SlideShare une entreprise Scribd logo

We are Digital Puppets

Secpro - Security Professionals
Secpro - Security Professionals

Slides de mi Conferencia: We Are Digital Puppets Actualizada (Inglés) que dicté en San Francisco CA. Hablo sobre el Tracking y el profiling de personas.

Internet
1  sur  44
Télécharger pour lire hors ligne
David F. Pereira @d4v1dp3r31r4
David Pereira CEH, ECSA/LPT, CHFI, ENSA, ECSS, ECVP, CEI, QGSS, ECIH, EDRP, NFS, OPSEC, CICP, CND, CCISO. • CEO Secpro – Security Professionals • +21 years experience in Infosec and DFIR • Researcher - Ethical Hacker – Pentester – Speaker • Instructor / Advisor for Cyberdefense Forces and Police in many Countries
Agenda Are we digital puppets? I take care about my info and my privacy …. Right? Tracking…… A lot of Demos!!!! Advanced Tracking……
Are we digital puppets? • Are you thinking that you are totally free and spontaneous in the decisions you make? • Do you think you get some kind of influence? • Would you like others to make decisions for you and direct then in a specific sense?
Are we digital puppets? In this space we will talk about the information that we give everyday to the websites we visit , and the way they can track us , influence us and know about us more than we might think
Are we digital puppets? Websites use’s many techniques to get information about our machines and ourselves in order to track our activity online (tracking): • Browser information • Machine Information • OS Information • Geolocation Information • Carrier information • User Information
Are we digital puppets? So…how anonymous are we? Simple demonstration: • http://centralops.net/ • https://panopticlick.eff.org/
Are we digital puppets? Techniques used by websites to track our online activity (as users) 1. Cookies 2. Ever Cookies (Flash Cookies – LSO - Zombie Cookies) 3. Perma-Cookies 4. Java Script (Hidden Code) 5. Iframes (In Line Frames) 6. Web Beacon (1-Pixel Beacons) 7. HTML 5 Canvas
Are we digital puppets? 1. Cookies They are small text files that websites send us when we navigate. (4Kb) The goal is to register our activity on the website. Example: Usernames, Keys, Navigation habits and then be able to influence us with that information collected. http://www.ietf.org/rfc/rfc2109.txt Demonstration: Tools: IECookieView / Mozilla CookieView (www.nirsoft.net)
Are we digital puppets? 1. Cookies Examples: • Amazon - http://www.rubiconproject.com/ • http://www.addthis.com • http://www.tapad.com/
http://www.tapad.com/lifestyle/advertising/
https://www.tapad.com/cross-device-advertising
https://www.tapad.com/customer-data-platform
http://www.theguardian.com/technology/2015/apr/10/facebook-admits-it- tracks-non-users-but-denies-claims-it-breaches-eu-privacy- law?utm_content=bufferb7e2e&utm_medium=social&utm_source=twitter.com &utm_campaign=buffer
https://techcrunch.com/2018/02/19/facebooks-tracking- of-non-users-ruled-illegal-again/
Are we digital puppets? 2. Ever Cookies (Flash Cookies - Zombie Cookies - LSO Local Shared Object) They have the same purpose as normal cookies, but they are difficult to detect and therefore to remove; They are able to collect much more information directly against the user's privacy; its size reaches 100Kb. Can survive even after use of TOR; depending on the connection mechanism.
Are we digital puppets? 2. Ever Cookies (Flash Cookies - Zombie Cookies - LSO Local Shared Object) The LSO can be shared between browsers; Some Companies uses them as a regular cookie backup, in case the normal cookies were deleted.
Are we digital puppets? 2. Ever Cookies (Flash Cookies - Zombie Cookies - LSO Local Shared Object) Evercookies uses different mechanisms to be stored: • Standard HTTP cookies • local shared objects (Flash cookies) • Silverlight Isolated Storage • Storing cookies in RGB values of auto-generated, force- cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out • Storing cookies in Web history • Storing cookies in HTTP ETags • Storing cookies in Web cache • Window.name caching • Internet Explorer userData storage • HTML5 Session Web storage • HTML5 Local Web storage • HTML5 Global Storage • HTML5 Web SQL Database via SQLite
Are we digital puppets? 2. Ever Cookies (Flash Cookies - Zombie Cookies - LSO Local Shared Object) Macromedia is triying to develop additional features: • Caching in HTTP Authentication • Using Java to produce a unique key based on NIC information.
Are we digital puppets? 2. Ever Cookies (Flash Cookies - Zombie Cookies - LSO Local Shared Object) They are able to reinstall the normal Cookies deleted. (Re-Spawning) Its content can be controlled in this link: http://www.macromedia.com/support/docum entation/en/flashplayer/help/settings_manage r07.html Nirsoft: https://www.nirsoft.net/utils/flash_cook ies_view.html
Are we digital puppets? 3. Perma - Cookies Used by Verizon, AT & T, Sprint, Bell Canada and Vodacom. When the user navigates a site, a header is injected into the traffic (X-UIDH -Unique Identifier Header) which is a temporary identifier that uses a key. This is almost a man in the middle attack or replay attack.
