How Tracking Companies Circumvent Ad Blockers Using WebSockets
In this study of 100,000 websites, we document how Advertising and Analytics (A&A) companies have used WebSockets to bypass ad blocking, exfiltrate user tracking data, and deliver advertisements. Specifically, we leverage a longstanding bug in Chrome (the world’s most popular browser) in the chrome.webRequest API that prevented blocking extensions from being able to interpose on WebSocket connections.
We conducted large-scale crawls of top publishers before and after this bug was patched in April 2017 to examine which A&A companies were using WebSockets, what information was being transferred, and whether companies altered their behavior after the patch. We find that a small but persistent group of A&A companies use WebSockets, and that several of them are engaging in troubling behavior, such as browser fingerprinting, exfiltrating the DOM, and serving advertisements, that would have circumvented blocking due to the Chrome bug.
IEEE S&P Workshop on Technology and Consumer Protection (ConPro), 2018