From Syntactic Matching to Taint Tracking and Back: A Comparative Study of Web Tracking Detection Techniques

Authors: Stefano Calzavara (Università Ca' Foscari Venezia), Samuele Casarin (Università Ca' Foscari Venezia and Scuola IMT Alti Studi Lucca), Marco Squarcina (TU Wien), Matteo Maffei (TU Wien)

Volume: 2026
Issue: 4
Pages: 305–320
DOI: https://doi.org/10.56553/popets-2026-0122

Artifact: Available, Functional, Reproduced

Download PDF

Abstract: Traditional web tracking techniques rely on unique identifiers set in the client-side storage and shared with third-party trackers through network requests. Ideally, this phenomenon may be investigated through the classic lens of information flow control, e.g., by using instrumented browsers with taint tracking support. As a matter of fact though, most web privacy research makes use of simple syntactic matching heuristics that merely look for the presence of (possibly transformed) client-side identifiers within network requests, with no visibility of the JavaScript logic. In this work, we perform a comparative study of these two approaches to web tracking detection. Our investigation shows that taint tracking can expose tracking behavior that remains undetected by syntactic matching heuristics, which suffer from a significant number of false positives and false negatives. However, we also show that taint tracking is not strictly superior to syntactic matching, due to a range of different reasons, including the current limitations of state-of-the-art implementations and the complexity of real-world tracking behavior. Overall, we advocate for a critical reflection on the shortcomings of prominent web tracking detection approaches and we propose useful methodologies to improve current measurement practices.

Keywords: web tracking, web privacy, web measurements

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.