https://www.eff.org/deeplinks/2014/11/verizon-x-uidh
http://www.cnet.com/how-to/how-to-opt-out-of-verizon-supercookie-tracking- program
Are we digital puppets? 3. Perma - Cookies http://www.forbes.com/sites/kashmirhill/2014/10/29/t he-privacy-lowdown-on-verizon-and-atts-permacookies
Are we digital puppets? 3. Perma - Cookies Question?? What is Ad Exchange? https://www.doubleclickbygoogle.com/solutions/digit al-marketing/ad-exchange/
Are we digital puppets? 4. JavaScript Programs They are small pieces of code that are executed when we navigate a website, which normally do not ask for any authorization to execute. They can capture virtually anything we do on the website ... or infect us with malware as well.
Are we digital puppets? 4. JavaScript Programs This information is used by advertisers to send us specific advertising according to what we would have searched at some time or force us to see a specific article, or bombard us permanently with some information. It allows companies to know in detail what the user does on the website.
Are we digital puppets? 4. JavaScript Programs Examples: https://logentries.com/doc/best- practices-user-tracking/ https://developers.google.com/analytics/ devguides/collection/analyticsjs/ http://www.mapmyuser.com/
Are we digital puppets? Google Snippet: <!-- Google Analytics --> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefo re(a,m) })(window,document,'script','https://www.google- analytics.com/analytics.js','ga'); ga('create', 'UA-XXXXX-Y', 'auto'); ga('send', 'pageview'); </script> <!-- End Google Analytics -->
Are we digital puppets? What the Snippet Tracks? https://developers.google.com/analytics/devguides/collection/analyticsjs/
Are we digital puppets? 5. Iframes – In line Frames They are tools that allow to include content from one external site within another; Works in the same way as if we open an additional browsing window within a website. They are used in HTML5
Are we digital puppets? 5. Iframes – In line Frames Its main use is to determine when a user has left a site and can continue tracking their activity on the new site that has accessed. Technically it is called: Cross-Domain Tracking
Are we digital puppets? 5. Iframes – In line Frames https://developers.google.com/analytics/devguides/collection/gajs/gaTrackingSite?hl=de
Are we digital puppets? 5. Iframes – In line Frames Examples: • https://developers.google.com/analytics/devguid es/collection/gajs/gaTrackingSite?hl=de • http://www.adroll.com/
Are we digital puppets? 6. Web Beacon – 1Pixel Beacon It is a transparent gif image, the size of 1 pixel x 1 pixel that is placed on a website or in an email, which allows to monitor user activity. They capture the IP of the user, how long the site was visited, with what browser, what opened, etc.
Are we digital puppets? 6. Web Beacon – 1Pixel Beacon It is a type of SpyWare because it captures data without the authorization of the user; Used by spammers (Unwanted bulk mail) to confirm the email address of their victims. Browsers do not detect it and are forced to accept it, because they are assumed as a gif image.
Are we digital puppets? 6. Web Beacon – 1Pixel Beacon Examples: https://info.yahoo.com/privacy/us/y ahoo/webbeacons/ https://grabify.link/
Are we digital puppets? 7. HTML 5 Canvas Canvas is an HTML5 API which is used to draw graphics and animations on a web page via scripting in JavaScript. Canvas can be used as additional entropy in web- browser's fingerprinting and used for online tracking purposes. The technique is based on the fact that the same canvas image may be rendered differently in different computers.
Are we digital puppets? 7. HTML 5 Canvas This happens for several reasons: At the image format level – web browsers uses: • Different image processing engines • Image export options • Compression levels That way, the final images may got different checksum even if they are pixel-identical. At the system level – operating systems have different fonts, they use different algorithms and settings for anti- aliasing and sub-pixel rendering. Tool: https://browserleaks.com/
Are we digital puppets? 8. What Else? • WebGL • Silverlight • Content Filters • Features Detection
Are we digital puppets? Why they do this? There are several reasons; one of them, to show sponsors and advertisers that they have shown their advertising to 1,000,000 users and not the same warning 10 times to 100,000, that is why the need to individualize each user and their preferences.
Are we digital puppets? Recommended Tools • Better Privacy (Addon de Firefox) https://addons.mozilla.org/en- US/firefox/addon/betterprivacy/ • NoScript (Addon de Firefox) https://addons.mozilla.org/en- US/firefox/addon/noscript/ • Ghostery: https://www.ghostery.com/es/download?src=ext ernal-ghostery.com • DoNotTrackMe (Addon de Firefox) https://dnt.abine.com • AD Blocker (Addon de Firefox https://adblockplus.org/
Questions???

