The creators of the uBlock Origin banner ad blocker have discovered a new technique by which advertisers bypass restrictions on tracking Internet visitors. The method is based on the manipulation of DNS queries and allows the online tracker to integrate into the exchange of data between the site and the client.

Disguising online tracking using DNS queries

Researchers described this technology in  2010 and  2014 . Its essence is to disguise the tracker as one of the elements of the site accessed by the browser. To do this, the site creator allocates a special subdomain, and the script developer binds it to a third-party server through a DNS CNAME record. It allows using the main cookie to collect data on visits to all sites within the specified domain.

By driving traffic through their data collection service, marketers and web analytics can create user profiles, even if they have disabled such tracking. For the browser, this intermediate step looks like the legitimate part of loading the target site. Therefore, blocking third-party scripts, which has recently been turned on by default in  Firefox and  Safari , in this case does not work.

Experts say the illegality of the new method

As the experts found out, at the moment several Internet companies are simultaneously promoting their analytical solutions as an opportunity to circumvent the bans of developers and users. Experts see in such actions a direct violation of the European GDPR regulation , which requires online sites to inform visitors about the tracking of their actions.

In a commentary to The Register reporters, Augustine Fou, an expert on junk technology, said that since the creators of the script-trackers emphasize the inability to track the activity of their products, this activity is clearly illegal.

“This is not an accidental error, but an exploit,” the researcher emphasized. – [The developers of such scripts take] hidden and sequential actions to issue third-party cookies for the file of the main site. As a result, they ignore the legal restrictions and wishes of the users themselves. ”

Prospects for dealing with DNS query manipulation

The developers proposed a method with which you can block such activity. The technology works only in Firefox – this browser has an API that can detect manipulations with CNAME.

Chrome doesn’t. In addition, Google representatives previously stated that they did not intend to deny advertisers the opportunity to monitor the activity of the audience. At the same time, corporation experts are working to ensure that users see only the ads they need and  can block unwanted banners.

Earlier, experts warned Android users about the threat of free applications. According to experts, such utilities often transmit private data through insecure channels and sell information to third-party organizations.

LinkedIn : Rapidsafeguard
Twitter : Rapidsafeguard
Instagram: Rapidsafeguard
Facebook : Theeasyhack
YouTube : Rapidsafeguard


Please enter your comment!
Please enter your name here