I know what you did last summer: New persistent tracking mechanisms in the wild

Stefano Belloro, Alexios Mylonas

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)
27 Downloads (Pure)


As the usage of the Web increases, so do the threats an everyday user faces. One of the most pervasive threats a Web user faces is tracking, which enables an entity to gain unauthorized access to the user's personal data. Through the years, many client storage technologies, such as cookies, have been used for this purpose and have been extensively studied in the literature. The focus of this paper is on three newer client storage mechanisms, namely, Web Storage, Web SQL Database, and Indexed Database API. Initially, a large-scale analysis of their usage on the Web is conducted to appraise their usage in the wild. Then, this paper examines the extent that they are used for tracking purposes. The results suggest that Web Storage is the most used among the three technologies. More importantly, to the best of our knowledge, this paper is the first to suggest Web tracking as the main use case of these technologies. Motivated by these results, this paper examines whether popular desktop and mobile browsers protect their users from tracking mechanisms that use Web Storage, Web SQL Database, and Indexed Database. Our results uncover many cases where the relevant security controls are ineffective, thus making it virtually impossible for certain users to avoid tracking.
Original languageEnglish
Article number8457184
Pages (from-to)52779-52792
Number of pages14
JournalIEEE Access
Publication statusPublished - 10 Sept 2018


  • indexed database
  • indexedDB
  • privacy
  • web security
  • Web SQL database
  • web storage
  • Web tracking


Dive into the research topics of 'I know what you did last summer: New persistent tracking mechanisms in the wild'. Together they form a unique fingerprint.

Cite this