Unblockable web trackers: industry flirting with fire?
UK tech journal details rise of ‘unblockable’ web trackers allegedly being used by mainstream publishers and ad platforms (The Register).
- Tracker evades third party classification by pretending to be first party
- Proponents (tracking/analytics firms) ask publishers to allocate them a subdomain and then alias it to an external server
- Technique is called DNS delegation, DNS aliasing or CNAME cloaking
- Ad blockers and browsers such as Chrome do not recognise it as third party tracker to be blocked
- Can be used to fingerprint individual browsers
- Technique has been known for years, but apparently rising in response to ad blockers, do not track, and third party cookie changes by major browsers
“Yet another example of the 'badtech industrial complex' protecting its river of gold,” as one researcher told The Register. It’s a dangerous game to play, given the tectonic shifts rumbling through the US, Europe and Australia around privacy and those employing the tactic are laughing in the face of advertisers talking up the need to rebuild trust. Maybe privacy regulators are already wise to the ruse, but it appears that for now adtech, brands and publishers are getting away with it.
However, one ad blocking firm, NextDNS, says it can solve the problem. A post by co-founder, Romain Cointepas, dives into detail on CNAME cloaking. Cointepas fingers some of those allegedly facilitating it, including some big names, as well as the publishers and brands that are allowing it (from some of the biggest news publishers to the world's second largest retailer, he states).
"There is not a more ideal situation for a third-party tracker that wants to fingerprint you than being able to execute their own script from a subdomain of the website itself," says Cointepas.
Get his full take here. For some, it should make for interesting reading.