Fraunhofer SIT publishes Tracking Protection List for more data protection while surfing – the majority of the most popular websites in Germany now integrate trackers

The Fraunhofer Institute for Secure Information Technology has created a Tracking Protection List for Microsoft Internet Explorer, which prevents Internet surfers from being monitored without them knowing it. Trackers collect information in the background on the sites Internet users visit. The Tracking Protection List (TPL) protects users of Internet Explorer 9 against common tracker methods. The list primarily focuses on trackers that utilize tracking methods on the most popular websites in Germany. The TPL can be found at www.sit.fraunhofer.de/tpl, where it can be downloaded for free.

Most people who surf the Internet nowadays can be sure that trackers are monitoring their surf behaviour. What most Internet users don’t know, however, is that trackers collect information on surf behaviour from various online sources. With the Cross Domain Tracking an individual tracker can monitor the click behaviour of a surfer across multiple Internet sites and, as a result of this, collect a comprehensive amount of information on the user’s preferences and interests. The advertising industry, for example, then uses such user profiles to advertise products and services in a very targeted manner. Dr. Markus Schneider from Fraunhofer SIT explains: “We are not talking about web analyses for own websites, which operators use to monitor visitor behaviour to a business’s own site in order to improve offers, rather, we are referring to trackers who have integrated their methods into the websites of other providers. These are sites that they do not operate themselves. What’s more, trackers active with more than 200 providers among the top 500 websites for Germany are not that seldom.“

If a website with integrated tracking methods is loaded, the associated code elements will try to establish a background connection to the tracker. With the help of the Tracking Protection List from Fraunhofer SIT, the browser blocks the connection to the tracker. This, in turn, means that tracking is not possible. IE users may also see a blue “No entry” shield in areas where a tracking method would have been able to send information.

The Fraunhofer Tracking Protection List differs from the data protection standard Do Not Track (DNT) of the World Wide Web Consortium W3C. With DNT tracking is not necessarily blocked. All it does is send a message to the tracker stating that tracking is not desired. This means that with DNT, the user is reliant on the tracker’s willingness to cooperate. With DNT the user does not know with certainty whether they are surfing in a “data protection friendly” manner or not.

To generate the Tracking Protection List researchers at Fraunhofer SIT have determined the most important tracking methods and consequently developed a crawler. The crawler searched the top 500 most frequently visited websites in Germany looking for these methods (determined via the service Alexa www.alexa.com/topsites/countries/DE). So far the researchers have found more than 360 trackers. Tracking with third-party cookies made up the lion’s share. On many sites more than 30 different trackers have been integrated. “During tracker detection our system analyses whether a tracker candidate is using methods that would enable it to “track”. We cannot, however, determine what they do internally with the data that has been collected“, said Dr. Markus Schneider. “The addresses in the list collect data that is directly related to the surf activities of the user at different websites, without his knowledge or approval.“

The Tracking Protection List is a joint project of Fraunhofer SIT and Microsoft. The first version of the TPL can now be downloaded at www.sit.fraunhofer.de/tpl. Internet Explorer users who would like to install the list must simply click the download link. They will then be taken to an IE gallery of Microsoft where they can download the list. All they need to do then is to ensure that the tracking protection is activated in the browser.

Fraunhofer SIT will update and extend the list in the future on behalf of Microsoft. The Internet Explorer will automatically load the updates. “We chose Fraunhofer SIT for this cooperation because Fraunhofer SIT is the first choice in Germany for application oriented IT security research“, said Frank Maenz, Product Manager for the Internet Explorer at Microsoft Deutschland. Together with its partners, Fraunhofer SIT operates the Center for Advanced Security Research Darmstadt CASED, the largest center for research in IT security in Europe, and the European Center for Security and Privacy by Design EC SPRIDE, the largest competence center for IT security research supported by the Federal Ministry of Education and Research