Tracking pixels can conduct surveillance for targeted attacks

Kurt Buff kurt.buff at gmail.com
Tue Apr 18 16:25:34 PDT 2017


With Firefox and its kin (Cyberfox, and possibly PaleMoon),
RequestPolicy will do that.

I've seen sites that have as many as 20-30 different content providers
for all sorts of things that are exposed by RequestPolicy.

No such beast for Chrome that I've been able to detect.

Unfortunately, RequestPolicy isn't compatible with the new-ish
multiprocess capability in FF/CF.

Kurt

On Tue, Apr 18, 2017 at 4:08 PM, Steve Kinney <admin at pilobilus.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> On 04/18/2017 05:26 PM, Mirimir wrote:
>> On 04/18/2017 12:38 PM, Razer wrote:
>>>> Malicious hackers can use tracking pixels to help them gather
>>>> intelligence for attack campaigns, both mass and targeted in
>>>> scope.
>>
>> <SNIP>
>>
>> Well, prudent folk don't render HTML, or download embedded stuff
>> :)
>
> I haven't seen one of these in many moons.  Decently designed mail
> readers that render HTML do not pull in remote content unless
> expressly directed to.  "Normal" website based trackers use
> Javascript; it is transparent to the (naive) user and can harvest a
> much more detailed profile of the viewer's browser than that
> volunteered by HTTP request headers.
>
> Javascrpt filters that block calls for offsite scripts and halt
> execution of scripts embedded in HTML cover most of the JS
> surveillance vector.  I do occasionally dissect web pages to see what
> they're made of, with special attention to spyware, but I have never
> seen a 1px "web bug" (yes, they have a name) in an HTML document.  Not
> to say they can't be used, but as far as I can tell they rarely are.
>
> An option to block all 3rd party image content by default would be a
> good addition to a tool like NoScript.  Many users would be shocked -
> SHOCKED, I TELL YA! - to learn how often they are visiting Cloudflare,
> Amazon, and image hosting sites like Photobucket or Imageshack while
> viewing "independet, owner operated" websites.
>
> :o)
>
>
>
>
>
> I do occasionally dissect
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQEcBAEBAgAGBQJY9px2AAoJEECU6c5Xzmuq0g0IAMAr9n7mbDXL+wMuInw+9xk1
> GXX21A14rrpTin/kiyDQ20QcuoJkMiLzhRkyG8qFdaInExxK7jQPqVOHZ6frD8KH
> /B+ShUo5HBGj4mUZiLXAYKjbkJ0CO3Zqqn0XeDaErQ2zOsovX2AqS1jdTs/67ITM
> PoipIOVf8dOVBXu2bdlfHFvXeGCKEN6q9Aq30miKP0e1hEAJBinS8SlFH7+3q9XX
> h6/mnnxlqXZmSMN1A0ovPqOagVUwwDYdN+d5gWwCOZhIxETFXOfWVyTym0b8i85o
> LDs8VpA3QpiHR/KoNja5NC+mnA9K4joThjSqpPH/vOk62CkD7zsyzzY3S2DOamY=
> =6ZhE
> -----END PGP SIGNATURE-----



More information about the cypherpunks mailing list