Archive for the web Category

Google Chrome contains super-cookie

Posted in web with tags , , on 2008-09-07 by docsmith
Big brother Google is watching you

Big brother Google is watching you

Googles attack on Microsofts Internet Explorer is a shiny metal: Chrome. But there’re dark sides. The worst one discovered so far is a potential super cookie, a distinct client id, generated during the installation into the users profile. That way Google could track you down. Is not sure that this is done already, but the possibility is quiet at hand.

To protect your privacy, close the Chrome browser and go to you user profile folder (XP: C:\documents and settings\username\). Search for a file named „Local State“, which is in XP probably to be found in Local settings\application data\Google\Chrome\User data\ . Open this file with your favorite text editor and change the entries for client_id and client_id_timestamp. To maintain anonymity you’ll have to change them frequently while clearing your cookies in parallel! Or use the values FA7069F6-ACF8-4E92-805E-2AEBC67F45E0 as id and 1220449017 as timestamp. Those are used in the „portable version“ hacked by Carsten Knobloch and should therefore be around the net in lots of copies within a quiet short time.

Advertisements

Never tell them where you come from

Posted in web with tags , , on 2008-06-16 by docsmith

If you’re using a Firefox browser, then there’s a solution to the problem described in my article „tattletale search forms“ from May 14th. Enter „about:config“ into the address bar and press return. Filter for the word „referer“. You’ll be presented an entry called network.http.sendRefererHeader for which the value usually is set to 2. Modify it by double click, set the value to 0 and restart your browser after saving. Now the sending of referers will be suppressed. Theoretically this may lead to problems with some web pages, but after using it more than three weeks so far I did not experience any trouble. If in doubt, set the value to 1 which means referes are sent when changing from one web page to another but not when loading images etc.

tattletale search forms

Posted in web with tags , , , on 2008-05-14 by docsmith

Many sites are embedding ads, and the company presenting the most ads in the net is double-click.net. It’s said that up to 80% of the web sites out there display ads hosted by double-click („dc“).

The story behind is told so often already: By placing a cookie onto your computer the first time you load an dc ad, they can track your way through the web and display ads according to your interests. If they see you visiting travelchannel.com and opodo.com, they could display ads leading to yet another travel company.

But sometimes there’s more than meets the eye …

Some sites are passing the data you entered in a search form to the next page by adding them to the address line, e.g. like travelchannel.com does:
http://search.travelchannel.com/search?w=holiday+caribbean+sea
&searchFormSubmit.x=0&searchFormSubmit.y=0

This line is visible to dc as parameter called „referer“ which indicates the page which embeds the ad, which means this time they not only see which site you’ve visited but also what you’ve been searching for – without you noticing. Searching for „holiday caribbean sea“ doesn’t seem to do any harm, but what if you’ve been looking for „nudist camp“ or „blood cancer therapy“? Do you really like some ad company like dc to know what’s on your mind?

At least there’s no direct link to your person. Well, there shouldn’t be. As far as there’s no real chance to escape from the dc ads in the modern web, the only and most practicable way of defense is to clear the cookie cache of your browser frequently, to avoid substantial surf and/or search profiles – in regard of search engines also. Some browsers like Firefox allow you to deny cookies from certain domains, but it’d be real hard work to build a list of all ad companies.

If you’ve got an apache webserver at hand and you’d like to get an impression which sites are embedding dc ads, including the information the latter receive via referer etc., then you may try to setup a little trap with the two steps described in the attached pdf document. Roughly spoken, it’s just a redirection of the most known dc hostnames to your own apache where a little cgi-bin is logging all the calls.