Tracking The Trackers: Commercial Surveillance Occurring on U.S. Army Networks

arXiv:2602.12388v1 Announce Type: new
Abstract: Despite current security implementations, Internet activity on DoD networks is susceptible to web trackers and commercial data collection, which have the potential to expose information about service members and unit operations. This report documents the outcomes of a study to characterize web tracking occurring on Army CONUS unclassified networks. We derived a dataset from the Cloud-Based Internet Isolation (CBII) platform, encompassing data measured over a two-month period in 2024. This dataset comprised the 1,000 most frequently accessed Internet resources, determined by the number of connection requests on CONUS DoDIN-A during the study period. We then compared all domains and subdomains in the dataset against Ghostery’s WhoTracks.me, an open-source database of commercial tracking entities. We found that over 21% of the domains accessed during the study period were Internet trackers. The ACI recommends that the Army implement changes to its enterprise networks to limit commercial Internet-based tracking, as well as policy changes towards the same end. With relatively minor configuration changes, CBII can serve as a more effective mitigation against risks posed by commercially available information.