Spying Without Cookies
from the real-or-not? dept
Alexis Agahi writes “Of course, the quest of “we know what you are, and where you go” is still interesting lots of guys out there. ZDNet mention in this article that after 18 month of research, Dr. Lykourgos Petropoulakis from the University of Strathclyde, has found a new technology currently “highly classified”. Apparently this technology doesn’t require any browser plug-in, can work on any web server and could monitor all web users behaviors, without using cookies. Also, people could be tracked from site to site. Applications envisioned are things like employee or child monitoring.” I read about this last week, and I’m not yet convinced (1) that it works or (2) that it’s really that big of a deal. I’m willing to wait and see if it’s really as bad as it sounds, and whether or not anyone actually uses it.
Comments on “Spying Without Cookies”
18 months ... yeah sure
i figured out something like this recently in all of 18 minutes, and i dont even have a Dr degree (yet).
my technique works as follows: the behavior of a browser will be different based on whether an object is present in the browser’s cache. If-Modified-Since makes it even more trivial. works as a transparent proxy by changing modification times on objects that pass it. each user request on certain objects will leak a small number of information bits that can be assembled to a unique identifier.
i would not be surprised if 18 months of super-secret research produced little more exciting than this. if i had not better things to do i’d write a paper on it or file a patent :PPP
–fmu