Recommandé

Operating System Upgrade Implementation Report And...
Operating System Upgrade Implementation Report And...Operating System Upgrade Implementation Report And...
Operating System Upgrade Implementation Report And...Julie Kwhl
 
[drupalday2017] - Speed-up your Drupal instance!
[drupalday2017] - Speed-up your Drupal instance![drupalday2017] - Speed-up your Drupal instance!
[drupalday2017] - Speed-up your Drupal instance!DrupalDay
 
Speed up your Drupal instance!!
Speed up your Drupal instance!!Speed up your Drupal instance!!
Speed up your Drupal instance!!bmeme
 
MDW Boulder April '11 | Scott Prindle_The Role of the Creative Technologst
MDW Boulder April '11 | Scott Prindle_The Role of the Creative Technologst MDW Boulder April '11 | Scott Prindle_The Role of the Creative Technologst
MDW Boulder April '11 | Scott Prindle_The Role of the Creative Technologst Boulder Digital Works at CU
 
AI와 같이 살기 - 남서울대학교 인터브이알
AI와 같이 살기 - 남서울대학교 인터브이알AI와 같이 살기 - 남서울대학교 인터브이알
AI와 같이 살기 - 남서울대학교 인터브이알HashScraper Inc.
 
Houston TechFest 2014 slidedeck
Houston TechFest 2014 slidedeckHouston TechFest 2014 slidedeck
Houston TechFest 2014 slidedeckMatt Keas
 
Exercises portfolio-Digital Curation Tools (IS40620)
Exercises portfolio-Digital Curation Tools (IS40620)Exercises portfolio-Digital Curation Tools (IS40620)
Exercises portfolio-Digital Curation Tools (IS40620)softwaresatish
 
Desarrollo de apps multiplataforma con tecnologías web
Desarrollo de apps multiplataforma con tecnologías webDesarrollo de apps multiplataforma con tecnologías web
Desarrollo de apps multiplataforma con tecnologías webSoftware Guru
 

Recommandé

Operating System Upgrade Implementation Report And...
Operating System Upgrade Implementation Report And...Operating System Upgrade Implementation Report And...
Operating System Upgrade Implementation Report And...Julie Kwhl
 
[drupalday2017] - Speed-up your Drupal instance!
[drupalday2017] - Speed-up your Drupal instance![drupalday2017] - Speed-up your Drupal instance!
[drupalday2017] - Speed-up your Drupal instance!DrupalDay
 
Speed up your Drupal instance!!
Speed up your Drupal instance!!Speed up your Drupal instance!!
Speed up your Drupal instance!!bmeme
 
MDW Boulder April '11 | Scott Prindle_The Role of the Creative Technologst
MDW Boulder April '11 | Scott Prindle_The Role of the Creative Technologst MDW Boulder April '11 | Scott Prindle_The Role of the Creative Technologst
MDW Boulder April '11 | Scott Prindle_The Role of the Creative Technologst Boulder Digital Works at CU
 
AI와 같이 살기 - 남서울대학교 인터브이알
AI와 같이 살기 - 남서울대학교 인터브이알AI와 같이 살기 - 남서울대학교 인터브이알
AI와 같이 살기 - 남서울대학교 인터브이알HashScraper Inc.
 
Houston TechFest 2014 slidedeck
Houston TechFest 2014 slidedeckHouston TechFest 2014 slidedeck
Houston TechFest 2014 slidedeckMatt Keas
 
Exercises portfolio-Digital Curation Tools (IS40620)
Exercises portfolio-Digital Curation Tools (IS40620)Exercises portfolio-Digital Curation Tools (IS40620)
Exercises portfolio-Digital Curation Tools (IS40620)softwaresatish
 
Desarrollo de apps multiplataforma con tecnologías web
Desarrollo de apps multiplataforma con tecnologías webDesarrollo de apps multiplataforma con tecnologías web
Desarrollo de apps multiplataforma con tecnologías webSoftware Guru
 
Sg conference multiplatform_apps_adam_stanley
Sg conference multiplatform_apps_adam_stanleySg conference multiplatform_apps_adam_stanley
Sg conference multiplatform_apps_adam_stanleyn_adam_stanley
 
How well are you delivering your experience?
How well are you delivering your experience?How well are you delivering your experience?
How well are you delivering your experience?Andrew Fisher
 
FCartel - Summer Internship 2013
FCartel - Summer Internship 2013FCartel - Summer Internship 2013
FCartel - Summer Internship 2013C. Karthik Vaidyanath
 
