We present the first extensive measurement of the privacy properties of the advertising systems used by privacy-focused search engines. We propose an automated methodology to study the impact of clicking on search ads on three popular private search engines which have advertising-based business models: StartPage, Qwant, and DuckDuckGo, and we compare them to two dominant data-harvesting ones: Google and Bing. We investigate the possibility of third parties tracking users when clicking on ads by analyzing first-party storage, redirection domain paths, and requests sent before, when, and after the clicks. Our results show that privacy-focused search engines fail to protect users' privacy when clicking ads. Users' requests are sent through redirectors on 4% of ad clicks on Bing, 86% of ad clicks on Qwant, and 100% of ad clicks on Google, DuckDuckGo, and StartPage. Even worse, advertising systems collude with advertisers across all search engines by passing unique IDs to advertisers in most ad clicks. These IDs allow redirectors to aggregate users' activity on ads' destination websites in addition to the activity they record when users are redirected through them. Overall, we observe that both privacy-focused and traditional search engines engage in privacy-harming behaviors allowing cross-site tracking, even in privacy-enhanced browsers.
翻译:我们首次对注重隐私的搜索引擎所使用的广告系统的隐私特性进行了广泛测量。我们提出了一种自动化方法,用于研究点击搜索广告对三种采用广告盈利模式的流行隐私搜索引擎(StartPage、Qwant 和 DuckDuckGo)的影响,并将其与两种主流数据收集型搜索引擎(Google 和 Bing)进行对比。通过分析首次存储、重定向域名路径以及点击前后和点击时发送的请求,我们探究了用户在点击广告时被第三方追踪的可能性。结果显示,注重隐私的搜索引擎在用户点击广告时未能有效保护其隐私。在 Bing 上 4% 的广告点击、Qwant 上 86% 的广告点击以及 Google、DuckDuckGo 和 StartPage 上 100% 的广告点击中,用户请求通过重定向器发送。更糟糕的是,所有搜索引擎的广告系统均与广告主合谋,在大多数广告点击中将唯一标识符传递给广告主。这些标识符使得重定向器不仅能记录用户通过它们重定向时的行为,还能聚合用户在广告目标网站上的活动。总体而言,我们观察到,无论是注重隐私的搜索引擎还是传统搜索引擎,都存在损害用户隐私的行为,允许跨站追踪,即使在增强隐私的浏览器中也是如此。