2018-00990 - [INDES] Web Tracking measurement, classification and prevention

Type de contrat : CDD de la fonction publique

Niveau de diplôme exigé : Bac + 5 ou équivalent

Fonction : Doctorant

A propos du centre ou de la direction fonctionnelle

The Inria Sophia Antipolis - Méditerranée center counts 37 research teams and 9 support departments. The center's staff (about 600 people including 400 Inria employees) is composed of scientists of different nationalities (250 foreigners of 50 nationalities), engineers, technicians and administrators. 1/3 of the staff are civil servants, the others are contractual. The majority of the research teams at the center are located in Sophia Antipolis and Nice in the Alpes-Maritimes. Six teams are based in Montpellier and a team is hosted by the computer science department of the University of Bologna in Italy. The Center is a member of the University and Institution Community (ComUE) "Université Côte d'Azur (UCA)".

Contexte et atouts du poste

The PrivaWeb “Privacy Protection and ePrivacy Compliance for Web Users” project, which is funded by ANR, the French National Research Agency, aims at developing new methods for detection of advanced Web tracking technologies and new tools to integrate in existing Web applications that seamlessly protect privacy of users. In this project, we will integrate three key components into Web applications: privacy, compliance and usability. Our research will address methodological aspects (designing new detection methods and privacy protection mechanisms), practical aspects (large-scale measurement of Web applications, browser extensions implementation), and usability aspects (user surveys to evaluate privacy concerns and usability of existing and new protection tools).

Mission confiée

The Web has become an essential part of our lives: billions are using Web applications on a daily basis, and there are single websites that have reached over one billion user accounts. While the users browse the web, they are placing digital traces on millions of websites [27, 56]. Such traces allow advertising companies, as well as data brokers to continuously profit from collecting a vast amount of data associated to the users. At the same time, the users do not have any control of who is collecting their data and when. Recent research has shown that third-party advertising networks and data brokers use a wide range of techniques in order to track users across the Web [66, 63, 7, 59, 27, 24, 2, 56, 46]. Web users today are losing trust in online systems, as they are getting more concerned with how companies may use their data. As evaluated by Eurobarometer [72], a majority of EU citizens think it is “unacceptable to have their online activities monitored in exchange for unrestricted access to a certain website (64%)”.

In the upcoming years, Europe will make a significant transformation of the Web Tracking ecosystem. Next to General Data Protection Regulation (GDPR) [33] that will in in force on 25 May 2018, a new ePrivacy Regulation [29, 30] will be finalised. ePrivacy will be based on the notion of user’s consent, which will impart users with an increasing control over their data. 


[27] S. Englehardt and A. Narayanan. Online tracking: A 1-million-site measurement and analysis. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security ACM CCS, pages 1388–1401, 2016.

[56] N. Nikiforakis, A. Kapravelos, W. Joosen, C. Kruegel, F. Piessens, and G. Vigna. Cookieless monster: Exploring the ecosystem of web-based device fingerprinting. In IEEE Symposium on Security and Privacy, SP 2013, pages 541–555, 2013.

[66] A.Soltani,S.Canty,Q.Mayo,L.Thomas,andC.J.Hoofnagle.Flashcookiesandprivacy.InAAAISpringSymposium:Intelligent Information Privacy Management, 2010.

[63] F. Roesner, T. Kohno, and D. Wetherall. Detecting and defending against third-party tracking on the web. In Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2012, pages 155–168, 2012.

[7] M. D. Ayenson, D. J. Wambach, A. Soltani, N. Good, and C. J. Hoofnagle. Flash cookies and privacy ii: Now with html5 and etag respawning. Technical report, Available at SSRN: https://ssrn.com/abstract=1898390orhttp://dx.doi.org/10. 2139/ssrn.1898390, 2011.

[24] P. Eckersley. How Unique is Your Web Browser? In Proceedings of the 10th International Conference on Privacy Enhancing
Technologies, PETS’10, pages 1–18. Springer-Verlag, 2010.

[46] A. Lerner, A. K. Simpson, T. Kohno, and F. Roesner. Internet jones and the raiders of the lost trackers: An archaeological study of web tracking from 1996 to 2016. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, 2016.

[2] G. Acar, M. Jua ́rez, N. Nikiforakis, C. D ́ıaz, S. F. Gu ̈rses, F. Piessens, and B. Preneel. Fpdetective: dusting the web for finger- printers. In 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS’13), pages 1129–1140, 2013.

[29] Proposal for a regulation of the european parliament and of the council, concerning the respect for private life and the protection of personal data in electronic communications and repealing directive 2002/58/ec (regulation on privacy and electronic communications), com(2017) 10 final. http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=41241.

[30] Report on the proposal for a regulation of the european parliament and of the council concerning the respect for private life and the protection of personal data in electronic communications and repealing directive 2002/58/ec (regulation on privacy and electronic communications) (com(2017)0010 ? c8-0009/2017 ? 2017/0003(cod)), 23 october 2017. http://www.europarl.europa.eu/ sides/getDoc.dotype=REPORT&reference=A8-2017-0324&language=EN#top.

[33] Regulation (eu) 2016/679 of the european parliament and of the council of 27 april 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/ec (general data protection regulation) (text with eea relevance). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex: 32016R0679.

[72]  TNS Political & Social at the request of the European Commission, Directorate-General for Communications Networks, Con- tent & Technology (DG CONNECT). Flash eurobarometer 443 “e-privacy”. http://ec.europa.eu/commfrontoffice/ publicopinion/index.cfm/ResultDoc/download/DocumentKy/76377, July 2016.

Principales activités

We first aim at performing large-scale measurement and detect, and classify advanced Web tracking technologies. The biggest challenge with respect to the previous works is to design fine-grained detection of Web tracking, revealing main practices of tracking companies at large scale, and to provide a classification of these techniques. This task includes:

  • Large-scale measurement and data collection
  • Measurement of uniqueness of users browsers and preferences on the Web
  • Classification and detection of advanced Web tracking

Second, we will devise new methods and tools to protect users from advanced Web tracking based on our classi- fication of third-party trackers taking into accound ePrivacy Regulation.

Collaboration :

The PhD student will closely work within the INDES research team of the Sophia- Antipolis Inria Research Center with strong interactions with DIANA team (Sophia- Antipolis Inria Research Center). 


Master degree in Computer Science or Computer Engineering is required. Programming skills in Python 3.
Knowledge of Web technologies and JavaScript in particular is required. 

Fluent English required, both oral and written.

Knowledge of French is not required.

Avantages sociaux

  • Restauration subventionnée
  • Transports publics remboursés partiellement
  • Sécurité sociale
  • Congés payés
  • Aménagement du temps de travail
  • Installations sportives


Duration: 36 months
Location: Sophia Antipolis, France
Gross Salary per month: 1982€brut per month (year 1 & 2) and 2085€ brut/month (year 3)