API url Usually borrowed 
 Rule List from EasyList url http://doubleclick.com/s1.js webRequest API 6

  30. AdBlock Evasion 7

  31. AdBlock Evasion • Bug in webRequest API • ws/wss requests did not trigger the API 7

  32. AdBlock Evasion • Bug in webRequest API • ws/wss requests did not trigger the API 2012 2013 2014 2016 2017 2018 2015 7

  33. AdBlock Evasion • Bug in webRequest API • ws/wss requests did not trigger the API Original bug 
 reported 2012 2013 2014 2016 2017 2018 2015 7

  34. AdBlock Evasion • Bug in webRequest API • ws/wss requests did not trigger the API Users report 
 unblocked ads Original bug 
 reported 2012 2013 2014 2016 2017 2018 2015 7

  35. AdBlock Evasion • Bug in webRequest API • ws/wss requests did not trigger the API Users report 
 Patch unblocked ads Finalized 
 Original bug 
 ( Landed) reported 2012 2013 2014 2016 2017 2018 2015 7

  36. AdBlock Evasion • Bug in webRequest API • ws/wss requests did not trigger the API Users report 
 Patch unblocked ads Finalized 
 Original bug 
 ( Landed) reported 2012 2013 2014 2016 2017 2018 2015 Chrome 58 
 released 7

  37. AdBlock Evasion • Bug in webRequest API • ws/wss requests did not trigger the API Users report 
 Patch unblocked ads Finalized 
 Original bug 
 ( Landed) reported * * * * 2012 2013 2014 2016 2017 2018 2015 Chrome 58 
 released * Represents when our crawls were done 7

  38. Data Crawling 8

  39. Data Crawling 100K websites 
 sampled from Alexa 8

  40. Data Crawling Collected chains for 100K websites 
 all included sampled from Alexa Visit 15 
 resources links / website 8

  41. This means we know Data Crawling which resource included which other resource Collected chains for 100K websites 
 all included sampled from Alexa Visit 15 
 resources links / website 8

  42. This means we know Data Crawling which resource included which other resource Collected chains for 100K websites 
 all included sampled from Alexa Visit 15 
 resources links / website Filter 
 WebSockets Filter all resources which end in 
 web sockets 8

  43. This means we know Data Crawling which resource included which other resource Collected chains for 100K websites 
 all included sampled from Alexa Visit 15 
 resources links / website Filter 
 WebSockets Filter all resources which end in 
 web sockets Mark web sockets 
 Detect A&A 
 which are used by WebSockets A&A domains A&A = Advertising and Analytics e.g. DoubleClick, Criteo, Adnxs 8

  44. This means we know Data Crawling which resource included which other resource Collected chains for 100K websites 
 all included sampled from Alexa Visit 15 
 resources links / website Filter 
 WebSockets Example Inclusion Tree pub/ Filter all resources index.html which end in 
 web sockets Mark web sockets 
 srv.ws ads/ Detect A&A 
 which are used by WebSockets script.js A&A domains ads/ frame.html A&A = Advertising and Analytics e.g. DoubleClick, Criteo, Adnxs ads/ adnet/ img_a.jpg data.ws 8

  45. This means we know Data Crawling which resource included which other resource Collected chains for 100K websites 
 all included sampled from Alexa Visit 15 
 resources links / website Filter 
 WebSockets Example Inclusion Tree pub/ Filter all resources index.html which end in 
 web sockets Mark web sockets 
 srv.ws ads/ Detect A&A 
 which are used by WebSockets script.js A&A domains WebSocket ads/ frame.html A&A = Advertising and Analytics e.g. DoubleClick, Criteo, Adnxs ads/ adnet/ img_a.jpg data.ws WebSocket 8

  46. This means we know Data Crawling which resource included which other resource Collected chains for 100K websites 
 all included sampled from Alexa Visit 15 
 resources links / website Filter 
 WebSockets Example Inclusion Tree pub/ Filter all resources index.html which end in 
 web sockets Mark web sockets 
 srv.ws ads/ Detect A&A 
 which are used by WebSockets script.js A&A domains WebSocket ads/ frame.html A&A = Advertising and Analytics e.g. DoubleClick, Criteo, Adnxs adnet/ data.ws WebSocket 8

Recommend

The Importance of Beta-Blockers in Patients with Heart Failure: A

The Importance of Beta-Blockers in Patients with Heart Failure: A

The Importance of Beta-Blockers in Patients with Heart Failure: A Resynchronization-Defibrillation for Ambulatory Heart Failure Trial (RAFT) Analysis . L. Brent Mitchell, Jean L. Rouleau, Gary E. Newton, Jonathon Howlett, Elizabeth Yetisir,

351 views • 17 slides
Association between Use of Beta-Blockers and Mortality in Patients with Heart Failure and

Association between Use of Beta-Blockers and Mortality in Patients with Heart Failure and

Association between Use of Beta-Blockers and Mortality in Patients with Heart Failure and Preserved Ejection Fraction a Prospective Propensity Score-Matched Cohort Study Lars H Lund, Lina Benson, Ulf Dahlstrm, Magnus Edner, Leif Friberg on

