Abstract.
In this study of 100,000 websites, we document how Advertising and Analytics
(A&A) companies have used WebSockets to bypass ad blocking, exfiltrate user
tracking data, and deliver advertisements. Specifically, our measurements
investigate how a long-standing bug in Chrome’s (the world’s most popular
browser) chrome.webRequest API prevented blocking extensions from being able to
interpose on WebSocket connections. We conducted large-scale crawls of top
publishers before and after this bug was patched in April 2017 to examine which
A&A companies were using WebSockets, what information was being transferred, and
whether companies altered their behavior after the patch. We find that a small
but persistent group of A&A companies use WebSockets, and that several of them
engaged in troubling behavior, such as browser fingerprinting, exfiltrating the
DOM, and serving advertisements, that would have circumvented blocking due to
the Chrome bug.