dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
510
share rss forum feed


DigitalXeron
There is a lack of sanity

join:2003-12-17
Hamilton, ON

1 recommendation

Theoretical web anti-tracking countermeasures

All,

I believe that in this day and age of invasive ad networks, marketting, and so forth that ultimately the advertising industry has destroyed reasons for people to allow their browser environments to be available for webmasters to be able to see what is the common platforms and so forth as well as environment-based page construction (e.g. screen resolution, etc)

Considering this I think it may be time to sacrifice various methods of tracking, the method of sacrifice often put forth is to scale back the amount of information or make the information transmitted extremely generic but if one person in a household of 5 devices does this, that one generic computer is trackable. The methodology I had in mind is perhaps randomizing information:

- Fonts available (sandbox the flash plugin and essentially have the browser "lie" to it too about the system environment, having only a few "standard" readable fonts)
- Screen size
- User-agent (and the javascript OS detection/browser detection routines)
- Inter-site referer strings (replace with garbage)
- Versions of software available

At the moment given the nature of information security, when one cannot scale back information, one throws garbage into the mix to make the adversary's data garbage (like entering invalid information into a phishing form 100,000 times via various proxies to deprecate the value of that data). Perhaps it is time for browsers to do this because one ultimately can no longer trust almost any website because one doesn't know the forces that website may be subject to contractually or who the parent of that website operator is. One can only safely assume that all websites one does not personally control are subject to an adversary, even if there's no web bugs or the like.

If enough people issue garbage data, marketting companies and ad networks (who are indeed in many respects adversaries in this respect) will have to give up if there's not a fragment of data available to them to track. Enough with the "Do Not Track" and other similar initiatives that do not work.

The questions now have to be asked: What are the inherent security issues with this? Would and how would this work in your view?
--
--Kradorex Xeron
[an error occurred while processing this signature]

OZO
Premium
join:2003-01-17
kudos:2

1 recommendation

I think that you're making good points here. Long time ago I personally started to simplify UserAgent strings in all my browsers, removing all trash, that could be used as my identification (see some details how it goes in my old post). For example, current values in my browsers (Iron v29 and IE8) are:

Mozilla/5.0 (gecko)
Mozilla/4.0 (MSIE 8.0)

It's done with help of Proxomitron. And BTW, I have yet to find a web site, where it doesn't work...

--
Keep it simple, it'll become complex by itself...


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12
reply to DigitalXeron

 

I think the only way fonts,etc can be read is if you have scripts enabled!!

I ran this test and nothing was shown UNLESS I ENABLE SCRIPTS! (Then it shows)

»browserspy.dk/fonts-flash.php?hasFlash=true

Anyone have anymore test psges??