Slashdot Mirror
Cookieless Web Tracking Using HTTP's ETag
An anonymous reader writes "There is a growing interest in who tracks us, and many folks are restricting the use of web cookies and Flash to cut down how advertisers (and others) can track them. Those things are fine as far as they go, but some sites are using the ETag header as an identifier: Attentive readers might have noticed already how you can use this to track people: the browser sends the information back to the server that it previously received (the ETag). That sounds an awful lot like cookies, doesn't it? The server can simply give each browser an unique ETag, and when they connect again it can look it up in its database. Neither JavaScript, nor any other plugin, has to be enabled for this to work either, and changing your IP is useless as well. The only usable workaround seems to be clearing one's cache, or using private browsing with HTTPS on sites where you don't want to be tracked. The Firefox add-on SecretAgent also does ETag overwriting."
Here we come. :-)
Add this feature to a chaff-creating plugin, to crapflood servers with fake tags.
"Flyin' in just a sweet place,
Never been known to fail..."
Did they just invent ETag or what? This "feature" is known for a few years and there are existing implementation, including this one: http://samy.pl/evercookie/ from 2010.
Or you can press Ctrl+Shift+Del. One of the options (which should already be checked if you used it last time) is to clear the cache. A three-key combination and a button click and you're done, with no plugins needed.
I always imagine the webserver as having an internal conversation that goes sort of like this...
You might think at this point that companies and advertisers start getting the message. Instead, they just keep finding more and sleazier ways. All these technologies have valid uses but have been so abused by corporations and marketing that people increasingly don't trust it anywhere. It just further antagonizes the very people they are trying to connect with. And then they wonder why they lose the respect and trust of their customers, resulting in an ever-more aggressive relationship between the two.
Some days I dream about what the Internet might have been like had Canter and Siegel been definitively smacked down back in '94, setting an inviolable precedent that the 'Net was not a platform welcoming /any/ advertising. What repercussions might that have had on the world as a whole?
The ETag method is a clever solution to cookieless tracking. I find this method I stumbled upon a couple of weeks ago a bit startling. I had no idea the amount of information routinely sent from my browser/computer to web servers-- information about plug-ins, time zone, screen resolution, accepted headers, etc WITHOUT letting me know. It is enough to give more than 21 bits of identifying information and uniquely identifies me among the 3M visits.
https://panopticlick.eff.org/
I use RequestPolicy, and it definitely isn't for most people. It increases the amount of effort needed to browse the web by a factor of ten.
Every other site I go to is actually served from about two dozen separate locations. CSS comes from one domain, images come from as many as 6 domains, javascript comes from as many as 3 domains, and it isn't unheard of to see twenty different sets of trackers and widgets getting bolted on, not including the addidional baggage that they bring.
It's fucking ridiculous.
Oddly enough, sites hosting their own tracking will make RequestPolicy fail miserably, since it only deals with cross site refs. Such sites are the exception, though.
Or you can press Ctrl+Shift+Del. One of the options (which should already be checked if you used it last time) is to clear the cache. A three-key combination and a button click and you're done, with no plugins needed.
I also like the Ctrl+Alt+Del option. I've yet to see a website that can track me after that.
It also seems to leak info between regular windows and incognito mode in chromium. I assume the cache is shared between the modes, and they need separate caches.
The thing is, you're wrong.
Very, very little of what Obama wants or has done is even close to what the progressives of the left actually want. Health care reform? He enacted the model proposed by the Republicans and devised by a right wing think-tank to create a market-based approach to near-universal healthcare: if you think the left is happy with Obamacare, you're not paying attention.
Its simply *better*, and so we will stick with it. What the left wanted was a single-payer really universal healthcare, but we compromised and were willing to go along with the ACA as long as we'd get a single-payer *option*. Then that got dropped, but most of the left decided to support the ACA anyways because really, it was better then what we have now.
Obama is a centrist; center-right in most issues, occasionally center-left. There is nothing even remotely radical about anything he's done, there's been no great pull to the left. The left has gone a bit farther left then we were a decade or so ago, but that's been in response to the monumental shift the right has gone.
There's a wholesale assault on reproductive and fundamental voting rights going on from the right these days, which is just stunning in that these are things that *only* the most extreme of the right's base want.
On civil rights, surveillance, foreign policy, environment, business regulation, ... and on and on, Obama is not at all in line with what the left wants. He's just not as bad as what the crazy people on the far right want.
Yes, there are some narrow places where the far left and the libertarian wing of the far right actually agree, and its weird when it happens: but those are on very specific and very narrow issues. The problem with that libertarian wing is then they fall flat on their face in when the social conservative bloc of the far right has to be dealt with in primaries, and suddenly small government meets bedroom and private health, and oops.