Advertisers can track users via TLS session resumption
Posted: Tue 23 Oct 2018, 17:18
https://www.zdnet.com/article/advertise ... esumption/
The concept is simple. If an online advertising firm loads ads via a TLS (HTTPS) server, then it can enable TLS Session Resumption for that server.
When a user access Website A showing ads from the advertising firm, it also establishes a TLS session with the advertising firm's server. When the user visits Website B with ads from the same firm, instead of negotiating another TLS session, the user resumes the existing one, allowing the advertising firm to track the user as he moves across sites.