SlideShare a Scribd company logo

How to track users

Download as PPTX, PDF
Ran Bar-Zik
Ran Bar-Zik

How users are being tracked? How Facebook, Google, and other tech giants can use flaws in web browsers and web architecture to track users? In this session. made in Reversim 2019 convention. I explained and showed several of those flaws and the exploitation of those flaws to track all users.

Technology
1 of 52
How to violate user’s privacy
Ran Bar-Zik Developer at Verizon Media Journalist at Haaertz Contact me at: Twitter: @barzik internet-israel.com 2
Legal information ▪ The Israeli Law ▪ GDPR 3
Why we learn it ▪ We are evil ▪ We want to protect ourselves and others ▪ We want cheap prices 4
Setting the stage We track on website only, assuming that domain is under my control. 5
For example Facebook, your friendly social network 6
7
This is how we are being tracked on global scale 8
Track method 1: Cookies LAAAMMMMEEEE 1.
1. Sent in every request. 2. Persistent. 3. Easy to detect :( 4. Easy to delete :( 10
Enters the forever cookie ALSO LAAAMMMEEEE 11
12
RESPAWNThe HOLY GRAIL 13
14
15 Remember: No good deed goes unpunished
Track method 2: Cookieless cookies No cookie no cry 2.
Etag cookie
18
LET’S EXPLOIT IT 19
How it works 1. Server sends the session value with etag. 2. User from now on send along If-None-Match. 3. No cookie and still `If-None-Match` header? Tsk tsk tsk respawn commenced! 20
How it can be defeated? 1. Disable all cache by dev tools. 2. Use incognito. 21
HSTS cookie
How it can be defeated? 1. Use incognito. 26
DNS cookies
See which request is being sent to DNS server and then measure it. http://dnscookie.com/
How it can be defeated? 1. VPNTOR 2. Clear DNS cache 30
Track method 3: IP LAAAMMMMEEEE 3.
How it can be defeated? 1. VPNTOR 32
Track method 4: WebRTC 4.
ifconfig | grep "inet " | grep -v 127.0.0.1 WebRTC exposes Internal IP 1. ifconfig | grep "inet " | grep -v 127.0.0.1 2. https://ip.voidsec.com/ 34
How it can be defeated? 1. VPNTOR + Disable WebRTC 35
Track method 5: Fingerprinting 5. https://amiunique.org/fp
How it is being used Gather the info Create hash Implement it 40
How it can be defeated? 1. No current way 41
Track method 6: Social Fingerprinting 6. https://robinlinus.github.io/socialmedia-leak/
How it can be defeated? 1. Use incognito 44
Track method 7: Password tracking 7. https://senglehardt.com/demo/no_boundaries/loginmanager/index.html
How it can be defeated? 1. No actual way, sorry guys. 50
Remember Only one breach is needed 51
Ran Bar-Zik : @barzik ▪ Follow me on Twitter, FB, Telegram ▪ My website: internet-israel.com ▪ Also at Haaretz 52

Recommended

Privacy & Social Media Marketing Bright Talk081009
Privacy & Social Media Marketing Bright Talk081009Privacy & Social Media Marketing Bright Talk081009
Privacy & Social Media Marketing Bright Talk081009Susan Lyon-Hintze
 
Easy Income
Easy IncomeEasy Income
Easy IncomeSimon Stravitz
 
MacMAD MacOS Security
MacMAD MacOS SecurityMacMAD MacOS Security
MacMAD MacOS Securitybos45
 
EU cookie law - solutions
EU cookie law - solutionsEU cookie law - solutions
EU cookie law - solutionssamie19
 
The ultimate guide to mining bitcoin with cryptotab
The ultimate guide to mining bitcoin with cryptotabThe ultimate guide to mining bitcoin with cryptotab
The ultimate guide to mining bitcoin with cryptotabSaid Dhaouadi
 
Social Media - Andrew Girdwood -BigMoutMedia
Social Media - Andrew Girdwood -BigMoutMediaSocial Media - Andrew Girdwood -BigMoutMedia
Social Media - Andrew Girdwood -BigMoutMediaauexpo Conference
 
Internet Safety & Privacy
Internet Safety & PrivacyInternet Safety & Privacy
Internet Safety & PrivacyAlexine Marier
 
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationDEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationFelipe Prado
 