Owasp2013 johannesullrich
Owasp2013 johannesullrichOwasp2013 johannesullrich
Owasp2013 johannesullrichdrewz lin
 
Basic SEO by Andrea H. Berberich @webpresenceopti
Basic SEO by Andrea H. Berberich @webpresenceoptiBasic SEO by Andrea H. Berberich @webpresenceopti
Basic SEO by Andrea H. Berberich @webpresenceoptiAndrea Berberich
 
Enjoying the full stack - Frontend 2010
Enjoying the full stack - Frontend 2010Enjoying the full stack - Frontend 2010
Enjoying the full stack - Frontend 2010Christian Heilmann
 
Goodle Developer Days Munich 2008 - Open Social Update
Goodle Developer Days Munich 2008 - Open Social UpdateGoodle Developer Days Munich 2008 - Open Social Update
Goodle Developer Days Munich 2008 - Open Social UpdatePatrick Chanezon
 
Hacking For Innovation Delhi
Hacking For Innovation DelhiHacking For Innovation Delhi
Hacking For Innovation DelhiChristian Heilmann
 
Agile data science
Agile data scienceAgile data science
Agile data scienceJoel Horwitz
 
Democratizing AI with Apache Spark
Democratizing AI with Apache SparkDemocratizing AI with Apache Spark
Democratizing AI with Apache SparkSpark Summit
 
Digital Curation Technology: JHU Summit, October 2015
Digital Curation Technology: JHU Summit, October 2015Digital Curation Technology: JHU Summit, October 2015
Digital Curation Technology: JHU Summit, October 2015The Metropolitan Museum of Art
 
Microformats 101 Workshop
Microformats 101 WorkshopMicroformats 101 Workshop
Microformats 101 WorkshopKelley Howell
 
Fake it 'til you make it
Fake it 'til you make itFake it 'til you make it
Fake it 'til you make itJonathan Snook
 
FinalPPT-StJoseph (3).pptx
FinalPPT-StJoseph (3).pptxFinalPPT-StJoseph (3).pptx
FinalPPT-StJoseph (3).pptxssuser046cf5
 
Digital innovation-summit roi-of-ai-sept2017_v3
Digital innovation-summit roi-of-ai-sept2017_v3Digital innovation-summit roi-of-ai-sept2017_v3
Digital innovation-summit roi-of-ai-sept2017_v3BrightEdge
 
Connection and Context: ROI of AI for Digital Marketing
Connection and Context: ROI of AI for Digital MarketingConnection and Context: ROI of AI for Digital Marketing
Connection and Context: ROI of AI for Digital MarketingMarianne Sweeny
 
Improve your Tech Quotient
Improve your Tech QuotientImprove your Tech Quotient
Improve your Tech QuotientTarence DSouza
 
Easy path to machine learning (Spring 2021)
Easy path to machine learning (Spring 2021)Easy path to machine learning (Spring 2021)
Easy path to machine learning (Spring 2021)wesley chun
 
Tweak Geeks #FOS15
Tweak Geeks #FOS15Tweak Geeks #FOS15
Tweak Geeks #FOS15Pascal Fantou
 
Ria Sankar on Building AI Products
Ria Sankar on Building AI ProductsRia Sankar on Building AI Products
Ria Sankar on Building AI ProductsRia Sankar
 
Tecnicas de Ataque a Infraestructura Critica Maritima V. publica
Tecnicas de Ataque a Infraestructura Critica Maritima V. publicaTecnicas de Ataque a Infraestructura Critica Maritima V. publica
Tecnicas de Ataque a Infraestructura Critica Maritima V. publicaSecpro - Security Professionals
 
Impacto del cibercrimen en los sectores económicos
Impacto del cibercrimen en los sectores económicos Impacto del cibercrimen en los sectores económicos
Impacto del cibercrimen en los sectores económicos Secpro - Security Professionals
 

Contenu connexe

Similaire à We are Digital Puppets

Sg conference multiplatform_apps_adam_stanley
Sg conference multiplatform_apps_adam_stanleySg conference multiplatform_apps_adam_stanley
Sg conference multiplatform_apps_adam_stanleyn_adam_stanley
 
How well are you delivering your experience?
How well are you delivering your experience?How well are you delivering your experience?
How well are you delivering your experience?Andrew Fisher
 
Owasp2013 johannesullrich
Owasp2013 johannesullrichOwasp2013 johannesullrich
Owasp2013 johannesullrichdrewz lin
 
Basic SEO by Andrea H. Berberich @webpresenceopti
Basic SEO by Andrea H. Berberich @webpresenceoptiBasic SEO by Andrea H. Berberich @webpresenceopti
Basic SEO by Andrea H. Berberich @webpresenceoptiAndrea Berberich
 