158 views • 13 slides
MEET THE BLOCKERS A CAST OF CHARACTERS This exercise introduces twelve characters who may be

MEET THE BLOCKERS A CAST OF CHARACTERS This exercise introduces twelve characters who may be

MEET THE BLOCKERS A CAST OF CHARACTERS This exercise introduces twelve characters who may be found in many partnerships, blocking the road to a successful outcome. Learn how to harness their characteristics to move your projects forward and

286 views • 16 slides
Drugs Used In The Management Of Atrial Fibrillation Dr Steve Murray Consultant EP &

Drugs Used In The Management Of Atrial Fibrillation Dr Steve Murray Consultant EP &

Drugs Used In The Management Of Atrial Fibrillation Dr Steve Murray Consultant EP & Cardiologist Outline of session Unfortunately individual cases cannot and will not be discussed! Beta-blockers Calcium channel blockers

508 views • 46 slides
What's next for adversarial ML? (and why ad-blockers should care) Florian Tramr EPFL July 9 th

What's next for adversarial ML? (and why ad-blockers should care) Florian Tramr EPFL July 9 th

What's next for adversarial ML? (and why ad-blockers should care) Florian Tramr EPFL July 9 th 2018 Joint work with Gili Rusak, Giancarlo Pellegrino and Dan Boneh The Deep Learning Revolution First they came for images The Deep Learning

703 views • 26 slides
Efficacy of beta-blockers in heart failure Efficacy of beta-blockers in heart failure patients

Efficacy of beta-blockers in heart failure Efficacy of beta-blockers in heart failure patients

Efficacy of beta-blockers in heart failure Efficacy of beta-blockers in heart failure patients with atrial fibrillation: patients with atrial fibrillation: An individual patient patient data meta-analysis data meta-analysis An individual

553 views • 23 slides
9/12/2019 Wichter et al ARVD Therapy 1. Beta blockers (Sotalol) 2. Amiodarone 3. Catheter

9/12/2019 Wichter et al ARVD Therapy 1. Beta blockers (Sotalol) 2. Amiodarone 3. Catheter

9/12/2019 Wichter et al ARVD Therapy 1. Beta blockers (Sotalol) 2. Amiodarone 3. Catheter ablation 4. AICD M S Marcus et al report from ARVC registry Treatment for patients with ARVC JACC 54:609 2010 Early drug trials involved small

291 views • 6 slides
Serialization, Authentication and Tracking Solution Presentation December 2016 Who we are

Serialization, Authentication and Tracking Solution Presentation December 2016 Who we are

Serialization, Authentication and Tracking Solution Presentation December 2016 Who we are INEXTO offers cutting edge brand protection, track & trace solutions to private companies, governments and consumers that are all looking for

447 views • 15 slides
Tracking by learning Arnold W.M. Smeulders Tracking Online tracking is to determine the location

Tracking by learning Arnold W.M. Smeulders Tracking Online tracking is to determine the location

Tracking by learning Arnold W.M. Smeulders Tracking Online tracking is to determine the location of one target in video starting from a bounding box in the first frame. When conceived as an instant learning problem, the task is to discriminate

651 views • 39 slides
PTrack: Enhancing the Applicability of Pedestrian Tracking with Wearables Yonghang Jiang,

PTrack: Enhancing the Applicability of Pedestrian Tracking with Wearables Yonghang Jiang,

PTrack: Enhancing the Applicability of Pedestrian Tracking with Wearables Yonghang Jiang, Zhenjiang Li, Jianping Wang Department of Computer Science City University of Hong Kong 6 Insurance companies Customer assessment Sedentary: 21 hours

376 views • 16 slides
Tracking Articulated Objects Alexander (Sasha) Lambert CS7495 Fall 2014 Tracking From Depth

Tracking Articulated Objects Alexander (Sasha) Lambert CS7495 Fall 2014 Tracking From Depth

Tracking Articulated Objects Alexander (Sasha) Lambert CS7495 Fall 2014 Tracking From Depth Infra-red point-clouds (structured light) Affordable sensors (Primesense) Large body of work on people-tracking Complex tracking

409 views • 23 slides
Tracking Catalog: Uncovering and analyzing user tracking on the Internet Tomasz Bujlow Valentn

Tracking Catalog: Uncovering and analyzing user tracking on the Internet Tomasz Bujlow Valentn

Introduction Tracking catalog Tracking mechanisms Open questions Tracking Catalog: Uncovering and analyzing user tracking on the Internet Tomasz Bujlow Valentn Carela-Espaol Pere Barlet-Ros Computer Architecture Dept. (DAC) UPC

581 views • 10 slides
Eye Tracking and Topics EMA in Computer Eye tracking definition Science Eye tracker

Eye Tracking and Topics EMA in Computer Eye tracking definition Science Eye tracker

Eye Tracking and Topics EMA in Computer Eye tracking definition Science Eye tracker history Eye tracking theory Computer Literacy 1 Lecture 23 Different kinds of eye trackers 11/11/2008 Electromagnetic Articulography (EMA)

459 views • 6 slides
Tracking - VSO Framework Tracking Status Controlling Actions 100% Configuring Actions Device

