This paper is available on arxiv under CC0 1.0 DEED license.
Authors:
(1) Salim Chouaki, LIX, CNRS, Inria, Ecole Polytechnique, Institut Polytechnique de Paris;
(2) Oana Goga, LIX, CNRS, Inria, Ecole Polytechnique, Institut Polytechnique de Paris;
(3) Hamed Haddadi, Imperial College London, Brave Software;
(4) Peter Snyder, Brave Software.
In this paper, we presented the first systematic study of the privacy properties of the advertising systems of five popular search engines: Two traditional ones, Google and Bing, and three private ones, DuckDuckGo, StartPage, and Qwant. We investigated whether, and to which extent, search engines through their advertising systems, engage in privacyharming behaviors that allow cross site tracking.
Despite the privacy intentions and promises of private search engines, our findings reveal the failure of privacyfocused search engines to fully protect users’ privacy during ad interactions. Users on all measured search engines, including the privacy-focused ones, are subject to navigation-based tracking by third parties. We find that all search engines engage in bounce tracking when clicking on ads, where users are sent through several redirectors before reaching the ads’
destination websites. While private search engines themselves do not engage in user tracking, their reliance on traditional advertising systems (Microsoft or Google) renders users susceptible to tracking by those systems. Although we cannot directly attribute this tracking to the search engines themselves, it is evident that they are enabling it through their reliance on Microsoft and Google’s advertising systems.
Inspecting the privacy policies of the search engines in light of our findings reveals interesting disparities. While our results demonstrate that Microsoft is capable of tracking DuckDuckGo users when they click on ads, DuckDuckGo asserts that Microsoft does not associate ad-click data with user profiles. On the other hand, Qwant, which also relies on Microsoft advertising for a significant fraction of its ads, do not document the utilization of ad-click data by Microsoft and whether it is used to enhance user profiles. Similarly, StartPage explicitly states that clicking on ads subjects users to the data collection policies of other websites.
Our study highlights the need for increased attention to privacy protection within the advertising systems of search engines. One potential solution to protect users’ privacy for private search engines would be to reduce their reliance on third-party advertising systems. Developing their own advertising platform could provide greater control over privacy practices, although the feasibility and complexity of such an approach remain uncertain. Alternatively, private search
engines could collaborate with advertising systems such as Microsoft and Google, forging partnerships that proactively tackle privacy concerns. For instance, private search engines
could negotiate agreements with the ad provider that prevent redirecting users who click on ads placed within private search engines to additional third parties. This approach would minimize the extent of third-party tracking, limiting it to the ad provider only. Moreover, search engines like StartPage and Qwant could follow the lead of DuckDuckGo by seeking agreements with advertising systems to prevent the use of ad-click identifiers for user profile enrichment. These proactive steps would enhance user privacy while maintaining advertising partnerships with larger platforms.
This research was supported in part by the French National Research Agency (ANR) through the ANR-17-CE23-0014, ANR-21-CE23-0031-02, and MIAI@Grenoble Alpes ANR19-P3IA-0003 grants and by the EU through the 101041223, 101021377, and 952215 grants.
[1] Last accessed September 11, 2023. Ad Block engine in Rust. https://www.npmjs.com/package/adblock-rs
[2] Last accessed September 11, 2023. Disconnect Entity List. https://github.com/mozilla-services/shavar-prodlists/blob/master/disconnect-entitylist.json
[3] Last accessed September 11, 2023. DuckDuckGo seach engine. https://duckduckgo.com/
[4] Last accessed September 11, 2023. EasyList. https://easylist.to/easylist/easylist.txt
[5] Last accessed September 11, 2023. EasyPrivacy. https://easylist.to/easylist/easyprivacy.txt
[6] Last accessed September 11, 2023. MovieLens. https://movielens.org/
[7] Last accessed September 11, 2023. Puppeteer. https://www.npmjs.com/package/puppeteer
[8] Last accessed September 11, 2023. Puppeteer Extra Plugin Stealth. https://www.npmjs.com/package/puppeteer-extra-plugin-stealth
[9] Last accessed September 11, 2023. Qwant seach engine. https://www.qwant.com/
[10] Last accessed September 11, 2023. StartPage seach engine. https://www.startpage.com/
[11] Brave. Last accessed September 11, 2023. What are the best private search engines?https://brave.com/learn/no-tracking-search-engine/
[12] Jordi Castellà-Roca, Alexandre Viejo, and Jordi Herrera-Joancomartí. 2009. Preserving user’s privacy in web search engines. Computer Communications 32, 13 (2009), 1541–1551. https://doi.org/10.1016/j. comcom.2009.05.009
[13] Quan Chen, Panagiotis Ilia, Michalis Polychronakis, and Alexandros Kapravelos. 2021. Cookie Swap Party: Abusing First-Party Cookies for Web Tracking. In Proceedings of the Web Conference 2021 (Ljubljana, Slovenia) (WWW ’21). Association for Computing Machinery, New York, NY, USA, 2117–2129. https://doi.org/10.1145/3442381.3449837
[14] Google Click Identifier (GCLID): Definition. Last accessed September 11, 2023. Google Click Identifier (GCLID): Definition. https://support.google.com/google-ads/answer/9744275
[15] Nurullah Demir, Daniel Theis, Tobias Urban, and Norbert Pohlmann. 2022. Towards Understanding First-Party Cookie Tracking in the Field.