Enjoying the full stack - Frontend 2010
Enjoying the full stack - Frontend 2010Enjoying the full stack - Frontend 2010
Enjoying the full stack - Frontend 2010Christian Heilmann
 
Goodle Developer Days Munich 2008 - Open Social Update
Goodle Developer Days Munich 2008 - Open Social UpdateGoodle Developer Days Munich 2008 - Open Social Update
Goodle Developer Days Munich 2008 - Open Social UpdatePatrick Chanezon
 
Agile data science
Agile data scienceAgile data science
Agile data scienceJoel Horwitz
 
Democratizing AI with Apache Spark
Democratizing AI with Apache SparkDemocratizing AI with Apache Spark
Democratizing AI with Apache SparkSpark Summit
 
Microformats 101 Workshop
Microformats 101 WorkshopMicroformats 101 Workshop
Microformats 101 WorkshopKelley Howell
 
Fake it 'til you make it
Fake it 'til you make itFake it 'til you make it
Fake it 'til you make itJonathan Snook
 
FinalPPT-StJoseph (3).pptx
FinalPPT-StJoseph (3).pptxFinalPPT-StJoseph (3).pptx
FinalPPT-StJoseph (3).pptxssuser046cf5
 
Digital innovation-summit roi-of-ai-sept2017_v3
Digital innovation-summit roi-of-ai-sept2017_v3Digital innovation-summit roi-of-ai-sept2017_v3
Digital innovation-summit roi-of-ai-sept2017_v3BrightEdge
 
Connection and Context: ROI of AI for Digital Marketing
Connection and Context: ROI of AI for Digital MarketingConnection and Context: ROI of AI for Digital Marketing
Connection and Context: ROI of AI for Digital MarketingMarianne Sweeny
 
Improve your Tech Quotient
Improve your Tech QuotientImprove your Tech Quotient
Improve your Tech QuotientTarence DSouza
 
Easy path to machine learning (Spring 2021)
Easy path to machine learning (Spring 2021)Easy path to machine learning (Spring 2021)
Easy path to machine learning (Spring 2021)wesley chun
 
Ria Sankar on Building AI Products
Ria Sankar on Building AI ProductsRia Sankar on Building AI Products
Ria Sankar on Building AI ProductsRia Sankar
 

Similaire à We are Digital Puppets (20)

Sg conference multiplatform_apps_adam_stanley
Sg conference multiplatform_apps_adam_stanleySg conference multiplatform_apps_adam_stanley
Sg conference multiplatform_apps_adam_stanley
 
How well are you delivering your experience?
How well are you delivering your experience?How well are you delivering your experience?
How well are you delivering your experience?
 
FCartel - Summer Internship 2013
FCartel - Summer Internship 2013FCartel - Summer Internship 2013
FCartel - Summer Internship 2013
 
Owasp2013 johannesullrich
Owasp2013 johannesullrichOwasp2013 johannesullrich
Owasp2013 johannesullrich
 
Basic SEO by Andrea H. Berberich @webpresenceopti
Basic SEO by Andrea H. Berberich @webpresenceoptiBasic SEO by Andrea H. Berberich @webpresenceopti
Basic SEO by Andrea H. Berberich @webpresenceopti
 
Enjoying the full stack - Frontend 2010
Enjoying the full stack - Frontend 2010Enjoying the full stack - Frontend 2010
Enjoying the full stack - Frontend 2010
 
Goodle Developer Days Munich 2008 - Open Social Update
Goodle Developer Days Munich 2008 - Open Social UpdateGoodle Developer Days Munich 2008 - Open Social Update
Goodle Developer Days Munich 2008 - Open Social Update
 
Hacking For Innovation Delhi
Hacking For Innovation DelhiHacking For Innovation Delhi
Hacking For Innovation Delhi
 
Agile data science
Agile data scienceAgile data science
Agile data science
 
Democratizing AI with Apache Spark
Democratizing AI with Apache SparkDemocratizing AI with Apache Spark
Democratizing AI with Apache Spark
 
Digital Curation Technology: JHU Summit, October 2015
Digital Curation Technology: JHU Summit, October 2015Digital Curation Technology: JHU Summit, October 2015
Digital Curation Technology: JHU Summit, October 2015
 
Microformats 101 Workshop
Microformats 101 WorkshopMicroformats 101 Workshop
Microformats 101 Workshop
 
Fake it 'til you make it
Fake it 'til you make itFake it 'til you make it
Fake it 'til you make it
 
FinalPPT-StJoseph (3).pptx
FinalPPT-StJoseph (3).pptxFinalPPT-StJoseph (3).pptx
FinalPPT-StJoseph (3).pptx
 
Digital innovation-summit roi-of-ai-sept2017_v3
Digital innovation-summit roi-of-ai-sept2017_v3Digital innovation-summit roi-of-ai-sept2017_v3
Digital innovation-summit roi-of-ai-sept2017_v3
 
