PDA

View Full Version : [all variants] digital fingerprinting



KegHead
December 1st, 2010, 02:25 PM
Hi!

I read in the WSJ today that there is an effort to fingerprint computers and phones.

I understand the business model, I'm concerned that too much information will be floating around.

Any thoughts?

KegHead

KegHead
December 1st, 2010, 07:03 PM
Hi!

Am I the only one worried about this?

If this is successful about 10 billion devices will be finger printed. (1 billion already)

KegHead

movieman
December 1st, 2010, 07:12 PM
You'd probably get more response if you posted a link or something.

KegHead
December 1st, 2010, 07:16 PM
Hi!

It's in today's Wall Street Journal--front page.

KegHead

tgm4883
December 1st, 2010, 08:31 PM
Hi!

It's in today's Wall Street Journal--front page.

KegHead

I tried clicking every word you posted, but non of them linked to the article :(

KegHead
December 1st, 2010, 08:38 PM
Hi!

wsj.com

scroll down to today.

KegHead

KegHead
December 1st, 2010, 08:44 PM
http://online.wsj.com/article/SB10001424052748704679204575646704100959546.html?m od=ITP_pageone_0

KegHead

tgm4883
December 1st, 2010, 08:45 PM
Hi!

wsj.com

scroll down to today.

KegHead

I must be doing it wrong, I can't click on that either

KegHead
December 1st, 2010, 08:47 PM
Hi!

I just checked the link and it's valid.

KegHead

tgm4883
December 1st, 2010, 08:52 PM
Hi!

I just checked the link and it's valid.

KegHead

Odd, it wasn't there when I posted my last comment, looking now.


Holy moly, they must get paid by the word over at the WSJ.

bodhi.zazen
December 2nd, 2010, 07:32 AM
Hi!

Am I the only one worried about this?

If this is successful about 10 billion devices will be finger printed. (1 billion already)

KegHead

It does not worry me. If it worries you, use a proxy (privoxy or an online proxy or TOR).

KegHead
December 2nd, 2010, 02:10 PM
Hi!

I'll check it out!

KegHead

Hadeda
December 2nd, 2010, 07:35 PM
This works:
http://online.wsj.com/article/SB10001424052748704679204575646704100959546.html

You are right KegHead, thanks for the post! This is not what Lincoln had in mind... It's evil.

We should all be very concerned about this!
Lets have some feedback and technical solutions from GOOD people to foil this concept.

KegHead
December 2nd, 2010, 07:40 PM
Hi!

Actually there is another article in the WSJ today.

It expands on yesterday's copy.

KegHead

Hadeda
December 2nd, 2010, 07:43 PM
Thanks. You are ahead of me... :)

But still, this is not right.

As a beginner, I don't know what the suggestions are about. Do you?

KegHead
December 2nd, 2010, 09:05 PM
Hi!

The WSJ copy is pretty straight forward.

These companies will be able to fingerprint our computers and phones. (Already 1 billion)

I.E. They will know as an example that I shop at Kroger, drive a new Ford paid for in cash, what credit cards I use, what websites I connect to and then gear sales offerings specific to my patterns/habits.

These are "for profit companies" that will use this data and sell it to others.

If there is a profit motive, shouldn't I be compensated?

KegHead

bodhi.zazen
December 2nd, 2010, 10:14 PM
You are both getting yourselves worked up about nothing. This is old news, this kind of thing has been around from the very first cookies.

There are insufficient variables in the raw data to "fingerprint" a billion devices and you can be tracked by ipaddress and mac.

If this worries you, use a proxy or TOR.

Keep in mind, "the internet" is a public domain. If you want "privacy" you need VPN or ssh or a proxy (privoxy/TOR).

They can not get your credit card number unless you give it to them or they sniff it over http. Always use https for financial transactions.

movieman
December 2nd, 2010, 10:18 PM
It does not worry me. If it worries you, use a proxy (privoxy or an online proxy or TOR).

Doesn't work, because they're getting this information by running Javascript, Flash or similar on your browser. The fundamental problem is that the browser allows remote sites to have access to far, far too much information about your system.