Recommended

Privacy & Social Media Marketing Bright Talk081009
Privacy & Social Media Marketing Bright Talk081009Privacy & Social Media Marketing Bright Talk081009
Privacy & Social Media Marketing Bright Talk081009Susan Lyon-Hintze
 
Easy Income
Easy IncomeEasy Income
Easy IncomeSimon Stravitz
 
MacMAD MacOS Security
MacMAD MacOS SecurityMacMAD MacOS Security
MacMAD MacOS Securitybos45
 
EU cookie law - solutions
EU cookie law - solutionsEU cookie law - solutions
EU cookie law - solutionssamie19
 
The ultimate guide to mining bitcoin with cryptotab
The ultimate guide to mining bitcoin with cryptotabThe ultimate guide to mining bitcoin with cryptotab
The ultimate guide to mining bitcoin with cryptotabSaid Dhaouadi
 
Social Media - Andrew Girdwood -BigMoutMedia
Social Media - Andrew Girdwood -BigMoutMediaSocial Media - Andrew Girdwood -BigMoutMedia
Social Media - Andrew Girdwood -BigMoutMediaauexpo Conference
 
Internet Safety & Privacy
Internet Safety & PrivacyInternet Safety & Privacy
Internet Safety & PrivacyAlexine Marier
 
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationDEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationFelipe Prado
 
Internet Dangers 2004
Internet Dangers 2004Internet Dangers 2004
Internet Dangers 2004Donald E. Hester
 
Digital Internationalization Best Practices for Global Brands
Digital Internationalization Best Practices for Global BrandsDigital Internationalization Best Practices for Global Brands
Digital Internationalization Best Practices for Global Brandsedynamic
 
Log Out Cyber Awareness
Log Out Cyber AwarenessLog Out Cyber Awareness
Log Out Cyber AwarenessApurv Singh Gautam
 
Cracking guide
Cracking guideCracking guide
Cracking guideHarnilVaghasiya
 
GDPR_Skillcast Presentation Template (1).pptx
GDPR_Skillcast Presentation Template (1).pptxGDPR_Skillcast Presentation Template (1).pptx
GDPR_Skillcast Presentation Template (1).pptxkimonesinghunicomerc
 
Internet Credibility
Internet CredibilityInternet Credibility
Internet CredibilityAmy Goldenburg
 
7 deadly front end sins
7 deadly front end sins7 deadly front end sins
7 deadly front end sinsRan Bar-Zik
 
Javascript static code analysis
Javascript static code analysisJavascript static code analysis
Javascript static code analysisRan Bar-Zik
 
Quality code in wordpress
Quality code in wordpressQuality code in wordpress
Quality code in wordpressRan Bar-Zik
 
How to get your first job at the Israeli high tech industry
How to get your first job at the Israeli high tech industryHow to get your first job at the Israeli high tech industry
How to get your first job at the Israeli high tech industryRan Bar-Zik
 
WordPress Security 101 for developers
WordPress Security 101 for developersWordPress Security 101 for developers
WordPress Security 101 for developersRan Bar-Zik
 
Javascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stackJavascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stackRan Bar-Zik
 
WordPress automation and CI
WordPress automation and CIWordPress automation and CI
WordPress automation and CIRan Bar-Zik
 
Drupal Security
Drupal SecurityDrupal Security
Drupal SecurityRan Bar-Zik
 
Presentation skills - course example
Presentation skills - course examplePresentation skills - course example
Presentation skills - course exampleRan Bar-Zik
 
HTML5 for dummies
HTML5 for dummiesHTML5 for dummies
HTML5 for dummiesRan Bar-Zik
 
Basic web dveleopers terms for UX and graphic designers
Basic web dveleopers terms for UX and graphic designersBasic web dveleopers terms for UX and graphic designers
Basic web dveleopers terms for UX and graphic designersRan Bar-Zik
 
HTML55 media api
HTML55 media apiHTML55 media api
HTML55 media apiRan Bar-Zik
 
Features in Drupal 7/6
Features in Drupal 7/6Features in Drupal 7/6
Features in Drupal 7/6Ran Bar-Zik
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

More Related Content

Similar to How to track users

Digital Internationalization Best Practices for Global Brands
Digital Internationalization Best Practices for Global BrandsDigital Internationalization Best Practices for Global Brands
Digital Internationalization Best Practices for Global Brandsedynamic
 