Connection and Context: ROI of AI for Digital Marketing
Connection and Context: ROI of AI for Digital MarketingConnection and Context: ROI of AI for Digital Marketing
Connection and Context: ROI of AI for Digital Marketing
 
Improve your Tech Quotient
Improve your Tech QuotientImprove your Tech Quotient
Improve your Tech Quotient
 
Easy path to machine learning (Spring 2021)
Easy path to machine learning (Spring 2021)Easy path to machine learning (Spring 2021)
Easy path to machine learning (Spring 2021)
 
Tweak Geeks #FOS15
Tweak Geeks #FOS15Tweak Geeks #FOS15
Tweak Geeks #FOS15
 
Ria Sankar on Building AI Products
Ria Sankar on Building AI ProductsRia Sankar on Building AI Products
Ria Sankar on Building AI Products
 

Plus de Secpro - Security Professionals

Tecnicas de Ataque a Infraestructura Critica Maritima V. publica
Tecnicas de Ataque a Infraestructura Critica Maritima V. publicaTecnicas de Ataque a Infraestructura Critica Maritima V. publica
Tecnicas de Ataque a Infraestructura Critica Maritima V. publicaSecpro - Security Professionals
 
Estrategias de Ciberseguridad para enfrentar Amenzas Emergentes
Estrategias de Ciberseguridad para enfrentar Amenzas EmergentesEstrategias de Ciberseguridad para enfrentar Amenzas Emergentes
Estrategias de Ciberseguridad para enfrentar Amenzas EmergentesSecpro - Security Professionals
 

Plus de Secpro - Security Professionals (17)

Tecnicas de Ataque a Infraestructura Critica Maritima V. publica
Tecnicas de Ataque a Infraestructura Critica Maritima V. publicaTecnicas de Ataque a Infraestructura Critica Maritima V. publica
Tecnicas de Ataque a Infraestructura Critica Maritima V. publica
 
Impacto del cibercrimen en los sectores económicos
Impacto del cibercrimen en los sectores económicos Impacto del cibercrimen en los sectores económicos
Impacto del cibercrimen en los sectores económicos
 
Entendiendo IoT y sus Vulnerabilidades
Entendiendo IoT y sus VulnerabilidadesEntendiendo IoT y sus Vulnerabilidades
Entendiendo IoT y sus Vulnerabilidades
 
Mitigacion de ataques DDoS
Mitigacion de ataques DDoSMitigacion de ataques DDoS
Mitigacion de ataques DDoS
 
Estrategias de Ciberseguridad para enfrentar Amenzas Emergentes
Estrategias de Ciberseguridad para enfrentar Amenzas EmergentesEstrategias de Ciberseguridad para enfrentar Amenzas Emergentes
Estrategias de Ciberseguridad para enfrentar Amenzas Emergentes
 
Machine learning: the next step in cybersecurity
Machine learning: the next step in cybersecurityMachine learning: the next step in cybersecurity
Machine learning: the next step in cybersecurity
 
Spectre y Meltdown; Que debemos saber
Spectre y Meltdown; Que debemos saberSpectre y Meltdown; Que debemos saber
Spectre y Meltdown; Que debemos saber
 
Se siente usted seguro con sus dispositivos móviles
Se siente usted seguro con sus dispositivos móvilesSe siente usted seguro con sus dispositivos móviles
Se siente usted seguro con sus dispositivos móviles
 
Charla control parental e IoT v2. Etek.ppsx
Charla control parental e IoT v2. Etek.ppsxCharla control parental e IoT v2. Etek.ppsx
Charla control parental e IoT v2. Etek.ppsx
 
Somos marionetas informáticas v2017
Somos marionetas informáticas v2017Somos marionetas informáticas v2017
Somos marionetas informáticas v2017
 
Amenazas avanzadas persistentes
Amenazas avanzadas persistentesAmenazas avanzadas persistentes
Amenazas avanzadas persistentes
 
Conferencia arquitectura de Ciberdefensa APT
Conferencia arquitectura de Ciberdefensa APTConferencia arquitectura de Ciberdefensa APT
Conferencia arquitectura de Ciberdefensa APT
 
Nuevas modalidades de fraude atm
Nuevas modalidades de fraude atmNuevas modalidades de fraude atm
Nuevas modalidades de fraude atm
 
Peligros del mundo virtual
Peligros del mundo virtualPeligros del mundo virtual
Peligros del mundo virtual
 
Ciberinteligencia2
Ciberinteligencia2Ciberinteligencia2
Ciberinteligencia2
 
Tecnicas avanzadas de ocultamiento de malware
Tecnicas avanzadas de ocultamiento de malwareTecnicas avanzadas de ocultamiento de malware
Tecnicas avanzadas de ocultamiento de malware
 
