Adblocker AdGuard Published list of Thousands of CNAME Trackers

Adblocker developer AdGuard has published an overview of thousands of CNAME trackers that follow internet users on the web in a sophisticated way. Recently, researchers announced that the use of CNAME-based tracking on websites has increased significantly.

Previously, web trackers and advertising companies that are active as a third party on a website from another domain placed cookies with users. Since these cookies originate from a different domain than the visited domain, they are called third-party cookies. Via third-party cookies it is easy to follow users across the web, because the third party can place them via all kinds of sites and thus see which websites a user visits.

Various browsers then decided to prevent tracking via third-party cookies by blocking domains of these parties. Third parties that are active on a website can therefore no longer place cookies with users of these browsers. Several tracking companies have found a solution in the use of first-party trackers, also known as "dns delegation", "dns aliasing" or "cname cloaking".

The companies ask publishers and other websites to create a CNAME record where a subdomain, such as tracking.example.tld, points to the domain of the advertiser or tracker. Because the subdomain falls within the context of the visited domain, example.tld, the cookies from the subdomain are accepted by the browser, even if they are actually third party cookies. This way, tracking companies know how to disguise third-party tracking cookies as first-party trackers.

Researchers discovered thirteen companies engaged in this method. The use of CNAME-based tracking increased by 21 percent in the past 22 months, according to the researchers. Popular trackers and less popular trackers decreased by eight and three percent respectively in the same period. CNAME-based tracking is used on nearly ten percent of the 10,000 most popular websites on the Internet.

In addition to tracking, CNAME-based tracking also introduces other privacy concerns. "Different trackers often place first-party cookies via the document.cookie interface. We found that because of the way the web architecture works, this method can lead to the leakage of cookies," said the researchers. Cookies placed before example.tld are also sent to tracking.example.tld. In addition, it appears that many CNAME trackers go via http and not via https. This enables man-in-the-middle attacks.

AdGuard has now published a rundown of thousands of CNAME trackers on GitHub . At the top of the list is Adobe Experience Cloud (formerly Omniture), with more than 2,500 domains, followed by Pardot with nearly 1,600 trackers. AdGuard says it will update the lists regularly. The adblocker developer also expresses the hope that other creators of filter lists will also use the overview.

Previous Post Next Post