Tracking Measurement Obfuscations from SourceURL
Sarah Bird
TL;DR
This paper investigates how tracking scripts use the sourceURL directive to obfuscate their origin, affecting browser transparency and measurement tools, and discusses Firefox's response to this issue.
Contribution
It identifies the obfuscation technique using sourceURL in tracking scripts and documents its impact on measurement platforms like OpenWPM.
Findings
Tracking scripts exploit sourceURL to hide their origin.
Firefox 78 introduces a preference to disable sourceURL obfuscation.
The issue affects both Firefox and Chromium browsers.
Abstract
Tracking scripts can use the sourceURL directive to mask their origin from developer tools and tools that use the same JS call stack and network stack information. Firefox and Chromium appear to be affected. Firefox 78 now includes a preference to disable this behavior. This short paper describes the effect when using the OpenWPM measurement platform along with details of discovery.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Internet Traffic Analysis and Secure E-voting · Digital and Cyber Forensics