I have done a bit of research on something that I believe is interesting
to at least a few here.
in short, this german company came up with a tracking mechanism that not
only defeats proxies and forwarders (and anonymizer), but also allows
tracking ACROSS SITES.
here's a short instruction on how you can see this scheme working:
first, let's fake that we're a browser:
tom@ns:~ > telnet www.7val.com 80
Trying 195.122.187.3...
Connected to www.7val.com.
Escape character is '^]'.
GET / HTTP/1.0
Connection: Keep-Alive
User-Agent: Mozilla/4.61 [en] (X11; I; Linux 2.2.13 i686)
Host: www.7val.com
here is the reply:
HTTP/1.1 302 Found
Date: Tue, 08 Feb 2000 15:27:57 GMT
Server: Apache/1.3.9 (Unix) PHP/3.0.12
Expires: Fri, 17 Nov 1967 06:00:00 GMT
Last-Modified: Tue, 08 Feb 2000 15:28:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Location:
http://XB7458FE79B8DBCAB0A656BFA664483AD.sevenval.com/?sevenvalstart=950023680
Connection: close
Content-Type: text/html
Connection closed by foreign host.
you see how it assigns me a unique ID on initial connection. since the
webbrowser will believe this number to be part of the URL, it will stay
with me as long as the session lasts. since it is delivered per session
(unique whenever the www.* address is accessed), it will allow
successful session-identification regardless of proxies or anonymizer.
to make things worse, if you leave the webpage in question, and go
towards a cooperative 3rd party website, your unique ID stays with you.
here is the proof:
tom@ns:~ > telnet www.yellostrom.de 80
Trying 194.77.233.68...
Connected to www.yellostrom.de.
Escape character is '^]'.
GET / HTTP/1.0
Connection: Keep-Alive
User-Agent: Mozilla/4.61 [en] (X11; I; Linux 2.2.13 i686)
Host: www.yellostrom.de
HTTP/1.1 302 Found
Date: Tue, 08 Feb 2000 15:41:23 GMT
Server: Apache/1.3.11 (Unix) PHP/3.0.14 mod_ssl/2.5.0 OpenSSL/0.9.3a
X-Powered-By: PHP/3.0.14
Expires: Fri, 17 Nov 1967 06:00:00 GMT
Last-Modified: Tue, 08 Feb 2000 15:41:28 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Location:
http://XD1F8430E7D548480CF46DA8CB7481BE5.yellostrom.de/?sevenvalstart=950024488
Connection: close
Content-Type: text/html
Connection closed by foreign host.
ok, we already know this behaviour, it is the very same as above.
however, if I add a referer:
tom@ns:~/Downloads/MP3 > telnet www.yellostrom.de 80
Trying 194.77.233.68...
Connected to www.yellostrom.de.
Escape character is '^]'.
GET / HTTP/1.0
Connection: Keep-Alive
User-Agent: Mozilla/4.61 [en] (X11; I; Linux 2.2.13 i686)
Host: www.yellostrom.de
Referer:
http://XB7458FE79B8DBCAB0A656BFA664483AD.sevenval.com/?sevenvalstart=950023680
HTTP/1.1 302 Found
Date: Tue, 08 Feb 2000 15:43:04 GMT
Server: Apache/1.3.11 (Unix) PHP/3.0.14 mod_ssl/2.5.0 OpenSSL/0.9.3a
X-Powered-By: PHP/3.0.14
Expires: Fri, 17 Nov 1967 06:00:00 GMT
Last-Modified: Tue, 08 Feb 2000 15:43:21 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Location: http://XB7458FE79B8DBCAB0A656BFA664483AD.yellostrom.de/
Connection: close
Content-Type: text/html
Connection closed by foreign host.
note how the ID stays the same. I am now perfectly trackable not only
within one website, but as I move from site to site. pooling the various
tidbits of information I leave on the sites should be trivial.
I insist on bringing this to your attention for two reasons. one is that
I don't like this kind of information gathering. note, for example, that
as far as I can see, there is no way to "opt out" of this tracking, say
by accessing a pre-defined "anonymous.sevenal.com" address. as an aside,
I also don't like the abuse of error-messages for this kind of purposes.
if the remote gives me a 302, that should mean "moved temporarily" and
not "we'd like to track you".
the second is that I have reason to believe that I will be asked to
argue for or against using this scheme for my company in the near
future. if that happens, I want to make qualified comments.
for both reasons I'm eagerly awaiting the comments of the privacy people
here.