Se puede colapsar un pais (enfoque ciber)
Se puede colapsar un pais (enfoque ciber)Se puede colapsar un pais (enfoque ciber)
Se puede colapsar un pais (enfoque ciber)
 

Dernier

Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.soniya singh
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.CarlotaBedoya1
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663Call Girls Mumbai
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 

Dernier (20)

Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 

We are Digital Puppets

  • 2. David Pereira CEH, ECSA/LPT, CHFI, ENSA, ECSS, ECVP, CEI, QGSS, ECIH, EDRP, NFS, OPSEC, CICP, CND, CCISO. • CEO Secpro – Security Professionals • +21 years experience in Infosec and DFIR • Researcher - Ethical Hacker – Pentester – Speaker • Instructor / Advisor for Cyberdefense Forces and Police in many Countries
  • 3. Agenda Are we digital puppets? I take care about my info and my privacy …. Right? Tracking…… A lot of Demos!!!! Advanced Tracking……
  • 4. Are we digital puppets? • Are you thinking that you are totally free and spontaneous in the decisions you make? • Do you think you get some kind of influence? • Would you like others to make decisions for you and direct then in a specific sense?
  • 5. Are we digital puppets? In this space we will talk about the information that we give everyday to the websites we visit , and the way they can track us , influence us and know about us more than we might think
  • 6. Are we digital puppets? Websites use’s many techniques to get information about our machines and ourselves in order to track our activity online (tracking): • Browser information • Machine Information • OS Information • Geolocation Information • Carrier information • User Information
  • 7. Are we digital puppets? So…how anonymous are we? Simple demonstration: • http://centralops.net/ • https://panopticlick.eff.org/
  • 8. Are we digital puppets? Techniques used by websites to track our online activity (as users) 1. Cookies 2. Ever Cookies (Flash Cookies – LSO - Zombie Cookies) 3. Perma-Cookies 4. Java Script (Hidden Code) 5. Iframes (In Line Frames) 6. Web Beacon (1-Pixel Beacons) 7. HTML 5 Canvas
  • 9. Are we digital puppets? 1. Cookies They are small text files that websites send us when we navigate. (4Kb) The goal is to register our activity on the website. Example: Usernames, Keys, Navigation habits and then be able to influence us with that information collected. http://www.ietf.org/rfc/rfc2109.txt Demonstration: Tools: IECookieView / Mozilla CookieView (www.nirsoft.net)
  • 10. Are we digital puppets? 1. Cookies Examples: • Amazon - http://www.rubiconproject.com/ • http://www.addthis.com • http://www.tapad.com/
  • 11.
  • 17. Are we digital puppets? 2. Ever Cookies (Flash Cookies - Zombie Cookies - LSO Local Shared Object) They have the same purpose as normal cookies, but they are difficult to detect and therefore to remove; They are able to collect much more information directly against the user's privacy; its size reaches 100Kb. Can survive even after use of TOR; depending on the connection mechanism.
  • 18. Are we digital puppets? 2. Ever Cookies (Flash Cookies - Zombie Cookies - LSO Local Shared Object) The LSO can be shared between browsers; Some Companies uses them as a regular cookie backup, in case the normal cookies were deleted.
  • 19. Are we digital puppets? 2. Ever Cookies (Flash Cookies - Zombie Cookies - LSO Local Shared Object) Evercookies uses different mechanisms to be stored: • Standard HTTP cookies • local shared objects (Flash cookies) • Silverlight Isolated Storage • Storing cookies in RGB values of auto-generated, force- cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out • Storing cookies in Web history • Storing cookies in HTTP ETags • Storing cookies in Web cache • Window.name caching • Internet Explorer userData storage • HTML5 Session Web storage • HTML5 Local Web storage • HTML5 Global Storage • HTML5 Web SQL Database via SQLite
  • 20. Are we digital puppets? 2. Ever Cookies (Flash Cookies - Zombie Cookies - LSO Local Shared Object) Macromedia is triying to develop additional features: • Caching in HTTP Authentication • Using Java to produce a unique key based on NIC information.
  • 21. Are we digital puppets? 2. Ever Cookies (Flash Cookies - Zombie Cookies - LSO Local Shared Object) They are able to reinstall the normal Cookies deleted. (Re-Spawning) Its content can be controlled in this link: http://www.macromedia.com/support/docum entation/en/flashplayer/help/settings_manage r07.html Nirsoft: https://www.nirsoft.net/utils/flash_cook ies_view.html
  • 22. Are we digital puppets? 3. Perma - Cookies Used by Verizon, AT & T, Sprint, Bell Canada and Vodacom. When the user navigates a site, a header is injected into the traffic (X-UIDH -Unique Identifier Header) which is a temporary identifier that uses a key. This is almost a man in the middle attack or replay attack.
