Journal of Digital Convergence (디지털융복합연구)

The Society of Digital Policy and Management (한국디지털정책학회)
권호 표지
DOI QR코드

DOI QR Code

Classification of Online Tracking Technology and Implications in User Perspective

온라인 트래킹 기술 분류 및 이용자 관점에서의 시사점

  • Lee, Bohan (Dept. of Consumer Science, Seoul National University) ;
  • Rha, Jong-Youn (Dept. of Consumer Science, Seoul National University / Research Institute of Human Ecology, Seoul National University)
  • 이보한 (서울대학교 소비자학과) ;
  • 나종연 (서울대학교 소비자학과/서울대학교 생활과학연구소)
  • Received : 2018.06.14
  • Accepted : 2018.09.20
  • Published : 2018.09.28
Download PDF
⟨ Previous Next ⟩

Abstract

This study searched and analyzed online tracking technologies. It tried to understand what to consider when establishing policies related to online tracking. Online tracking technologies were classified into 'general cookies', 'super cookies', 'fingerprinting', 'device ID tracking' and 'cross-device tracking'. Political considerations should include the layers of online tracking, the subjects of tracking technology, purpose of use, duration and storage format of information, and development of technology. The implications of this study are as follows: first, policy makers and industry should be aware that the degree of risk perceived by users may vary according to the characteristics of online tracking technology. Secondly, it is necessary to understand factors that affect the classification of online tracking technology. Finally, in the industry, preemptive measures such as building an integrated privacy system are needed to relieve anxiety of users and to build trust.

이용자의 정보를 수집하여 활용하는 온라인 트래킹 기술이 빠르게 발전하고 있다. 온라인 트래킹은 제품과 서비스 질의 향성, 이용자 경험의 증진의 측면에서 그 필요성이 강조되지만, 이용자의 프라이버시 침해나 정보 보안 취약성 등의 문제를 내포하고 있다. 이에 본 연구에서는 온라인 트래킹 기술들을 탐색하고, 이를 통해 온라인 트래킹과 관련한 정책 수립시, 고려해야 할 사항을 파악하고자 하였다. 그 결과, 온라인 트래킹 기술은 '일반쿠키', '슈퍼쿠키', '핑거프린팅', '디바이스 ID 트래킹', '크로스 디바이스 트래킹' 등으로 구분되었다. 온라인 트래킹의 발생 단계, 기술 생성주체, 활용목적, 정보의 유지기간 및 저장형식, 기술의 변화 등이 정책적으로 고려되어야 할 사항인 것으로 나타났다. 정책입안자와 산업관계자는 온라인 트래킹 기술의 특성에 따라 이용자가 인지하는 위험 정도가 다를 수 있음을 인지해야 한다. 그리고 온라인 트래킹 기술의 분류에 영향을 미칠 수 있는 다양한 요인에 대한 정책적인 이해가 필요하다. 마지막으로 산업계에서는 통합적 프라이버시 시스템을 구축 등의 선제적 대응이 필요하다.

