Advertisers know exactly who you are… the data is NOT anonymized

Advertisers know who you are, where you go, when you go there and how much time you spend where you are: Advertisers will be able to upload email lists to target customers and similar audiences with ads on search, Gmail and YouTube.
This shows, yet again, that the claims about the data being anonymized, are false. This capability enables advertisers and those buying advertising time/space from (in this case) Google, to say “here’s an individual I want to show my ads to”(*).

What was that about “we don’t know who you are, you’re just an anonymous number to us“, you say?
When the number is you, uniquely you, then you’re not anonymized, instead, you’ve been given an (additional) alias which makes it easier to be identified, not harder.

IvyDNS prevents you from ever being recorded as one of these (non-)’anonymous numbers’ in the first place. And even if you were recorded in the past, it makes your future footprints melt away before anyone gets a chance to see them.

(*) Interestingly, this also opens up a mechanism for those using advertising networks as delivery mechanisms for malware, to target very specific individuals for infection with their malware.

Tool in the Spotlight: Random Agent Spoofer

This month’s Tool in the Spotlight: Random Agent Spoofer, a Firefox extension that gives you control over how your browser identifies to sites you visit.

Many sites create a fingerprint of you when you visit them. Usually, this information contains the ‘User Agent’ string, which (oversimplified) is a combination of the name of your browser, its version together with the name of your operating system with its version (this is much oversimplified, check out the wikipedia page for more info). This is useful information for those operating the sites you visit because it enables them to send you content that is specific to your browser. Specifically, if the site detects that you are visiting them using a mobile browser/device, it will send the mobile version of the site; if it sees a desktop browser or device, it sends the desktop version of the site.

However, with HTML5 and CSS3 in specific, websites no longer need to have multiple versions for different browsers, they can use “media selectors” to have the site render correctly instead.

The remaining use of the user agent string is being reduced to just fingerprinting you so that you can be uniquely identified based on what your browser tells the site it is and is capable of using a technique called browser fingerprinting. So even though you aren’t logged into the site, it knows it is you before you told it that it is you. Obviously, we are not a fan of this kind of thing. No-one should be forced to identify or legitimize themselves unless out of their own volition.

Enter “Random Agent Spoofer“, a tool that is part of the solution by changing the way your browser identifies to sites. It makes it super easy to select a particular browser and version you want to impersonate or you can set it up to change how it identifies every so often by itself. Once configured, there’s nothing you need to do.
Obviously, and similarly to other tools we highlight, this tool is not the one, single tool to use which will solve all your problems, but it adds to making it harder for sites to identify you as you visit them.
On top of that, Random Agent Spoofer gives you control over script injection, cookie behavior, headers sent to the site when you request it, etc… all making it harder for the site to figure out who you are (and make their efforts to do so, more frustrating and less accurate).

Check out the tool at https://addons.mozilla.org/en-US/firefox/addon/random-agent-spoofer/. This tool is an open source tool currently hosted on GitHub, which means that you can look at the source code and figure out what exactly it is that it does, and how it does it – if that’s your thing (it is for us).

NOTE: we are entirely unaffiliated with whoever produces this tool, we receive no compensation whatsoever from them.

Power in the Age of the Feudal Internet

While this article is already a couple years old, someone recently reminded us about it.
The Internet started out as a way to build resilient systems: systems that could deal with black-outs or the disappearing of a server. And if one went down, we’d just prop up another one.
When ‘Cloud’ was the newest buzz-word, we were told that it would give us flexibility: if we didn’t like our current provider, we could pick up and move to another – it’s all in the cloud anyway, whether it’s over here or over there, it doesn’t matter, right?
Sadly, the cloud has become a mist. A mist preventing us from seeing what could have been. It prevents us from venturing out because we can’t move from one provider to another.

Regardless of how you feel about it, “Power in the Age of the Feudal Internet” is an interesting read.

Advertising networks are delivery mechanisms for malware

The Register published an article on how advertising networks used by major and popular sites are (yet once more) being hijacked by malware peddlers. IvyDNS eliminates this attack vector and keeps you safe when you are online.

It’s just another reason to no longer treat advertising as ‘harmless’ or ‘a minor nuisance’: allowing content from unknown third parties to be downloaded to and executed on your devices is a major security risk that can lead to compromised devices and can include identity theft.

A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN.

Readers of those news sites, just a portion of all affected (since it also affected eBay’s UK portal), were infected with modular trojans capable of harvesting account and email credentials, stealing keystrokes, capturing web cam footage, and opening backdoors.

The news sites are not at direct fault as they displayed the advertising; the ad networks and the underlying structure of high-pace and low-profit margins is what lets malvertising get its huge impact.

Read the full article over here.