Did I Agree to This? Silent Tracking Through Beacons

Abstract

Users’ personally identifiable information (PII) collection is a primary revenue model for the app-economy, and consequently user tracking has become increasingly invasive and ubiquitous. Smart and IoT devices provide even more access to users’ personal information by utilizing their exact location and default device settings. Although users in most cases must grant permission before their personal information is collected and shared with third-parties, this is not the case when user tracking happens through email or just by owning and using Bluetooth dependent devices. In any case, the average user is willing to accept the terms of the often unread “Privacy Policy” in order to receive the advertised “better user experience”, without really being aware of the consequences of this decision. In this work, we investigate the latest popular technologies for user tracking through mobile and web applications and demonstrate how much information about users can be gathered without user awareness or acknowledgment as well as in which cases and how we were able to limit this tracking. Finally, in our work, we attempt to create unified user profiles by combining our findings from the different tracking techniques against targeted users. We hope that our extensive analysis of beacon tracking will lead to greater awareness of the privacy risks involved with web beacons and Bluetooth tracking and motivate the deployment of stricter regulations and a more effective notification mechanism when such tracking is in place.