![]() So, this is the description and how it's supposed to work: you need to have a website and you've to insert the same 1x1 pixel image in all the pages of your website!! it hasn't to be a real image, but actually a php page generating one pixel image!! so, when a user is browsing your website, it's possible to count him only once!!!!! You may use one new etag also in every page with articles of your website to count the readings per article!!! Yea, no cookies and no javascrips are needed!!! but the counting and tracking will be accurate!! Well, in this way, Tor users are anonymous (fake IP) but they aren't hiding themselves in the crowd!!!! The hidden image can track all the IPs you're using, so it can follow you easily!!! In this way, it's possible to understand that if a tor exit node has loaded one page and a second later the same IP loads the hidden tracking image, it could be you!!!! this repeats for all pages with all the IPs you're associated with, as then you're sending the same ETag number every time to the tracking pixel!!! Well, this can be extended, for example one poisoned exit node can add one "ETag" header for you!! it can be done for the background picture of a particular website!!!! Yea, a bad exit node can do it against you!! So, even if you change tor nodes, you won't change the Etag ID!!!!!!!!! This thing could be extended further!!! But i don't want to give too many suggestions to Google!!!!!!!!!! As always, if the browser's lock icon is broken or carries an exclamation mark, you may remain vulnerable to adversaries that use active attacks or traffic analysis to compromise your privacy and security. Note that some of these sites still include a lot of content from third party domains that are not available over HTTPS. It is also possible to add user-defined rule files, and/or to submit rules to us for inclusion in future versions. ![]() We currently provide rule sets for Google Search, Wikipedia, Twitter, Facebook, The New York Times, The Washington Post, IxQuick, and many more popular sites. These addons perform redirection at the DOM level, which causes many HTTP fetches to leak prior to the redirect to HTTPS. HTTPS Everywhere should also perform more securely than DOM-based mechanisms such as the GreaseMoney-based SSL Certificates Pro and the Google Chrome-based KB Enforcer. In particular, Google's SSL search and Wikipedia both require rather complex URL rewriting and exception filters to work properly. For instance, they may not offer all pages and applications via HTTPS, or may only allow HTTPS activity via alternate subdomains that require URL rewriting and redirection. This tends to work more effectively than NoScript because many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. Our approach is based on the NoScript STS implementation, but is more expressive in the manner in which HTTPS-enforcing rules are written. At the same time, we were also able to encrypt most or all of the browser's communications with other popular sites that support SSL, but don't provide it by default. We wanted a way to ensure that every search our browsers sent was encrypted, including the search box and URL bar features. ![]() This Firefox extension was inspired by the launch of Google's encrypted search option. Today the EFF and the Tor Project are launching a public beta of a new Firefox extension called HTTPS Everywhere. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |