Slides de mi Conferencia: We Are Digital Puppets Actualizada (Inglés) que dicté en San Francisco CA. Hablo sobre el Tracking y el profiling de personas.
2. David Pereira
CEH, ECSA/LPT, CHFI, ENSA, ECSS, ECVP, CEI, QGSS,
ECIH, EDRP, NFS, OPSEC, CICP, CND, CCISO.
• CEO Secpro – Security Professionals
• +21 years experience in Infosec and DFIR
• Researcher - Ethical Hacker – Pentester – Speaker
• Instructor / Advisor for Cyberdefense Forces and
Police in many Countries
3. Agenda
Are we digital puppets?
I take care about my info and
my privacy …. Right?
Tracking……
A lot of Demos!!!!
Advanced Tracking……
4. Are we digital puppets?
• Are you thinking that you are totally free and
spontaneous in the decisions you make?
• Do you think you get some kind of influence?
• Would you like others to make decisions for you
and direct then in a specific sense?
5. Are we digital puppets?
In this space we will talk about the
information that we give everyday
to the websites we visit , and the
way they can track us , influence us
and know about us more than we
might think
6. Are we digital puppets?
Websites use’s many techniques to get information
about our machines and ourselves in order to track
our activity online (tracking):
• Browser information
• Machine Information
• OS Information
• Geolocation Information
• Carrier information
• User Information
7. Are we digital puppets?
So…how anonymous are we?
Simple demonstration:
• http://centralops.net/
• https://panopticlick.eff.org/
8. Are we digital puppets?
Techniques used by websites to track our online
activity (as users)
1. Cookies
2. Ever Cookies (Flash Cookies – LSO - Zombie
Cookies)
3. Perma-Cookies
4. Java Script (Hidden Code)
5. Iframes (In Line Frames)
6. Web Beacon (1-Pixel Beacons)
7. HTML 5 Canvas
9. Are we digital puppets?
1. Cookies
They are small text files that websites send us when we
navigate. (4Kb)
The goal is to register our activity on the website.
Example: Usernames, Keys, Navigation habits and then be
able to influence us with that information collected.
http://www.ietf.org/rfc/rfc2109.txt
Demonstration:
Tools: IECookieView / Mozilla
CookieView (www.nirsoft.net)
10. Are we digital puppets?
1. Cookies
Examples:
• Amazon -
http://www.rubiconproject.com/
• http://www.addthis.com
• http://www.tapad.com/
17. Are we digital puppets?
2. Ever Cookies (Flash Cookies - Zombie Cookies -
LSO Local Shared Object)
They have the same purpose as normal cookies, but
they are difficult to detect and therefore to remove;
They are able to collect much more information
directly against the user's privacy; its size reaches
100Kb.
Can survive even after use of TOR; depending on the
connection mechanism.
18. Are we digital puppets?
2. Ever Cookies (Flash Cookies - Zombie Cookies -
LSO Local Shared Object)
The LSO can be shared between browsers;
Some Companies uses them as a regular cookie
backup, in case the normal cookies were deleted.
19. Are we digital puppets?
2. Ever Cookies (Flash Cookies - Zombie Cookies - LSO Local Shared
Object)
Evercookies uses different mechanisms to be stored:
• Standard HTTP cookies
• local shared objects (Flash cookies)
• Silverlight Isolated Storage
• Storing cookies in RGB values of auto-generated, force-
cached PNGs using HTML5 Canvas tag to read pixels
(cookies) back out
• Storing cookies in Web history
• Storing cookies in HTTP ETags
• Storing cookies in Web cache
• Window.name caching
• Internet Explorer userData storage
• HTML5 Session Web storage
• HTML5 Local Web storage
• HTML5 Global Storage
• HTML5 Web SQL Database via SQLite
20. Are we digital puppets?
2. Ever Cookies (Flash Cookies - Zombie Cookies -
LSO Local Shared Object)
Macromedia is triying to develop additional
features:
• Caching in HTTP Authentication
• Using Java to produce a unique key based on
NIC information.
21. Are we digital puppets?
2. Ever Cookies (Flash Cookies - Zombie Cookies - LSO
Local Shared Object)
They are able to reinstall the normal Cookies deleted.
(Re-Spawning)
Its content can be controlled in this link:
http://www.macromedia.com/support/docum
entation/en/flashplayer/help/settings_manage
r07.html
Nirsoft:
https://www.nirsoft.net/utils/flash_cook
ies_view.html
22. Are we digital puppets?
3. Perma - Cookies
Used by Verizon, AT & T, Sprint, Bell Canada and
Vodacom.
When the user navigates a site, a header is injected
into the traffic (X-UIDH -Unique Identifier Header)
which is a temporary identifier that uses a key. This
is almost a man in the middle attack or replay attack.
