Upload
alexei
View
249
Download
0
Embed Size (px)
Citation preview
Tracking Ecologies
What is tracking?
Gathering data tobuild user profiles
Trackers build profiles about you
—
Decisions big and smallWhich ad to showWhich rate to offerWho doesn't get the job...Who goes to prison
donttrack.us
Google Ads Preferences Managerwww.google.com/settings/ads/onweb/
What kind of data?Online
Page visitsSearchesSocial profilesLikes/retweets/reblogsMail...
OfflineCredit/gift card purchasesFinancial (credit/mortgage/bank)Geographic...
PORN
Who are you to a tracker?It depends
Facebook/Gmail/TwitterGoogle AdsFoursquare
/...Euclid Analytics Nomi
So, like, how much tracking is there?
13%
21%
69%
Websites in GhostRank for June 2013
integrate with Twitter
integrate with Facebook
have Google Analytics
Huh
How do I track thee? (on the Web)Clientside
Standard HTTP CookiesLocal Shared Objects (Flash Cookies)Silverlight Isolated StorageStoring cookies in RGB values of autogenerated, forcecached PNGs using HTML5Canvas tag to read pixels (cookies) back outStoring cookies in Web HistoryStoring cookies in HTTP ETagsStoring cookies in Web cachewindow.name cachingInternet Explorer userData storageHTML5 Session StorageHTML5 Local StorageHTML5 Global StorageHTML5 Database Storage via SQLite
— evercookie
Samy "I'm Popular" Kamkar
How do I track thee, pt. 2Serverside: Device/browser fingerprinting
Server creates fingerprint based on browser request signalsUser AgentScreen SizeFontsBrowser pluginsIP address...
Undetectable on the client sideCan effectively persist across browsers/devicesAlready an industry: BlueCava, ThreatMetrix, ReputationManager, ...
What are trackers?Webpage elements
scriptsimagesiframesembedded objects (Flash)...
Terminology minute!
Firstparty vs. thirdparty vs. fourthparty
So how does trackingwork?
Request URL: http://www.newyorker.com/strongbox/
Request Method: GET
Status Code: 200 OK
Request headersAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
AcceptEncoding:
gzip,deflate,sdch
AcceptLanguage:
enUS,en;q=0.8
CacheControl:
nocache
Connection: keepalive
Cookie: mobify=0; mbox=check#true#1372203648|session#1372203589523979009#1372205448
DNT: 1
Host: www.newyorker.com
Pragma: nocache
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36(KHTML, like Gecko) Chrome/29.0.1541.0 Safari/537.36
Response headersAcceptRanges: bytes
AccessControlAllowOrigin:
*
CacheControl: maxage=358
Connection: keepalive
ContentEncoding: gzip
ContentLength: 30018
ContentType: text/html; charset=ISO88591
Date: Tue, 25 Jun 2013 23:39:59 GMT
ETag: "a647b0d5564dcc54324dd00"
Expires: Tue, 25 Jun 2013 23:45:57 GMT
LastModified: Wed, 15 May 2013 17:41:40 GMT
Server: Apache/2.2.15 (Red Hat) mod_ssl/2.2.15 OpenSSL/1.0.0fips
Vary: AcceptEncoding
DetectionIntercept requestsCompare request URLs to known tracker patternsCancel requests matching blocked trackersNo request, no tracking
Tracking the trackersFinding trackers
User reportsTracker crawlerCompanies ask us to be included
Defining Ghostery tracker patternsNarrow enough to avoid false positivesWide enough to catch all trackers resources
Separating tracking from contentYou can't, sometimes
DisqusBrightcovesocial buttons...
Related projects
Netograph / netograph.com
Collusion / http://www.mozilla.org/enUS/collusion/
FourthParty / fourthparty.info
Panopticlick / panopticlick.eff.org
+ Cookieless Monster: Exploring the Ecosystem of Webbased Device Fingerprinting/ securitee.org/files/cookieless_sp2013.pdf
DuckDuckGo / donttrack.us