Evidence Collection Organisation

Automated Evidence Collection

The automated evidence collection is carried out using the tool website evidence collector (also on Github) in version 2.0.0 on the platform Windows_NT in version 10.0.19045. The tool employs the browser Chromium in version HeadlessChrome/93.0.4577.0 for browsing the website.

During the browsing, the tool gathers evidence and runs a number of checks. It takes screenshots from the browser to identify potential cookie banners. It tests the use of HTTPS/SSL to check whether the website enforces a HTTPS connection. Then, the evidence collection tool scans the first web page for links to common social media and collaboration platforms for statistics on the overall use of potentially privacy-intrusive third-party web services.

The analysis of the recorded traffic between the browser and both the target web service as well as involved third-party web services, and the browser’s persistent storage follows in a subsequent section.

Webpage Visit

On 9/12/2022, 16:06:39, the evidence collection tool navigated the browser to https://www.icsospiro.edu.it. The final location after potential redirects was https://www.icsospiro.edu.it/. The evidence collection tool took two screenshots to cover the top of the webpage and the bottom.

Use of HTTPS/SSL

The evidence collection tool assessed the redirecting behaviour of www.icsospiro.edu.it with respect to the use of HTTPS.

Use of Social Media and Collaboration Platforms

No corresponding links were found.

Common social media and collaboration platforms linked from https://www.icsospiro.edu.it/ have been considered.

Traffic and Persistent Data Analysis

The evidence collection tool simulates a browsing session of the web service to analyse hereafter the recorded traffic between the browser and the Internet as well as the persistent data stored in the browser. First, the browser visited https://www.icsospiro.edu.it/. The evidence collection took no other web page(s) into account. Generally, predefined pages and a random subset of all first-party link targets (URLs) from the initial web page https://www.icsospiro.edu.it/ are considered. The exhaustive list of browsed web pages is given in the Annex.

The web page(s) were browsed consecutively between 9/12/2022, 16:06:39 and 9/12/2022, 16:06:51.

During the browsing, the HTTP Header Do Not Track was not set.

For the subsequent analysis, the following hosts (with their path) were defined as first-party:

1. www.icsospiro.edu.it

Traffic Analysis

In the case of a visit of a very simple web page with a given URL, the browser sends a request to the web server configured for the domain specified in the URL. The web server, also called host, sends then a response in the form of e.g. an HTML file that the browser downloads and displays. Most web pages nowadays are more complex and require the browser to send further requests to the same host (first-party) or even different hosts (potentially third-party) to download e.g. images, videos and fonts and to embed e.g. maps, tweets and comments. Please find more information about hosts and the distinction between first-party and third-party in the glossary in the Annex.

The evidence collection tool extracted lists of distinct first-party, respectively third-party, hosts from the browser requests recorded as part of the traffic. Note that if a specific path is configured to be first-party, than requests to other paths may lead to the first-party host being also listed amongst the third-party hosts.

A number of techniques allow hosts to track the browsing behaviour. The first-party host may instruct the browser to send requests for the (sole) purpose of providing information embedded in the request (e.g. cookies) to a given first-party or third-party host. Often, those requests are then responded with an empty file or with an image of size 1x1 pixel. Such files requested for the purpose of tracking are commonly called web beacons.

The evidence collection tool compares all requests to signature lists compiled to detect potential web beacons or otherwise problematic content. The positive matches with the lists EasyPrivacy (easyprivacy.txt) and Fanboy's Annoyance (fanboy-annoyance.txt) from https://easylist.to are presented in the Annex. The list of web beacon hosts contains hosts of those requests that match the signature list EasyPrivacy. Note that the result may include false positives and may be incomplete due to inaccurate, outdated or incomplete signature lists.

Eventually, the evidence collection tool logged all identified web forms that potentially transmit web form data using an unencrypted connection.

First-Party Hosts

1. www.icsospiro.edu.it

Requests have been made to 1 distinct first-party hosts.

Third-Party Hosts

Requests have been made to 0 distinct third-party hosts.

First-Party Web Beacon Hosts

No first-party web beacons were found.

Third-Party Web Beacon Hosts

No third-party web beacons were found.

Web Forms with non-encrypted Transmission

No web forms submitting data without SSL encryption were detected.

Persistent Data Analysis

The evidence collection tool analysed persistent cookies after the browsing session. Web pages can also use the persistent HTML5 local storage. The subsequent section lists its content after the browsing.

Cookies linked to First-Party Hosts

In total, 2 first-party cookies were found.

Cookies linked to Third-Party Hosts

In total, 3 third-party cookies were found.

Local Storage

The local storage was found to be empty.

Annex

Browsing History

For the collection of evidence, the browser navigated consecutively to the following 1 webpage(s):

1. https://www.icsospiro.edu.it/

All Beacons

The data transmitted by beacons using HTTP GET parameters are decoded for improved readability and displayed beneath the beacon URL.

Glossary

Filter Lists

Browser extensions commonly referred by Adblocker have been developed to block the loading of advertisements based on filter lists. Later on, filter lists have been extended to block also the loading of web page elements connected to the tracking of web page visitors. For this evidence collection, publicly available tracking filter lists are re-purposed to identify web page elements that may track the web page visitors.

Do Not Track (DNT for short, HTTP)

The Do Not Track header is the proposed HTTP header field DNT that requests that a web service does not track its individual visitors. Note that this request cannot be enforced by technical means on the visitors’ side. It is upon the web service to take the DNT header field into account. For this evidence collection, the Do Not Track header is not employed.

First-Party

In this document, first-party is a classification of the resources links, web beacons, and cookies. To be first party, the resource domain must match the domain of the inspected web service or other configured first-party domains. Note that the resource path must also be within the path of the web service to be considered first-party.

Host (HTTP)

The HTTP host is the computer receiving and answering browser requests for web pages.

Redirect (HTTP)

A request for a web page may be answered with a new location (URL) to be requested instead. These HTTP redirects can be used to enforce the use of HTTPS. Visitors requested an HTTP web page are redirected to the corresponding HTTPS web page.

Request (HTTP)

To download and display a web page identified by an URL, browsers send HTTP requests with the URL to the host computer specified as part of the URL.

Local Storage (HTML5)

Modern web browsers allow web pages to store data locally in the browser profile. This local storage is web site-specific and persistent through browser shutdowns. As embedded third-party resources may also have access to the first-party local storage, it is classified both as first- and third-party.

Third-Party

Links, web beacons and cookies that are not first-party (see above) are classified as third-party.

Web Beacon

A web beacon is one of various techniques used on web pages to unobtrusively (usually invisibly) allow tracking of web page visitors. A web beacon can be implemented for instance as a 1x1 pixel image, a transparent image, or an empty file that is requested together with other resources when a web page is loaded.

Web Beacon Host

The host in the URL of a request of a Web Beacon is called Web Beacon host.