  • 25. Are we digital puppets? 3. Perma - Cookies http://www.forbes.com/sites/kashmirhill/2014/10/29/t he-privacy-lowdown-on-verizon-and-atts-permacookies
  • 26. Are we digital puppets? 3. Perma - Cookies Question?? What is Ad Exchange? https://www.doubleclickbygoogle.com/solutions/digit al-marketing/ad-exchange/
  • 27. Are we digital puppets? 4. JavaScript Programs They are small pieces of code that are executed when we navigate a website, which normally do not ask for any authorization to execute. They can capture virtually anything we do on the website ... or infect us with malware as well.
  • 28. Are we digital puppets? 4. JavaScript Programs This information is used by advertisers to send us specific advertising according to what we would have searched at some time or force us to see a specific article, or bombard us permanently with some information. It allows companies to know in detail what the user does on the website.
  • 29. Are we digital puppets? 4. JavaScript Programs Examples: https://logentries.com/doc/best- practices-user-tracking/ https://developers.google.com/analytics/ devguides/collection/analyticsjs/ http://www.mapmyuser.com/
  • 30. Are we digital puppets? Google Snippet: <!-- Google Analytics --> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefo re(a,m) })(window,document,'script','https://www.google- analytics.com/analytics.js','ga'); ga('create', 'UA-XXXXX-Y', 'auto'); ga('send', 'pageview'); </script> <!-- End Google Analytics -->
  • 31. Are we digital puppets? What the Snippet Tracks? https://developers.google.com/analytics/devguides/collection/analyticsjs/
  • 32. Are we digital puppets? 5. Iframes – In line Frames They are tools that allow to include content from one external site within another; Works in the same way as if we open an additional browsing window within a website. They are used in HTML5
  • 33. Are we digital puppets? 5. Iframes – In line Frames Its main use is to determine when a user has left a site and can continue tracking their activity on the new site that has accessed. Technically it is called: Cross-Domain Tracking
  • 34. Are we digital puppets? 5. Iframes – In line Frames https://developers.google.com/analytics/devguides/collection/gajs/gaTrackingSite?hl=de
  • 35. Are we digital puppets? 5. Iframes – In line Frames Examples: • https://developers.google.com/analytics/devguid es/collection/gajs/gaTrackingSite?hl=de • http://www.adroll.com/
  • 36. Are we digital puppets? 6. Web Beacon – 1Pixel Beacon It is a transparent gif image, the size of 1 pixel x 1 pixel that is placed on a website or in an email, which allows to monitor user activity. They capture the IP of the user, how long the site was visited, with what browser, what opened, etc.
  • 37. Are we digital puppets? 6. Web Beacon – 1Pixel Beacon It is a type of SpyWare because it captures data without the authorization of the user; Used by spammers (Unwanted bulk mail) to confirm the email address of their victims. Browsers do not detect it and are forced to accept it, because they are assumed as a gif image.
  • 38. Are we digital puppets? 6. Web Beacon – 1Pixel Beacon Examples: https://info.yahoo.com/privacy/us/y ahoo/webbeacons/ https://grabify.link/
  • 39. Are we digital puppets? 7. HTML 5 Canvas Canvas is an HTML5 API which is used to draw graphics and animations on a web page via scripting in JavaScript. Canvas can be used as additional entropy in web- browser's fingerprinting and used for online tracking purposes. The technique is based on the fact that the same canvas image may be rendered differently in different computers.
  • 40. Are we digital puppets? 7. HTML 5 Canvas This happens for several reasons: At the image format level – web browsers uses: • Different image processing engines • Image export options • Compression levels That way, the final images may got different checksum even if they are pixel-identical. At the system level – operating systems have different fonts, they use different algorithms and settings for anti- aliasing and sub-pixel rendering. Tool: https://browserleaks.com/
  • 41. Are we digital puppets? 8. What Else? • WebGL • Silverlight • Content Filters • Features Detection
  • 42. Are we digital puppets? Why they do this? There are several reasons; one of them, to show sponsors and advertisers that they have shown their advertising to 1,000,000 users and not the same warning 10 times to 100,000, that is why the need to individualize each user and their preferences.
  • 43. Are we digital puppets? Recommended Tools • Better Privacy (Addon de Firefox) https://addons.mozilla.org/en- US/firefox/addon/betterprivacy/ • NoScript (Addon de Firefox) https://addons.mozilla.org/en- US/firefox/addon/noscript/ • Ghostery: https://www.ghostery.com/es/download?src=ext ernal-ghostery.com • DoNotTrackMe (Addon de Firefox) https://dnt.abine.com • AD Blocker (Addon de Firefox https://adblockplus.org/