You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/en/2025/privacy.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -140,7 +140,7 @@ Our analysis shows that `doubleclick.net` is the most common third-party cookie
140
140
The following figure shows the most common first-party cookies. While these cookies are set in a first-party context, their names provide evidence that they are primarily used for tracking purposes. The `_ga` cookie is set on 46% of webpages, and `_gid` appears on 18%, both used by Google Analytics, followed by `gcl_au` on 16% of webpages. While the exact purpose of these cookies was not tested, Google [publishes](https://business.safety.google/adscookies/) their intended functions.
141
141
Another popular first-party cookie is `_fbp`, used by Meta on 14% of webpages. Meta <ahreflang="en"href="https://www.facebook.com/business/help/471978536642445?id=1205376682832142">provides</a> advertisers the option to use first-party cookies with the Meta Pixel. Similar to the results observed for third-party context, Google and Meta remain the dominant entities for tracking in the first-party cookie context.
142
142
143
-
The usage of cookies on the web remains largely for tracking purposes. Among the functional exceptions, `PHPSESSID` stores a unique session ID for PHP applications on 12% of pages, while XSRF-TOKEN handles security against cross-site request forgery and is found on 6% of webpages.
143
+
The usage of cookies on the web remains largely for tracking purposes. Among the functional exceptions, `PHPSESSID` stores a unique session ID for PHP applications on 12% of pages, while `XSRF-TOKEN` handles security against cross-site request forgery and is found on 6% of webpages.
144
144
145
145
{{ figure_markup(
146
146
image="most-common-first-party-cookie-names.png",
@@ -164,10 +164,6 @@ Browser fingerprinting is a method by which websites can identify a user based o
164
164
165
165
<ahreflang="en"href="https://dl.acm.org/doi/abs/10.1145/3696410.3714548">Prior work</a> has shown browser fingerprinting to be highly prevalent in online tracking. Its attractiveness can be attributed to the fact that it is difficult to block, and claims to be effective even if the user is using an Incognito browser. In this report, we identify the most common technologies used to do browser fingerprinting.
166
166
167
-
Of note, the library <ahreflang="en"href="https://github.com/fingerprintjs/fingerprintjs">FingerprintJS</a> has remained the most popular tool to conduct browser fingerprinting, far surpassing the others. FingerprintJS is used on 0.59% of mobile accessed websites, compared to <ahreflang="en"href="https://github.com/jackspirou/clientjs">ClientJS</a> (the next most popular technology) which is present on 0.04%.
168
-
169
-
The popularity of FingerprintJS can likely be attributed to its thriving open source community, which appears to be more active than that of ClientJS.
170
-
171
167
{{ figure_markup(
172
168
image="top-fingerprinting-technologies.png",
173
169
caption="Top fingerprinting technologies",
@@ -178,6 +174,10 @@ The popularity of FingerprintJS can likely be attributed to its thriving open so
178
174
)
179
175
}}
180
176
177
+
Of note, the library <ahreflang="en"href="https://github.com/fingerprintjs/fingerprintjs">FingerprintJS</a> has remained the most popular tool to conduct browser fingerprinting, far surpassing the others. FingerprintJS is used on 0.59% of mobile accessed websites, compared to <ahreflang="en"href="https://github.com/jackspirou/clientjs">ClientJS</a> (the next most popular technology) which is present on 0.04%.
178
+
179
+
The popularity of FingerprintJS can likely be attributed to its thriving open source community, which appears to be more active than that of ClientJS.
180
+
181
181
## Evading tracking protections
182
182
183
183
As browsers and privacy tools have become more effective at blocking third-party trackers, the tracking industry has adapted. Techniques like CNAME cloaking and bounce tracking allow trackers to disguise themselves as first-party resources or use intermediate redirects to circumvent traditional blocking methods. These approaches exploit the trust browsers place in first-party requests, making them harder to detect and block. In this section, we focus on bounce tracking, which can be observed through redirect chains in our crawl data.
@@ -346,11 +346,11 @@ Germany (0.042%) and France (0.030%) lead TCFv2 publisher adoption among EU memb
346
346
347
347
The most common USP string is 1YNY at 1.296%, indicating that notice was given, the user did not opt out, and the site is covered under the Limited Service Provider Agreement. The second most common value is 1--- at 1.073%, a placeholder string that provides no meaningful signal, suggesting many implementations are incomplete or default. We observed that sites showing `1YYN` have configured their CMP to default new visitors to an opted-out state, a stricter-than-required privacy posture. The low prevalence (0.078%) indicates most sites follow CCPA's standard opt-out model, where consent is assumed until explicitly revoked.
348
348
349
-
### `DoNotTrack`
349
+
### Do Not Track
350
350
351
351
{{ figure_markup(
352
352
image="donottrack-usage.png",
353
-
caption="`DoNotTrack` usage",
353
+
caption="Do Not Track usage",
354
354
description="Bar chart showing Do Not Track (DNT) signal detection by site popularity. Detection peaks at 44% for the top 5,000 sites and gradually declines as site popularity decreases, reaching 17% for the top 50 million sites.",
0 commit comments