Slashdot Mirror
Ask Slashdot: Where Can I Find "Nuts and Bolts" Info On Cookies & Tracking Mechanisms?
New submitter tanstaaf1 writes: I was thinking about the whole tracking and privacy train-wreck and I'm wondering why specific information on how it is done, and how it can be micromanaged or undone by a decent programmer (at least), isn't vastly more accessible? By searching, I can only find information on how to erase cookies using the browser. Browser level (black box) solutions aren't anywhere near good enough; if it were, the exploits would be few and far between instead everywhere everyday. Read below for the rest of tanstaaf1's question.
On Amazon, I haven't found a likely good book on the topic. There are books on protocols but I'm really only interested in how I can detect and track and block, and erase, and re-write and spoof all the tracking attempts on a case by case basis. Maybe a book on how to write my own tracker — or my own tracking blocker from scratch?
In theory it wouldn't seem to be that hard to uttlerly micromanage your own computer. Here's how I think it could be done:
(1) Have an explicit on/off switch, ideally OS based and trivial to control with a mouse-twitch, which turns internet access on and off as certainly as a mechanical light switch controls lights. Along with this, maybe the whole screen can change color, red-light green-light, to keep the user always aware of incoming or outgoing traffic. I should instant be able to get detailed information on any unexpected write or read request. Think unix "ps" or better. (Actually, a file system which allowed the owner to attached detailed memos and other information would be a nice touch...once litter builds up it quickly gets easy to hide real malware everywhere; that is a common technique used by embezzlers everywhere — create chaos and then hide your exploits within it).
(2) When the browser is started, make it start in a fresh virtual space / sand-box. Then copy into that space any "cookies" or other information I explicitly care to put into that space. I would, for example, put in site specific cookies to allow sites i whitelist to identify me. A good database of all the files in my virtual space, how they got there and what they are used for, would be really nice to see.
(3) As you browse you can block or not block ads and trackers; the add-ons already exist.
(4) When you decide to exit the browsing session, at least, the computer should save important cookies from sites you frequent for later restoration.
(5) The entire virtual space is then shredded and deleted.
This could all be done at a finer grain, I'm sure, but I wanted to lay out an overall strategy — and ask:
(1) What am I missing?
(2) Has this already been done and automated, say, under Linux? (I wouldn't expect Microsoft, Apple, or Google to facilitate this sort of security under their OS systems; foxes guarding the hen house and all that. However, even under Windows and OSX I can install virtualbox...)
(3) Why is it so hard to find the specifics of, step-by-step, how (not why or if) we are being conned and raped and what, specifically, can be done to stop it? Why are we screwing around with all these endless add-ons instead of striking at the root of the problem? Or have I not really identified the root?
I would appreciate any specific feedback on my scheme or, even better, a link or three.
In theory it wouldn't seem to be that hard to uttlerly micromanage your own computer. Here's how I think it could be done:
(1) Have an explicit on/off switch, ideally OS based and trivial to control with a mouse-twitch, which turns internet access on and off as certainly as a mechanical light switch controls lights. Along with this, maybe the whole screen can change color, red-light green-light, to keep the user always aware of incoming or outgoing traffic. I should instant be able to get detailed information on any unexpected write or read request. Think unix "ps" or better. (Actually, a file system which allowed the owner to attached detailed memos and other information would be a nice touch...once litter builds up it quickly gets easy to hide real malware everywhere; that is a common technique used by embezzlers everywhere — create chaos and then hide your exploits within it).
(2) When the browser is started, make it start in a fresh virtual space / sand-box. Then copy into that space any "cookies" or other information I explicitly care to put into that space. I would, for example, put in site specific cookies to allow sites i whitelist to identify me. A good database of all the files in my virtual space, how they got there and what they are used for, would be really nice to see.
(3) As you browse you can block or not block ads and trackers; the add-ons already exist.
(4) When you decide to exit the browsing session, at least, the computer should save important cookies from sites you frequent for later restoration.
(5) The entire virtual space is then shredded and deleted.
This could all be done at a finer grain, I'm sure, but I wanted to lay out an overall strategy — and ask:
(1) What am I missing?
(2) Has this already been done and automated, say, under Linux? (I wouldn't expect Microsoft, Apple, or Google to facilitate this sort of security under their OS systems; foxes guarding the hen house and all that. However, even under Windows and OSX I can install virtualbox...)
(3) Why is it so hard to find the specifics of, step-by-step, how (not why or if) we are being conned and raped and what, specifically, can be done to stop it? Why are we screwing around with all these endless add-ons instead of striking at the root of the problem? Or have I not really identified the root?
I would appreciate any specific feedback on my scheme or, even better, a link or three.
You should be able to find some pretty straightforward documentation on HTTP cookies, flash data storage, HTTP Local Storage, and browser fingerprinting (see https://panopticlick.eff.org/ ). The tracking services aren't doing anything fancy -- they're just sharing that identifier behind the scenes. When you visit website1 they assign an id to your browser (via a cookie, or whatever). When you visit website2, it loads a script from website1 that puts your id somewhere into the DOM that website2's scripts can read and website2 assigns that id to your browser as well. Website3 does the same, and so forth. Then, websites 1 through N share the browsing habits of your id amongst themselves and gain some insight into what your browser is doing.
Do you really need reason for beer? Wingman Brewers
Evercookie is how it is being done.
UBlock Origin is how to block a ton of stuff.
Both are open source so you can have a look at it.
But in case of Verizon, you're talking about tracking on a whole other level.
And since your MAC or IMEI device number are needed to allow you access on their network, there are no options to spoof that.
The best you can do is block what they throw at you as a result of that data.
Adding a VPN would make life for them pretty hard because no server side deep packet inspection can be applied.
If you are that preoccupied by evil cookies, use Linux Tails like Edward Snowden recommends.
But really, you overestimate your value for those who allegedly "rape and con" you with cookies. They care about trends and patterns, not about you as a person, so browsing the web in a virtual space that you "shred" afterwards is more of a hobby than a necessity. Modern browsers are well-equipped to provide a decent level of privacy, there's no need to go thinfoil hat over this.
lucm, indeed.