Search papers, labs, and topics across Lattice.
This study investigates the shift from third-party tracking to first-party tracking (FPT) and server-side tracking (SST) by conducting a large-scale measurement of top websites. The findings reveal that over 54% of the analyzed sites utilize FPT or SST techniques, which significantly complicate traditional detection methods. Additionally, the authors propose new filtering rules that outperform existing lists, blocking 63% more tracking requests and highlighting the inadequacy of current privacy measures against modern tracking strategies.
Over half of the top websites now employ first-party tracking mechanisms, rendering traditional detection methods nearly obsolete.
Web user tracking has always been a cat-and-mouse game between privacy-conscious users and trackers. Recently, this conflict has driven a shift from third-party tracking toward first-party tracking (FPT) and server-side tracking (SST). By relocating tracking logic to the browser's first-party context or the website's backend, these mechanisms obscure data flows and render traditional client-side detection tools increasingly ineffective. Despite the growing adoption of these techniques, our understanding of their deployment at scale remains limited, and generalized protection mechanisms are lacking. In this work, we conduct a large-scale measurement of top sites to assess this shift and the prevalence of FPT and SST. We develop a provider-independent methodology to detect these mechanisms and find that over 54% of analyzed sites now deploy FPT or SST-related techniques. By clustering scripts based on their similarity and constructing a network graph, we demonstrate that the ecosystem is densely connected and dominated by major vendors like Google. Finally, we demonstrate that current filter lists are largely ineffective against first-party tracking, and we propose new rules to address this gap. We show that these rules block 63% more requests than traditional filter lists.