Researchers from the imec-DistriNet group at KU Leuven conclude after a study of 7 browsers and 46 extensions that in almost all cases there is a way to circumvent protection against tracking via cookies. The techniques discovered are not yet in use.
The researchers, Gertjan Franken, Tom Van Goethem and Wouter Joosen, developed a framework with which they analyzed the various browsers and extensions and identified new circumvention techniques. They looked at, among other things, the built-in tracking protections of Chrome, Firefox, Edge, Safari, Opera, Cliqz and the Tor Browser. They also looked at 46 extensions, of which 31 ad blockers and 15 variants that should offer protection against tracking. An overview of these is shown below. In their paper, the researchers write, based on their analysis, that for every protective measure there is a method to circumvent it. They distinguish three categories in the results: a request to a third party including a cookie, a request without a cookie and no request at all.
Results from browsers and different extensions
As part of the study, the authors also looked at whether the discovered techniques are also used on the ten thousand most popular websites according to the Alexa service. They did that with an automated crawler. The conclusion is that all use of the techniques is for legitimate reasons. They do point out that trackers may try to evade detection by allowing requests to take place only when the user interacts. On a specially created site, the researchers report how the disclosure process went to the various parties. There you can also find more data per browser or per extension. The authors presented their paper at the Usenix conference in the US.