25. Are we digital puppets?
3. Perma - Cookies
http://www.forbes.com/sites/kashmirhill/2014/10/29/t
he-privacy-lowdown-on-verizon-and-atts-permacookies
26. Are we digital puppets?
3. Perma - Cookies
Question??
What is Ad Exchange?
https://www.doubleclickbygoogle.com/solutions/digit
al-marketing/ad-exchange/
27. Are we digital puppets?
4. JavaScript Programs
They are small pieces of code that are executed
when we navigate a website, which normally do not
ask for any authorization to execute.
They can capture virtually anything we do on the
website ... or infect us with malware as well.
28. Are we digital puppets?
4. JavaScript Programs
This information is used by advertisers to send us
specific advertising according to what we would
have searched at some time or force us to see a
specific article, or bombard us permanently with
some information.
It allows companies to know in detail what the user
does on the website.
29. Are we digital puppets?
4. JavaScript Programs
Examples:
https://logentries.com/doc/best-
practices-user-tracking/
https://developers.google.com/analytics/
devguides/collection/analyticsjs/
http://www.mapmyuser.com/
30. Are we digital puppets?
Google Snippet:
<!-- Google Analytics -->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefo
re(a,m)
})(window,document,'script','https://www.google-
analytics.com/analytics.js','ga');
ga('create', 'UA-XXXXX-Y', 'auto');
ga('send', 'pageview');
</script>
<!-- End Google Analytics -->
31. Are we digital puppets?
What the Snippet Tracks?
https://developers.google.com/analytics/devguides/collection/analyticsjs/
32. Are we digital puppets?
5. Iframes – In line Frames
They are tools that allow to include content from
one external site within another;
Works in the same way as if we open an additional
browsing window within a website.
They are used in HTML5
33. Are we digital puppets?
5. Iframes – In line Frames
Its main use is to determine when a user has left a
site and can continue tracking their activity on the
new site that has accessed.
Technically it is called: Cross-Domain Tracking
34. Are we digital puppets?
5. Iframes – In line Frames
https://developers.google.com/analytics/devguides/collection/gajs/gaTrackingSite?hl=de
35. Are we digital puppets?
5. Iframes – In line Frames
Examples:
• https://developers.google.com/analytics/devguid
es/collection/gajs/gaTrackingSite?hl=de
• http://www.adroll.com/
36. Are we digital puppets?
6. Web Beacon – 1Pixel Beacon
It is a transparent gif image, the size of 1 pixel x 1
pixel that is placed on a website or in an email,
which allows to monitor user activity.
They capture the IP of the user, how long the site
was visited, with what browser, what opened, etc.
37. Are we digital puppets?
6. Web Beacon – 1Pixel Beacon
It is a type of SpyWare because it captures data
without the authorization of the user;
Used by spammers (Unwanted bulk mail) to confirm
the email address of their victims.
Browsers do not detect it and are forced to accept it,
because they are assumed as a gif image.
38. Are we digital puppets?
6. Web Beacon – 1Pixel Beacon
Examples:
https://info.yahoo.com/privacy/us/y
ahoo/webbeacons/
https://grabify.link/
39. Are we digital puppets?
7. HTML 5 Canvas
Canvas is an HTML5 API which is used to draw
graphics and animations on a web page via scripting
in JavaScript.
Canvas can be used as additional entropy in web-
browser's fingerprinting and used for online tracking
purposes.
The technique is based on the fact that the same
canvas image may be rendered differently in
different computers.
40. Are we digital puppets?
7. HTML 5 Canvas
This happens for several reasons:
At the image format level – web browsers uses:
• Different image processing engines
• Image export options
• Compression levels
That way, the final images may got different checksum
even if they are pixel-identical.
At the system level – operating systems have different
fonts, they use different algorithms and settings for anti-
aliasing and sub-pixel rendering.
Tool:
https://browserleaks.com/
41. Are we digital puppets?
8. What Else?
• WebGL
• Silverlight
• Content Filters
• Features Detection
42. Are we digital puppets?
Why they do this?
There are several reasons; one of them, to show
sponsors and advertisers that they have shown their
advertising to 1,000,000 users and not the same
warning 10 times to 100,000, that is why the need to
individualize each user and their preferences.
43. Are we digital puppets?
Recommended Tools
• Better Privacy (Addon de Firefox)
https://addons.mozilla.org/en-
US/firefox/addon/betterprivacy/
• NoScript (Addon de Firefox)
https://addons.mozilla.org/en-
US/firefox/addon/noscript/
• Ghostery:
https://www.ghostery.com/es/download?src=ext
ernal-ghostery.com
• DoNotTrackMe (Addon de Firefox)
https://dnt.abine.com
• AD Blocker (Addon de Firefox
https://adblockplus.org/