Tracking - VSO Framework Tracking Status Controlling Actions 100% Configuring Actions Device

Tracking - VSO Framework Tracking Status Controlling Actions 100% Configuring Actions Device List 0% Device handling View drawing 100% Federico Tessmann Test-Tracking - Orchestra VSO- VSOUI Tracking VSO- Orchestra VSOAudio

76 views • 7 slides
8. Pharmacological Management Neurohormonal deactivation 1. A drenaline Beta Blockers Dose

8. Pharmacological Management Neurohormonal deactivation 1. A drenaline Beta Blockers Dose

8. Pharmacological Management Neurohormonal deactivation 1. A drenaline Beta Blockers Dose Side Effects Monitoring Neurohormonal Deactivation 2. A ngiotensin II ACE Inhibition Dose Side Effects Monitoring ARNI Angiotensin

624 views • 30 slides
Video Object Tracking Real-time tracking of objects in video is an important problem in various

Video Object Tracking Real-time tracking of objects in video is an important problem in various

Tracking Objects Better, Faster, Longer Assoc. Prof. Dr. Alptekin Temizel atemizel@metu.edu.tr Graduate School of Informatics, METU 18 March 2015 GPU Technology Conference Video Object Tracking Real-time tracking of objects in video is an

472 views • 19 slides
Detection vs. tracking Lecture 21: Motion and tracking Thursday, Nov 29 Prof. Kristen

Detection vs. tracking Lecture 21: Motion and tracking Thursday, Nov 29 Prof. Kristen

11/30/2007 Detection vs. tracking Lecture 21: Motion and tracking Thursday, Nov 29 Prof. Kristen Grauman Tracking with dynamics : We use image measurements to estimate position of object, but also incorporate position predicted by

486 views • 12 slides
People-Tracking-by-Detection and People-Detection-by-Tracking Mykhaylo Andriluka Stefan Roth

People-Tracking-by-Detection and People-Detection-by-Tracking Mykhaylo Andriluka Stefan Roth

People-Tracking-by-Detection and People-Detection-by-Tracking Mykhaylo Andriluka Stefan Roth Bernt Schiele Department of Computer Science TU Darmstadt People-Tracking-by-Detection and People-Detection-by-Tracking - CVPR 2008 Motivation

899 views • 89 slides
Overview Introduction Object Tracking Vehicle Tracking Theory & Implementation

Overview Introduction Object Tracking Vehicle Tracking Theory & Implementation

Overview Introduction Object Tracking Vehicle Tracking Theory & Implementation Segmentation Tracking Results Q & A Introduction Object Tracking Object Tracking Object representation Feature

500 views • 28 slides
Tracking Tracking Many thanks to: H. Bischof, B. Leibe, V. Ferrari, K. Graumann, Y. Ukrainitz, D.

Tracking Tracking Many thanks to: H. Bischof, B. Leibe, V. Ferrari, K. Graumann, Y. Ukrainitz, D.

Computer Vision Tracking Tracking Many thanks to: H. Bischof, B. Leibe, V. Ferrari, K. Graumann, Y. Ukrainitz, D. Wagner, V Lepetit, M. Breitenstein, P. Sabzmeydani, Z. Kalal from whom I borrowed many slides and videos. We all know what

1.62k views • 138 slides
Tracking Tracking Many thanks to: H. Bischof, B. Leibe, V. Ferrari, K. Graumann, Y. Ukrainitz, D.

Tracking Tracking Many thanks to: H. Bischof, B. Leibe, V. Ferrari, K. Graumann, Y. Ukrainitz, D.

Computer Vision Tracking Tracking Many thanks to: H. Bischof, B. Leibe, V. Ferrari, K. Graumann, Y. Ukrainitz, D. Wagner, V Lepetit, M. Breitenstein, P. Sabzmeydani, Z. Kalal from whom I borrowed many slides and videos. We all know what

1.5k views • 137 slides
RFID KEG TRACKING SOLUTION Proteus Tracking is a class leading innovative Internet of Things

RFID KEG TRACKING SOLUTION Proteus Tracking is a class leading innovative Internet of Things

RFID KEG TRACKING SOLUTION Proteus Tracking is a class leading innovative Internet of Things company. Proteus Tracking prides itself in identifying the clients problem areas and delivering breakthrough industry technology solutions in both

150 views • 4 slides
Eye-tracking for capturing human visual attention Eye-tracking for capturing human visual

Eye-tracking for capturing human visual attention Eye-tracking for capturing human visual

BubbleView : an interface for crowdsourcing image importance maps and tracking visual attention Nam Wook Zoya Michelle Krzysztof Aude Fredo Hanspeter Kim* Bylinskii* Borkin Gajos Oliva Durand Pfister Eye-tracking for capturing human

830 views • 69 slides
Inter Internet monitoring net monitoring and web tracking and web tracking Engineering &

Inter Internet monitoring net monitoring and web tracking and web tracking Engineering &

CyLab Inter Internet monitoring net monitoring and web tracking and web tracking Engineering & Public Policy Lorrie Faith Cranor September 30, 2014 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533

440 views • 42 slides

More recommend