BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//The Sustainable Computing Lab - ECPv6.0.11//NONSGML v1.0//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
X-WR-CALNAME:The Sustainable Computing Lab
X-ORIGINAL-URL:https://www.sustainablecomputing.eu
X-WR-CALDESC:Events for The Sustainable Computing Lab
REFRESH-INTERVAL;VALUE=DURATION:PT1H
X-Robots-Tag:noindex
X-PUBLISHED-TTL:PT1H
BEGIN:VTIMEZONE
TZID:Europe/Paris
BEGIN:DAYLIGHT
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
TZNAME:CEST
DTSTART:20190331T010000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
TZNAME:CET
DTSTART:20191027T010000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20191107T150000
DTEND;TZID=Europe/Paris:20191107T163000
DTSTAMP:20260429T193854
CREATED:20190909T125214Z
LAST-MODIFIED:20190909T125214Z
UID:1486-1573138800-1573144200@www.sustainablecomputing.eu
SUMMARY:Nataliia Bielova: Detecting third-party tracking and GDPR violations in Web applications
DESCRIPTION:Third-party Web tracking has been extensively studied over the last decade. In our work\, we focus on two problems that address third-party tracking in Web applications and GDPR impact on trackers.\n\n\n\n\n\nFirst\, we study detection of third-party tracking. Most of previous studies and user tools rely on filter lists. However\, there has always been a suspicion that lists miss many trackers. In this paper\, we propose an alternative method to detect trackers inspired by analyzing behavior of invisible pixels. By crawling 84\,658 webpages from 8\,744 domains\, we detect that third-party invisible pixels are widely deployed: they are present on more than 94.51% of domains and constitute 35.66% of all third-party images. We propose a fine-grained behavioral classification of tracking based on the analysis of invisible pixels. We use this classification to detect new categories of tracking and uncover new collaborations between domains on the dataset of 4\,2M third-party requests. We demonstrate that two popular methods to detect tracking\, based on EasyList&EasyPrivacy and on Disconnect lists respectively miss 25.22% and 30.34% of the trackers that we detect. Moreover\, we find that if we combine all three lists\, 379\,245 requests originated from 8\,744 domains still track users on 68.70% of websites.  \n\n\n\n\n\nSecond\, we analyse GDPR impact on third-party trackers. GDPR defines rights for data subjects (users) and obligations for data controllers (trackers) but it is unclear how subjects and controllers interact concretely. We investigate whether it is safe for a data subject to exercise the right of access of her own data by analysing how subject access request procedures are implemented in third-party tracking services. We observe that some trackers use unsafe or doubtful procedures to authenticate data subjects: the most common flaw is the use of authentication based on a copy of the subject’s national identity card transmitted over an insecure channel.  
URL:https://www.sustainablecomputing.eu/event/detecting-third-party-tracking-and-gdpr-violations-in-web-applications/
END:VEVENT
END:VCALENDAR