Cross-Device Tracking: Measurement and Disclosures

Open access


Internet advertising and analytics technology companies are increasingly trying to find ways to link behavior across the various devices consumers own. This cross-device tracking can provide a more complete view into a consumer’s behavior and can be valuable for a range of purposes, including ad targeting, research, and conversion attribution. However, consumers may not be aware of how and how often their behavior is tracked across different devices. We designed this study to try to assess what information about cross-device tracking (including data flows and policy disclosures) is observable from the perspective of the end user. Our paper demonstrates how data that is routinely collected and shared online could be used by online third parties to track consumers across devices.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Federal Trade Comm’n “Privacy Online: Fair Information Practices in the Electronic Marketplace” May 2000.

  • [2] Federal Trade Comm’n “Self-Regulatory Principles for Online Behavioral Advertising” Feb. 2009.

  • [3] Federal Trade Comm’n “Protecting Consumer Privacy in an Era of Rapid change: Recommendations for Businesses and Policymakers (Privacy Report)” March 2012.

  • [4] Fed. Trade Comm’n “FTC Settlement Puts an End to ’History Sniffing’ by Online Advertising Network Charged With Deceptively Gathering Data on Consumers” Dec. 2012.

  • [5] Fed. Trade Comm’n “Online Advertiser Settles FTC Charges ScanScout Deceptively Used Flash Cookies to Track Consumers Online” Nov. 2011.

  • [6] Fed. Trade Comm’n “FTC Puts an End to Tactics of Online Advertising Company That Deceived Consumers Who Wanted to ’Opt Out’ from Targeted Ads” March 2011.

  • [7] TRUSTe/Nationnal Cyber Security Alliance “U.S. Consumer Privacy Index 2016”

  • [8] M. Madden L. Rainie “Americans Attitudes About Privacy Security and Surveillance” May 2015.

  • [9] I. Altaweel N. Good C.J. Hoofnagle “Web Privacy Census” Technology Science Dec. 2015.

  • [10] S. Englehardt D. Reisman C. Eubank P. Zimmerman J. Mayer A. Narayanan E. Felten “Cookies That Give You Away: The Surveillance Implications of Web Tracking” in Proceedings of the 24th International conference on World Wide Web (New York NY USA) pp. 289–299 ACM 2015.

  • [11] D. Malandrino A. Petta V. Scarano L. Serra R. Spinelli B. Krishnamurthy “Privacy Awareness about Information Leakage: Who Knows What about Me?” in Proceedings of the 12th ACM Workshop on privacy in the electronic society (New York NY USA) ACM pp. 279–284 2013.

  • [12] J. Mayer “Tracking the Trackers: Where Everybody Knows Your Username” Oct. 2011.

  • [13] J. Zang K. Dummit J. Graves P. Lisker L. Sweeney “Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps” Technology Science Oct. 2015.

  • [14] J. Ren A. Rao M. Lindorfer A. Legout D. Choffnes “Re-Con: Revealing and Controlling PII Leaks in Mobile Network Traffic” in International Conference on Mobile Systems Applications and Services (Singapore) ACM June 2016.

  • [15] S. Son D. Kim V. Shmatikov “What Mobile Ads Know About Mobile Users” in Network and Distributed System Security Symposium (San Diego CA USA) Internet Society Feb. 2016.

  • [16] A. Razaghpanah N. Vallina-Rodriguez S. Sundaresan C. Kreibich P. Gill M. Allman V. Paxson “Haystack: A Multi-Purpose Mobile Vantage Point in User Space” Oct. 2016.

  • [17] A. McDonald L. Cranor “The Cost of Reading Privacy Policies” in Journal of Law and Policy for the Information Society 2008.

  • [18] J. Graves “An Exploratory Study of Mobile Application Privacy Policies” Technology Science Oct.2015.

  • [19] A. Soltani S. Canty Q. Mayo L. Thomas C.J. Hoofnagle “Flash Cookies and Privacy” Aug. 2009.

  • [20] G. Acar C. Eubank S. Englehardt M. Juarez A. Narayanan C. Diaz “The Web Never Forgets: Persistent Tracking Mechanisms in the Wild” in Proceedings of the 2014 Conference on Computer and Communications Security (Scottsdale AZ USA) ACM pp. 674–689 2014.

  • [21] N. Kapravelos A. Kapravelos W. Joosen C. Kruegel F. Piessens G. Vigna “Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting” 2013.

  • [22] R. Díaz-Moralesl “Cross-Device Tracking: Matching Devices and Cookies” Oct. 2015.

  • [23] Fed. Trade Comm’n “Consumer Information: Online Tracking”

  • [24] P. Eckersley “How Unique is Your Web Browser?”

  • [25] J. Angwin “Meet the Online Tracking Device That is Virtually Impossible to Block” July 2014.

  • [26] L. Olejnik C. Castelluccia A. Janc “Why Johnny Can’t Browse in Peace: On the Uniqueness of Web Browsing History Patterns” in 5th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs) 2012.

  • [27] R. Bilton “Cross-device tracking explained” Aug. 2015.

  • [28] L. Lessig Code Version 2.0. pp. 33–35 2006.

  • [29] M. Cavna “NOBODY KNOWS YOU’RE A DOG’: As iconic Internet cartoon turns 20 creator Peter Steiner knows the idea is as relevant as ever Washington Post” July 2013.

  • [30] E. Felten “Does Hashing Data Make Data ’Anonymous’?” Apr. 2012.

  • [31] Fed. Trade Comm’n “FTC Isssues Warning Letters to App Developers Using ’Silverpush’ Code” March 2016.

  • [32] S. Englehardt and A. Narayanan “Online tracking: A 1-million-site measurement and analysis” May 2016.

  • [33] “Infographic: Everything You Need to Know about Real Time Bidding for Display Ads” May 2014.

  • [34] Tapad “Who We Are”

  • [35] Drawbridge “The Largest Independent Cross-Device Identity Solution”

  • [36] Facebook “What information does Facebook get when I visit a site with a Like button?”

  • [37] B. Barrett “Uh Oh: Google Expands its Ad Tracking. But Yay: It’s Opt-in” June 2016.

  • [38] J. Rich “Keeping Up with the Online Advertising Industry” 21 April 2016.

  • [39] Digital Advertising Alliance “Application of the DAA Principles of Transparency and Control to Data Used Across Devices” Nov. 2015.

  • [40] L. Schifferle “Online tracking — more than cookies” June 2016.

  • [41] L. Tonsager “Digital Advertising Alliance Will Begin Enforcing its Cross-Device Guidance February 1 2017” Oct. 2016.

Journal information
Cited By
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 937 341 99
PDF Downloads 541 214 48