Government websites and apps use same tracking software as commercial sites, new Concordia research finds

Involuntary but invasive

The researchers began their analysis by building a seed list containing tens of thousands of government websites using automated search and crawling and other methods between July and October 2020. They then performed in-depth analyzes to retrieve links in the HTML page source. The team used instrumented tracking metrics from OpenWPM, an automated open source software used for web privacy measurements, to collect information such as scripts and cookies used in the code of websites as well as device fingerprinting techniques.

They tracked Android apps by searching Google Play store URLs found on government sites, then examining developer URLs and email addresses. Whenever possible, they downloaded the apps — many of which were geoblocked — and scanned them for built-in tracking SDKs.

Analytics revealed that 30% of government websites had one or more JavaScript trackers on their landing pages. The best-known trackers were all owned by Alphabet: YouTube (13% of websites), doubleclick.net (13%) and Google (nearly 4%). They found some 1,647 tracking SDKs in 1,166 government Android apps. More than a third – 37.1% – came from Google, with others from Facebook (6.4%), Microsoft (2.1%) and OneSignal (2.9%).

Mannan notes that the use of trackers is not always intentional. Government developers most likely use existing software suites to build their sites and apps that contain tracking scripts or include links to tracker-infused social media sites like Facebook or Twitter.

No other option

Although the use of trackers is widespread, Mannan is particularly critical of jurisdictions such as the EU and California which claim to have strong privacy laws but which in practice are not always very different. others. And since users can only use government portals for important personal obligations such as paying taxes or seeking medical care, they are at increased risk.

“Governments are increasingly aware of online threats to privacy, but at the same time they enable these potential breaches through their own services,” he says.

Mannan urges governments to frequently and thoroughly scan their own sites and apps to ensure privacy security and compliance with their own laws.

Read the quoted article:And you Brute? Privacy analysis of government websites and mobile apps.”

Lance B. Holton