In this report existing web-tracking technologies are analyzed. Backed by this knowledge, two new web technologies, WebSockets and WebRTC, are analyzed focusing on user’s privacy implications. Four scenarios were developed to tamper user’s privacy on one hand and to enable a vast improvement of unperceived user identification on the other hand.
The results of the report show that sets of IP addresses with random components enable an identification of computers, regardless of which browser or browsing-mode (private mode, normal mode) is used. In our mobile-affine world the identification of browsers or computers is nearly equal to the identification of users. Furthermore, we describe ways on how WebSockets and especially WebRTC could be used for DDoS attacks on a broad scale.