Duumviri: Detecting trackers and mixed trackers with a breakage detector

Abstract

Web tracking harms user privacy. As a result, the use of tracker detection and blocking tools is a common practice among Internet users. However, there is a trade-off between avoiding breakage caused by unintentionally blocking required functionality, and neglecting to block some trackers. Breakages can be caused by 1) misidentifying non-trackers as trackers, or 2) blocking mixed trackers which blend tracking with functional components.

In this work published at NDSS 2025, we propose incorporating a machine learning-based breakage detector into the tracker detection pipeline to automatically avoid misidentification of functional resources. For both tracker detection and breakage detection, we use differential features that can more clearly elucidate the differences caused by blocking a request. As a prototype, Duumviri was designed and implemented for non-mixed trackers, then adopted to automatically identify mixed trackers, drawing differential features at "partial-request granularity”. In the case of non-mixed trackers, Duumviri can achieve an accuracy of 97.44%, evaluated by comparing with EasyPrivacy (human-generated filter lists), while identifying certain previously unreported trackers and breakages caused by some EasyPrivacy rules (manually confirmed). In the case of mixed trackers, as the first automated mixed tracker detector,Duumviri achieves a lower bound accuracy of 74.19%. Overall, Duumviri has enabled us to detect and confirm 22 previously unreported unique trackers and 26 unique mixed trackers.

Read the paper

Bio