Tracking The Trackers: Commercial Surveillance Occurring on U.S. Army Networks

TL;DR

This study analyzes web tracking on U.S. Army networks, revealing that over 21% of accessed domains are trackers, and suggests network and policy changes to mitigate risks.

Contribution

It provides a novel characterization of commercial web tracking on military networks using a new dataset and comparison against an open-source tracker database.

Findings

Over 21% of accessed domains were trackers.

CBII can be configured to better mitigate tracking risks.

Recommendations include network and policy changes.

Abstract

Despite current security implementations, Internet activity on DoD networks is susceptible to web trackers and commercial data collection, which have the potential to expose information about service members and unit operations. This report documents the outcomes of a study to characterize web tracking occurring on Army CONUS unclassified networks. We derived a dataset from the Cloud-Based Internet Isolation (CBII) platform, encompassing data measured over a two-month period in 2024. This dataset comprised the 1,000 most frequently accessed Internet resources, determined by the number of connection requests on CONUS DoDIN-A during the study period. We then compared all domains and subdomains in the dataset against Ghostery's WhoTracks.me, an open-source database of commercial tracking entities. We found that over 21% of the domains accessed during the study period were Internet trackers. The ACI recommends that the Army implement changes to its enterprise networks to limit commercial Internet-based tracking, as well as policy changes towards the same end. With relatively minor configuration changes, CBII can serve as a more effective mitigation against risks posed by commercially available information.