Original: Taste of Little Sister (wechat official ID: XjjDog), welcome to share, please reserve the source.
You are a womanizer.
Don’t ask me how I know. I know you, even though I don’t know who you are.
With big data, tech companies create a general picture of you and push information to your liking. For example, some precise ads, stimulate your hormones in a small video. In the case of Tiktok, you can use it anonymously. Your boob shaking girl’s liking won’t go away just because you reinstalled Douyin, it already knows your proclivities.
For someone like me who has a lot of stories, some shy privacy exists in places other than my brain, and real feelings are hard to stomach. Fortunately, I have some programming background. If you had any computer background, you would have turned off cookies so that your browser couldn’t record anything. Students with a sense of crisis will activate the common “stealth mode” to hide the evil smile reflected on the screen; A little means, opened layers of agents, feel at ease want to do an anonymous chivalrous.
None of this is much use for Bird.
We’re in the middle of a third-generation browser fingerprint hunt, and things are much more complicated than expected. When you visit certain websites, you are “passively identified.” This identifying information, like your fingerprint, locates an individual with almost absolute accuracy you can’t imagine.
Crawlers are easy to get caught. And collecting privacy, no one can control it now.
Why make this stuff? It’s got to be all about profit. I said this a long time ago: samples make up the whole, individual cases frame samples. After these data are collected, there are global aspects of analysis and individual aspects of application.
Business can be complicated by profit, even if it is unethical to begin with.
You’ve got a website, you’ve got an App, you’ve got users coming and going like buses. Not only registered users have value, but analyzing the behavior of ordinary visitors can generate more “value”.
To put it bluntly, there are two points: push messages + tracking attacks.
Imagine a travel website tracking users. An anonymous user visited a travel website, looked up information about Lhasa and read a number of guides. System analysis this user may prefer to travel on a budget, but also like to walk. After a long time, the long time to local access records have disappeared, the user’s wife, using the same machine to register a travel website account, she wanted to go to Xishuangbanna. When she landed, she received several messages about a group tour in Tibet.
So, you accessed sex toys anonymously on the same browser. Once you log in after days, the site knows it’s you.
Let’s imagine a little white hacker’s journey. He had a grudge against his former company and was planning a violent attack through a vulnerability in some websites. Through heavy agents, broilers, and even from abroad to turn a few laps, he put the flow out. But because he had previously accessed the company’s page using his own browser, the background recognized him at once.
Who is divine in the end, can catch Li Kui like a ghost?
Don’t stop at the cookie level. This way has been very weak, a lot of optimization software, browsers on this thing to ban. This locally stored information is not for the user’s benefit, and XSS can also steal and cheat cookies.
How to do?
(Image from paper: (Cross-)Browser Fingerprinting via OS and Hardware Level Features)
The eye fell on the omnipotent JS. This browser-interpreted script can capture a lot of information, including: operating system, resolution, pixel ratio, installed browser plug-ins, and so on. When this information is gathered, you can identify a user in general.
This isn’t very accurate, especially for someone like me who has seven or eight different versions of the browser installed on his computer. But not everyone who uses the Internet is as bored as I am, so the accuracy is acceptable.
Furthermore, canvas fingerprints will be used. Canvas is a dynamic drawing tag in HTML5, and it can do some of the MG animations you see. However, this thing does not produce exactly the same content on different browsers.
You may think that Canvas is a vector drawing, and no multiple of it will be true. Then you really think highly of them. At the pixel level, operating systems vary in their Settings, algorithms, rendering operations, and anti-aliasing. They may all be behind your back, quietly betraying you.
You can check out your Signature at this website.
https://browserleaks.com/canvas
Copy the codeIf you think the only way to identify things is visually, this time you’re looking down on them again.
The all-purpose JS, which can also manipulate the original audio, this is the AudioContext. However, its principle is the same as image processing, according to different hardware, operating system, different browsers can produce different results. The same browser produces the same information.
These actions, silently happening in the background, the user is completely unaware.
Every time you click, you betray you ruthlessly. The information is analyzed together. Relevant website and department, can undertake unique identification to you, lock then, track.
You didn’t sign up for an account, but the platform assigned you an identity.
It’s a way of identifying you as an individual. The contents of the collection can be even more jaw-dropping. Don’t think garbage data is too much to save. Behavioral data is worth a lot more than cheap disks.
Every click you make, how long you stay, where you read, where you watch, tells you everything about yourself. Device, IP, location, and operating habits all paint your fingerprints from different angles, leaving you nowhere to hide on the anonymous Internet.
Xjjdog is a public account that doesn’t allow programmers to get sidetracked. Focus on infrastructure and Linux. Ten years architecture, ten billion daily flow, and you discuss the world of high concurrency, give you a different taste. My personal wechat xjjdog0, welcome to add friends, further communication.