Keywords

References

  1. W. Meng, B. Lee, X. Xing & W. Lee. (2016). Track me or not: Enabling flexible control on web tracking. In Proceedings of the 25th International Conference on World Wide Web, 99-109.
  2. J. C. Havens. (2015). Hacking happiness: Why your personal data counts and how tracking it can change the world. TarcherPerigee.
  3. J. Brookman, P. Rouge, A. Alva & C. Yeung. (2017). Cross-device tracking: Measurement and disclosures. Proceedings on Privacy Enhancing Technologies, 2017(2), 133-148.
  4. S. Englehard & A. Narayanan. (2016). "Online tracking: A 1-million-site measurement and analysis." In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 1388-1401.
  5. S. Hong & H. Sin. (2017). Analysis of the Vulnerability of the IoT by the Scenario. Journal of the Korea Convergence Society, 8(9), 1-7. https://doi.org/10.15207/JKCS.2017.8.9.001
  6. B. Fox, N. Gurney, & M. Cavestany. (2017). The trust factor in the cognitive era: How CSPs can capitalize on personal data while preserving privacy, IBM Institute for Business.
  7. PRESIDENTIAL COMMITTEE ON THE FOURTH INDUSTRIAL REVOLUTION. (2018). Discussions on the revitalization of various digital signatures through amendment of electronic signature law. Seoul: 4th-IR
  8. Federal Trade Commission. (2017). Cross-Device Tracking. staff report, Jan. FTC.
  9. A. Kolah. (2018). The GDPR Handbook: A Guide to the EU General Data Protection Regulation, Kogan Page.
  10. C. Castelluccia & A. Narayanan. (2012). Privacy considerations of online behavioural tracking. European Network and Information Security Agency (ENISA).
  11. Korea Communications Commission. (2017). Online Personalized Ad Privacy Guidelines. KCC.
  12. Korea Onlinead Association. (2017). Discussion about the development strategy of online advertising ecosystem using Big Data. Seoul: Korea Onlinead Association.
  13. eMarketer. (2017). Net Digital Ad Revenue Share Worldwide, by Company, 2016-2019. eMarketer(Online). http://www.emarketer.com/Chart/Net-Digital-Ad-Revenue-Share-Worldwide-by-Company-2016-2019-of-total -billions/205364.
  14. A. M. Hormozi. (2005). Cookies and privacy. EDPACS, 32(9), 1-13. https://doi.org/10.1201/1079/45030.32.9.20050301/86855.1
  15. Federal Trade Commission. (2016). Internet Cookies. FTC(Online). https://www.ftc.gov/site-information/privacy-policy/internet-cookies
  16. C. Castelluccia. (2012). Behavioural tracking on the internet: a technical perspective. In European Data Protection: In Good Health? (pp. 21-33). Springer, Dordrecht.
  17. A. Soltani, S. Canty, Q. Mayo, L. Thomas & C. J. Hoofnagle. (2009). Flash cookies and privacy. SSRN Electronic Journal, 1-8.
  18. N. Nikiforakis, A. Kapravelos, W. Joosen, C. Kruegel, P. Piessens & G. Vigna. (2013, May). Cookieless monster: Exploring the ecosystem of web-based device fingerprinting. In Security and privacy (SP), 2013 IEEE symposium on (pp. 541-555). IEEE.
  19. K. Takeda. (2012, October). User Identification and Tracking with online device fingerprints fusion. In Security Technology (ICCST), 2012 IEEE International Carnahan Conference on (pp. 163-167). IEEE.
  20. S. Seneviratne, H. Kolamunna & A. Seneviratne. (2015, June). A measurement study of tracking in paid mobile applications. In Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks (p. 7). ACM.
  21. J. C. Havens. (2015). Hacking happiness: Why your personal data counts and how tracking it can change the world. TarcherPerigee.
  22. S. Zimmeck, J. S. Li, H. Kim, S. M. Bellovin, & T. Jebara. (2017, August). A privacy analysis of cross-device tracking. In 26th USENIX Security Symposium (USENIX Security 2017).
  23. Network Advertising Initiative. (2018). 2018 NAI Code of Conduct. NAI.
  24. Financial News. (2009). The Korea Communications Commission (KCC) will make an online ad customization guide within the year. fnnews. http://www.fnnews.com/news/200910121814269647?t=y
  25. R. K. Sar & Y. Al-Saggaf. (2014). Contextual integrity's decision heuristic and the tracking by social network sites. Ethics and Information Technology, 16(1), 15-26. https://doi.org/10.1007/s10676-013-9329-y
  26. G. Bae, Y. Lee, E. Kim, G. Tae, H. Kim & H. Lee. (2018). Detection of Android Apps Requiring Excessive Permissions. Korea Society of Computer Information, 26(1), 79-80.
  27. J. Pierson & R. Heyman. (2011). Social media and cookies: challenges for online privacy. info, 13(6), 30-42. https://doi.org/10.1108/14636691111174243
  28. British Telecom. (2018). More about cookies on BT.com, BT(Online). https://home.bt.com/pages/cookies/more-about-cookies.html
  29. J. Lee & J. Rha. (2015). How Consumers Perceive Online Behavioral Advertising : Consumer Typology and Determining Factors. Journal of Digital Convergence, 13(9), 105-114. https://doi.org/10.14400/JDC.2015.13.9.105
  30. British Broadcasting Corporation. (2016). What do I need to know about cookies?. BBC(Online). http://www.bbc.com/usingthebbc/cookies/what-do-i-ne ed-to-know-about-cookies
  31. M. G. CIP. (2015). The cookie trail: Why IG pros must follow the crumbs. Information Management, 49(2), 24.
  32. M. Ayenson, D. Wambach, A. Soltani, N. Good & C. Hoofnagle. (2011). Flash cookies and privacy II: Now with HTML5 and ETag respawning.
  33. I. Derksen, I. E. Poll & F. van den Broek. (2016). HTML5 Tracking Techniques in Practice. Radboud University.
  34. K. Crawford & J. Schultz. (2014). Big data and due process: Toward a framework to redress predictive privacy harms. BCL Rev., 55, 93.
  35. H. Kong, H. Jun & S. Yoon. (2018). A Study on the Privacy Policy of Behavioral Advertising. Journal of the Korea Convergence Society, 9(3), 231-240. https://doi.org/10.15207/JKCS.2018.9.3.231
  36. J. Rha. (2014). Legal issues of privacy; Suggestions for collecting and using consumer-oriented personal information. BFL, 66, 53-66.
  37. ThreatMetrix. (2012). ThreatMetrix Report Reveals Fraudulent Transaction Activity on Desktop and Mobile for 2011 Holiday Season. ThreatMetrix(Online). https://www.threatmetrix.com/press-releases/threatmetrix-report-reveals-fraudulent-transaction-activity-on-desktop-and-mobile-for-2011-holiday-season/
  38. Federal Trade Commission. (2012). Protecting consumer privacy in an era of rapid change. FTC report.