On the plus side, NoScript will block these things from any site you don't tell it to trust.

KegHead
December 2nd, 2010, 10:24 PM
Hi!

Is there a tutorial for setting up a proxy?

(easy to understand)

Thanks!

KegHead

bodhi.zazen
December 2nd, 2010, 10:30 PM
Doesn't work, because they're getting this information by running Javascript, Flash or similar on your browser. The fundamental problem is that the browser allows remote sites to have access to far, far too much information about your system.

On the plus side, NoScript will block these things from any site you don't tell it to trust.

I think you are missing my point. This is old news / information.

It does not work, try running a server with html and try detecting a browser so you can render browser specific web content. Easier said then done.

It is not a problem either, your browser needs to negotiate content with the server.

As I said, if this kind of thing concerns you you need to secure and privatize your browser.

See the TOR documentation, use NoScript, identify as IE, deny cookies, use "private browsing" etc, etc. Much has been written on this topic and IMO this kind if information is nothing new and nothing to get excited about.

EDIT: Along those lines, anyone who "pays" for this kind of information is a fool, the information is not as reliable or as useful as you might think and although they may have collected information on a billion devices, as I indicated, there is insufficient data to have a billion unique devices. So a few thousand (or hundred thousand) of those billion data points will be the same.

bodhi.zazen
December 2nd, 2010, 10:40 PM
Hi!

Is there a tutorial for setting up a proxy?

(easy to understand)

Thanks!

KegHead

Take a look at privoxy or TOR. Both are rather trivial to install and configure. Also use other tools, NoScript at the minimum.

https://help.ubuntu.com/community/Privoxy
https://help.ubuntu.com/community/Tor
http://www.torproject.org/
http://noscript.net/
http://proxify.com/
http://www.thefreecountry.com/security/anonymous.shtml

and on ...

KegHead
December 2nd, 2010, 10:47 PM
Hi!

Thank you for the info.

KegHead

movieman
December 2nd, 2010, 10:55 PM
It is not a problem either, your browser needs to negotiate content with the server.

Not for the vast majority of web pages. The whole point of HTML when first created was that it didn't require complex configuration, you sent the page to the browser and it decided how to display it.

It's only with the rise of 'you must display this how I want to display it, I don't care how you want to display it' web sites that there's been any reason for those sites to be able to do anything crazy like query which fonts you have installed, and there's no reason for 99% of those sites to need to worry about that.

As usual, the quest for Shiny Things and convenience has resulted in a security nightmare. 'Web 2.0' and HTML5 will only make that worse.

bodhi.zazen
December 2nd, 2010, 11:36 PM
Not for the vast majority of web pages. The whole point of HTML when first created was that it didn't require complex configuration, you sent the page to the browser and it decided how to display it.

It's only with the rise of 'you must display this how I want to display it, I don't care how you want to display it' web sites that there's been any reason for those sites to be able to do anything crazy like query which fonts you have installed, and there's no reason for 99% of those sites to need to worry about that.

As usual, the quest for Shiny Things and convenience has resulted in a security nightmare. 'Web 2.0' and HTML5 will only make that worse.

I would agree with less then half of that and I think your statements mischaracterize the negotiation between server and client.

Take a look at the sheer number of mime types included either server side or in firefox. Content negotiation is, IMO, no more or less a security risk then connecting to the internet in the first place.

Just to put it in context, here is what HTML used to look like:

http://www.w3.org/History/19921103-hypertext/hypertext/WWW/TheProject.html
http://www.w3.org/History/1989/proposal-msw.html

View the "page source" of those pages for fun :p

Content negotiation allows web pages both functionality and versatility and is here to stay.

emiller12345
December 3rd, 2010, 02:51 AM
Fingerprint relies on the assumption that the device is static and doesn't change in anyway. I wonder if anyone is working on some kind of polymorphic defense to these kinds of attacks. Any one know of anything like this?

KegHead
December 3rd, 2010, 06:36 PM
Hi!

The WSJ and USA Today have follow copy on these subjects today.

I wonder if our phone and internet info is proprietary in nature?

If so, I'd like to be compensated.

KegHead