Measuring UID Smuggling in the Wild

Audrey Randall (University of California San Diego), Peter Snyder (Brave Software), Alisha Ukani (University of California San Diego), Alex Snoeren (University of California San Diego), Geoffrey M. Voelker (University of California San Diego), Stefan Savage (University of California San Diego), Aaron Schulman (University of California San Diego) | Privacy

This work presents a systematic study of UID smuggling, an emerging tracking technique that is designed to evade browsers’ privacy protections. Browsers are increasingly attempting to prevent cross-site tracking by partitioning the storage where trackers store user identifiers (UIDs). UID smuggling allows trackers to synchronize UIDs across sites by inserting UIDs into users’ navigation requests. Trackers can thus regain the ability to aggregate users’ activities and behaviors across sites, in defiance of browser protections.

In this work, we introduce CrumbCruncher, a system for measuring UID smuggling in the wild by crawling the Web. CrumbCruncher provides several improvements over prior work on identifying UIDs and measuring tracking via web crawling, including in distinguishing UIDs from session IDs, handling dynamic web content, and synchronizing multiple crawlers. We use CrumbCruncher to measure the frequency of UID smuggling on the Web, and find that UID smuggling is present on more than eight percent of all navigations that we made. Furthermore, we perform an analysis of the entities involved in UID smuggling, and discuss their methods and possible motivations. We discuss how our findings can be used to protect users from UID smuggling, and release both our complete dataset and our measurement pipeline to aid in protection efforts.

View paper


Ready to Brave the new internet?

Brave is built by a team of privacy focused, performance oriented pioneers of the web. Help us fix browsing together.


Almost there…

You’re just 60 seconds away from the best privacy online

If your download didn’t start automatically, .

  1. Download Brave

    Click “Save” in the window that pops up, and wait for the download to complete.

    Wait for the download to complete (you may need to click “Save” in a window that pops up).

  2. Run the installer

    Click the downloaded file at the bottom left of your screen, and follow the instructions to install Brave.

    Click the downloaded file at the top right of your screen, and follow the instructions to install Brave.

    Click the downloaded file, and follow the instructions to install Brave.

  3. Import settings

    During setup, import bookmarks, extensions, & passwords from your old browser.

Need help?

Get better privacy. Everywhere!

Download Brave mobile for privacy on the go.

Download QR code
Brave logo Click this file to install Brave
Click this file to install Brave Brave logo