Tech Talk: UID Smuggling
 | Author:
Victor Sample
Vic Sample: MT43 News Treasurer |
UID Smuggling Victor Sample Advertisers and other web trackers have been able to aggregate information about you by keeping your information in browser cookies. For decades they could set third-party cookies to track where you are going on the internet.
A few years ago, several browsers started to take action to prioritize user security by blocking third-party cookies. Browsers such as Safari, FireFox and Brave block third-party cookies by default in an effort to thwart the web trackers.
However, protecting your privacy is a lot like playing whack-a-mole; if you stop one method, another method will pop up. In response to the banning of third-party cookies, web trackers have turned to “User ID Smuggling” (commonly referred to as UID Smuggling).
When you click on a link, you are making a request to redirect the browser to another page – maybe on the same website; maybe on a different website. UID Smuggling redirects your request to an intermediary site that tracks where you are coming from and where you are going, then directs your request to the actual target site.
By going to an intermediary site, the trackers are avoiding the privacy protection the browsers are implementing by preventing third-party cookies.
Privacy researchers at UC San Diego have implemented a new tool to measure how much UID Smuggling is actually happening. They presented their findings at the Internet Measurement Conference in Nice, France in October. They found that about 8% (and growing) of the navigations done on the internet are being tracked by UID Smuggling.
What can you, as a user, do to avoid UID Smuggling? Very little! You can try hovering over any links before you click on them and avoid clicking on any links that look suspicious. The problem is determining what looks suspicious. The UID Smugglers do not have any obvious traits.
The browsers products such as Safari, FireFox and Brave can try to implement solutions to avoid UID Smuggling and, of course, security “add-ons” can try to protect your privacy by detecting UID Smuggling. But, the web tracking implementers will just move on to another strategy.
The main author of the paper presented by UC San Diego wrote “Whatever we do, the game won’t end unless we can find a solution that allows the ad industry to remain profitable while still preserving user privacy”.
Remember, when you are on the internet, there is no such thing as privacy. If you are doing something you absolutely want to keep private – don’t do it on the internet.