GDPR_Skillcast Presentation Template (1).pptx
GDPR_Skillcast Presentation Template (1).pptxGDPR_Skillcast Presentation Template (1).pptx
GDPR_Skillcast Presentation Template (1).pptxkimonesinghunicomerc
 

Similar to How to track users (6)

Internet Dangers 2004
Internet Dangers 2004Internet Dangers 2004
Internet Dangers 2004
 
Digital Internationalization Best Practices for Global Brands
Digital Internationalization Best Practices for Global BrandsDigital Internationalization Best Practices for Global Brands
Digital Internationalization Best Practices for Global Brands
 
Log Out Cyber Awareness
Log Out Cyber AwarenessLog Out Cyber Awareness
Log Out Cyber Awareness
 
Cracking guide
Cracking guideCracking guide
Cracking guide
 
GDPR_Skillcast Presentation Template (1).pptx
GDPR_Skillcast Presentation Template (1).pptxGDPR_Skillcast Presentation Template (1).pptx
GDPR_Skillcast Presentation Template (1).pptx
 
Internet Credibility
Internet CredibilityInternet Credibility
Internet Credibility
 

More from Ran Bar-Zik

7 deadly front end sins
7 deadly front end sins7 deadly front end sins
7 deadly front end sinsRan Bar-Zik
 
Javascript static code analysis
Javascript static code analysisJavascript static code analysis
Javascript static code analysisRan Bar-Zik
 
Quality code in wordpress
Quality code in wordpressQuality code in wordpress
Quality code in wordpressRan Bar-Zik
 
How to get your first job at the Israeli high tech industry
How to get your first job at the Israeli high tech industryHow to get your first job at the Israeli high tech industry
How to get your first job at the Israeli high tech industryRan Bar-Zik
 
WordPress Security 101 for developers
WordPress Security 101 for developersWordPress Security 101 for developers
WordPress Security 101 for developersRan Bar-Zik
 
Javascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stackJavascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stackRan Bar-Zik
 
WordPress automation and CI
WordPress automation and CIWordPress automation and CI
WordPress automation and CIRan Bar-Zik
 
Presentation skills - course example
Presentation skills - course examplePresentation skills - course example
Presentation skills - course exampleRan Bar-Zik
 
HTML5 for dummies
HTML5 for dummiesHTML5 for dummies
HTML5 for dummiesRan Bar-Zik
 
Basic web dveleopers terms for UX and graphic designers
Basic web dveleopers terms for UX and graphic designersBasic web dveleopers terms for UX and graphic designers
Basic web dveleopers terms for UX and graphic designersRan Bar-Zik
 
HTML55 media api
HTML55 media apiHTML55 media api
HTML55 media apiRan Bar-Zik
 
Features in Drupal 7/6
Features in Drupal 7/6Features in Drupal 7/6
Features in Drupal 7/6Ran Bar-Zik
 

More from Ran Bar-Zik (13)

7 deadly front end sins
7 deadly front end sins7 deadly front end sins
7 deadly front end sins
 
Javascript static code analysis
Javascript static code analysisJavascript static code analysis
Javascript static code analysis
 
Quality code in wordpress
Quality code in wordpressQuality code in wordpress
Quality code in wordpress
 
How to get your first job at the Israeli high tech industry
How to get your first job at the Israeli high tech industryHow to get your first job at the Israeli high tech industry
How to get your first job at the Israeli high tech industry
 
WordPress Security 101 for developers
WordPress Security 101 for developersWordPress Security 101 for developers
WordPress Security 101 for developers
 
Javascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stackJavascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stack
 
WordPress automation and CI
WordPress automation and CIWordPress automation and CI
WordPress automation and CI
 
Drupal Security
Drupal SecurityDrupal Security
Drupal Security
 
Presentation skills - course example
Presentation skills - course examplePresentation skills - course example
Presentation skills - course example
 
HTML5 for dummies
HTML5 for dummiesHTML5 for dummies
HTML5 for dummies
 
Basic web dveleopers terms for UX and graphic designers
Basic web dveleopers terms for UX and graphic designersBasic web dveleopers terms for UX and graphic designers
Basic web dveleopers terms for UX and graphic designers
 
HTML55 media api
HTML55 media apiHTML55 media api
HTML55 media api
 
Features in Drupal 7/6
Features in Drupal 7/6Features in Drupal 7/6
Features in Drupal 7/6
 

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

How to track users