Control What You Include! Server-Side Protection against Third Party Web Tracking

TL;DR

This paper introduces a server-side web architecture that allows developers to include third-party content while preventing user tracking, balancing functionality and privacy.

Contribution

It proposes a novel server-side solution enabling third-party content inclusion without enabling third-party user tracking.

Findings

Achieves user privacy preservation against third-party tracking.

Allows inclusion of third-party content without compromising privacy.

Provides a practical implementation for privacy-aware web development.

Abstract

Third party tracking is the practice by which third parties recognize users accross different websites as they browse the web. Recent studies show that 90% of websites contain third party content that is tracking its users across the web. Website developers often need to include third party content in order to provide basic functionality. However, when a developer includes a third party content, she cannot know whether the third party contains tracking mechanisms. If a website developer wants to protect her users from being tracked, the only solution is to exclude any third-party content, thus trading functionality for privacy. We describe and implement a privacy-preserving web architecture that gives website developers a control over third party tracking: developers are able to include functionally useful third party content, the same time ensuring that the end users are not tracked by the third parties.