Author Topic: AddThis persistent tracking  (Read 3197 times)

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8248
  • Debbie says...
    • View Profile

Rooftop

  • Inner Core
  • Hero Member
  • *
  • Posts: 1915
    • View Profile
Re: AddThis persistent tracking
« Reply #1 on: July 22, 2014, 07:32:55 AM »
Interesting one. I wonder how more or less precise that is to the general browser fingerprint stuff. The article makes it sound like it would be less precise but easier to work with.

In the case of addthis I'd imagine it is pretty easy to just block their script.

Fingerprinting is likely to get huge unless something is done. At the moment google and apple hold all the cards in a cookieless world. There is a lot of money riding on that not being the case.

JasonD

  • Inner Core
  • Hero Member
  • *
  • Posts: 1420
  • Look at THAT!!!!
    • AOL Instant Messenger - JasonDDuke
    • View Profile
    • Domain Names
    • Email
Re: AddThis persistent tracking
« Reply #2 on: July 22, 2014, 04:48:52 PM »
Does anyone know any patent lawyers? :)

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8248
  • Debbie says...
    • View Profile
Re: AddThis persistent tracking
« Reply #3 on: July 22, 2014, 04:54:27 PM »
>patent

Ping Bill Slawski. He'd be the place to start.

JasonD

  • Inner Core
  • Hero Member
  • *
  • Posts: 1420
  • Look at THAT!!!!
    • AOL Instant Messenger - JasonDDuke
    • View Profile
    • Domain Names
    • Email
Re: AddThis persistent tracking
« Reply #4 on: July 22, 2014, 04:54:58 PM »
Yes, thank you!

Brad

  • Inner Core
  • Hero Member
  • *
  • Posts: 2551
  • What, me worry?
    • View Profile
Re: AddThis persistent tracking
« Reply #5 on: July 22, 2014, 05:20:24 PM »
Are there countermeasures?

Could you clone the fingerprint thingy and pass it on or infect others with the clone (chaff and flares)  to confuse and decoy the tracker?

JasonD

  • Inner Core
  • Hero Member
  • *
  • Posts: 1420
  • Look at THAT!!!!
    • AOL Instant Messenger - JasonDDuke
    • View Profile
    • Domain Names
    • Email
Re: AddThis persistent tracking
« Reply #6 on: July 22, 2014, 05:28:19 PM »
There are many countermeasures you can deploy on your own machine, such as artificially throwing some randomness into certain functions and  but as they use standard components of the html spec it would need to be incorporated at the browser level to be truly defeated.

 That's not unheard of but in this instance I think it's unlikely. Time to wait and see.

Personally I'd just Blacklist add this in ABP or equivalent but that will only go so far and to be frank, I gave in to the various borgs eons ago., I've also taken the view that not being seen "on the net" is as much a red flag as anything and I'd rather simply blend and merge into the greyness of normalness.

JasonD

  • Inner Core
  • Hero Member
  • *
  • Posts: 1420
  • Look at THAT!!!!
    • AOL Instant Messenger - JasonDDuke
    • View Profile
    • Domain Names
    • Email
Re: AddThis persistent tracking
« Reply #7 on: July 22, 2014, 06:16:00 PM »
I'd also expect similar to be revealed at BH next month with this talk, although I also expect the features bugs to be closed in a much easier manner

https://www.blackhat.com/us-14/briefings.html#svg-exploiting-browsers-without-image-parsing-bugs