DO NOT TRACK

-
Most popular Internet browsers, such as Firefox and Internet Explorer, now have an option called “do not track.”  The function of “do not track,” is, if selected, to supposedly allow users to opt out of tracking by websites they haven’t visited.  The sites that would typically be tracking web users, without their knowledge, include analytics services, advertising networks, and social platforms.  
The way it works is when the web browser requests or sends content using a HTTP, a header is included either (DNT: 1) meaning do not track, or (DNT: 0) which means the user has consented to being tracked.  A third option occurs when a user has not chosen to either opt in or opt out, then the request is null and no header is added.   

The implementation of “do not track” works solely on the honor system, and since websites are not required by law to comply with DNT requests, few actually honor these requests.   Still some websites respond to the DNT indication, Twitter being one of the major companies that chooses to recognize the signal.  Out of 211 third party trackers investigated, only one honored a “do not track” request, concluded a Keynote Systems study. 

What can be seen as a downside to the absence of advertisers tracking web users is that the user will still see ads, but they will continue to see the same irrelevant ads repeated.  To avoid this, the World Wide Web Consortium has supported “frequency capping”, which will allow advertisers to track even those with an activated DNT enough to prevent the users from seeing repeated ads. 

Microsoft initially announced that the new Internet Explorer 10, which will be shipped with Windows 8, would have the “do not track” header turned on by default.  Microsoft’s announcement infuriated many online advertisement companies and groups, who use tracking as a way to better target their customers with ads that would be most likely to appeal to them. 

However, this new default setting on IE 10 would not be compliant with Do Not Track’s specification that requires the explicit consent of each individual user of the service, meaning that the users would have to enable the anti-tracking feature in their browsers themselves. The specifications suggest that the user be prompted to set their tracking preference on first launch of the browser. The specification proposal has not yet been accepted fully by the W3C Tracking Protection Working Group, but it is likely to be approved.
VISIT:- REDZONE DIGITAL SECURITIES

Comments

Post a Comment

Popular posts from this blog

AntiCloud Trojan Reverse Engineering Analysis

-
Image
Introduction In this paper we are going to talk about the Anticloud Trojan, also know as the  TrojanDropper:Win32/Bohu.A and  B  variant. This malware originated in China and was designed to target the Cloud-Based Technology of major Chinese AntiVirus Vendors. For this reason, Bohu has also been called  AntiCloud Trojan . This is the first malware to specifically target cloud based technologies and will likely set a trend. As more corporations and governments move applications and services into the cloud, it will become an increasingly important target for malware developers. We can expect sophisticated malware that attacks clients and embeds itself into cloud-based apps, potentially without the user being able to determine that the cloud-based service is compromised. This trojan presents some interesting features, such as: Hash Check Evasion. Packet Interception via NDIS Filter. Cloud-Servers Access Lock via SPI network filter in order to Bypass antivirus Detection. So
Read more

SQL Injection: The Equal Opportunity Vulnerability

-
Image
Introduction In the  first installment of this series , we discussed application security within the Software Development Process by demystifying the adoption of security controls within the development organization. We also took a deeper dive into identifying potential vulnerabilities based on threats to attack surfaces exposed to the application, a process known as threat modeling. In this installment, we are going to take a technical dive into specific vulnerabilities that can be used to compromise the attack surfaces and discuss what is arguably one of the most prevalent attacks to applications and inflicts the most exposure of sensitive data: SQL Injection. Injection attacks attempt to infiltrate an application by injecting malicious content into the application through available input channels. Input channels can be in the form of form fields, uploads, 3 rd  party API, data access channels, configuration files, input files: essentially, any point at which the application r
Read more

Secure Sockets Layer (SSL)

-
Image
Secure Sockets Layer (SSL): How It Works What Happens When a Browser Encounters SSL > A browser attempts to connect to a website secured with SSL. > The browser requests that the web server identify itself. > The server sends the browser a copy of its SSL Certificate. > The browser checks whether it trusts the SSL Certificate. If so, it sends a    message to the server. > The server sends back a digitally signed acknowledgement to start an SSL encrypted session. > Encrypted data is shared between the browser and the server. Encryption Protects Data During Transmission Web servers and web browsers rely on the Secure Sockets Layer (SSL) protocol to help users protect their data during transfer by create a uniquely encrypted channel for private communications over the public Internet. Each SSL Certificate consists of a key pair as well as verified identification information. When a web browser (or client) points to a secured website, th
Read more