[16] MDN Web Docs. Last accessed September 11, 2023. The Anchor element - ping attribute. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#ping
[17] MDN Web Docs. Last accessed September 11, 2023. Redirections in HTTP. https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections
[18] DuckDuckGo and Microsoft. Last accessed September 11, 2023. DuckDuckGo Help Pages -Company Ads by Microsoft on DuckDuckGo Private Search. https://help.duckduckgo.com/duckduckgo-helppages/company/ads-by-microsoft-on-duckduckgo-private-search/
[19] EasyList. Last accessed September 11, 2023. Overview. https://easylist.to/
[20] Github. Last accessed September 11, 2023. PyEnchant. https://pyenchant.github.io/pyenchant/
[21] Google. Last accessed: September 11, 2023. Stats and Analysis. https://trends.google.com/trends
[22] Saikat Guha, Bin Cheng, and Paul Francis. 2010. Challenges in Measuring Online Advertising Systems. In Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (Melbourne, Australia) (IMC ’10). Association for Computing Machinery, New York, NY, USA, 81–87. https://doi.org/10.1145/1879141.1879152
[23] Aniko Hannak, Piotr Sapiezynski, Arash Molavi Kakhki, Balachander Krishnamurthy, David Lazer, Alan Mislove, and Christo Wilson. 2013. Measuring Personalization of Web Search. In Proceedings of the 22nd International Conference on World Wide Web (Rio de Janeiro, Brazil) (WWW ’13). Association for Computing Machinery, New York, NY, USA, 527–538. https://doi.org/10.1145/2488388.2488435
[24] Google Analytics Help. Last accessed September 11, 2023. Common questions about Google Ads Clicks and Analytics Sessions. https://support.google.com/analytics/answer/4588454?hl=en
[25] Microsoft Help. Last accessed September 11, 2023. Auto-tagging of Microsoft Click ID. https://help.ads.microsoft.com/apex/index/3/en/60000
[26] Martin Koop, Erik Tews, and Stefan Katzenbeisser. 2020. In-Depth Evaluation of Redirect Tracking and Link Usage. Proceedings on Privacy Enhancing Technologies 2020 (10 2020), 394–413. https://doi.org/10.2478/popets-2020-0079
[27] Milica Mihajlija. Last accessed September 11, 2023. Cookies Having Independent Partitioned State (CHIPS). https://developer.chrome.com/docs/privacy-sandbox/chips/
[28] Milica Mihajlija. Last accessed September 11, 2023. Cookies Having Independent Partitioned State (CHIPS) origin trial. https://developer.chrome.com/blog/chips-origin-trial/
[29] NordVPN. Last accessed September 11, 2023. The best private search engines for secure browsing. https://nordvpn.com/blog/privatesearch-engines/
[30] DuckDuckGo Help Pages. Last accessed September 11, 2023. Company - Advertising and Affiliates. https://help.duckduckgo.com/duckduckgohelp-pages/company/advertising-and-affiliates/
[31] DuckDuckGo Help Pages. Last accessed September 11, 2023. Privacy - Anonymous Localized Results. https://help.duckduckgo.com/privacy/anonymous-localized-results/
[32] Qwant. Last accessed September 11, 2023. Legal information. https://about.qwant.com/en/legal/confidentialite
[33] Audrey Randall, Peter Snyder, Alisha Ukani, Alex C Snoeren, Geoffrey M Voelker, Stefan Savage, and Aaron Schulman. 2022. Measuring UID smuggling in the wild. In Proceedings of the 22nd ACM Internet Measurement Conference. 230–243.
[34] Shamma Rashed, Tasnim Said, Amal Abdulrahman, Arsiema Yohannes, and Monther Aldwairi. 2022. Evaluating Web Search Engines Results for Personalization and User Tracking. (2022). https://doi.org/10.48550/ARXIV.2211.11518
[35] Franziska Roesner, Tadayoshi Kohno, and David Wetherall. 2012. Detecting and Defending against Third-Party Tracking on the Web. In Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation (San Jose, CA) (NSDI’12). USENIX Association, USA, 12.
[36] Xuehua Shen, Bin Tan, and ChengXiang Zhai. 2007. Privacy Protection in Personalized Search. SIGIR Forum 41, 1 (jun 2007), 4–17. https://doi.org/10.1145/1273221.1273222
[37] StartPage. Last accessed September 11, 2023. Can I advertise on StartPage? https://support.startpage.com/hc/en-us/articles/5076181310612-Can-I-advertise-on-Startpage-
[38] StartPage. Last accessed September 11, 2023. Privacy Policy. https://www.startpage.com/en/privacy-policy
[39] WebKit. Last accessed September 11, 2023. Tracking Prevention Policy. https://webkit.org/tracking-prevention-policy/
[40] Yabo Xu, Ke Wang, Benyu Zhang, and Zheng Chen. 2007. PrivacyEnhancing Personalized Web Search (WWW ’07). Association for Computing Machinery, New York, NY, USA, 591–600. https://doi.org/10.1145/1242572.1242652