Is It Suitable For Big-scale Tracking

提供:鈴木広大
2025年9月29日 (月) 13:48時点におけるJestineSalo54 (トーク | 投稿記録)による版 (ページの作成:「<br>We describe a tracking approach for Linux units, exploiting a new TCP source port generation mechanism not too long ago launched to the Linux kernel. This mechanism is based on an algorithm, standardized in RFC 6056, for boosting security by higher randomizing port choice. Our approach detects collisions in a hash function used within the stated algorithm, based mostly on sampling TCP supply ports generated in an attacker-prescribed method. These hash collisions…」)
(差分) ← 古い版 | 最新版 (差分) | 新しい版 → (差分)
ナビゲーションに移動 検索に移動


We describe a tracking approach for Linux units, exploiting a new TCP source port generation mechanism not too long ago launched to the Linux kernel. This mechanism is based on an algorithm, standardized in RFC 6056, for boosting security by higher randomizing port choice. Our approach detects collisions in a hash function used within the stated algorithm, based mostly on sampling TCP supply ports generated in an attacker-prescribed method. These hash collisions rely solely on a per-gadget key, and thus the set of collisions kinds a gadget ID that enables monitoring gadgets across browsers, browser privacy modes, containers, and ItagPro IPv4/IPv6 networks (including some VPNs). It will probably distinguish amongst gadgets with similar hardware and software program, and lasts till the device restarts. We implemented this technique after which examined it using tracking servers in two different areas and with Linux units on numerous networks. We also tested it on an Android device that we patched to introduce the brand new port selection algorithm.



The tracking approach works in actual-life circumstances, and we report detailed findings about it, including its dwell time, scalability, and iTagPro product success charge in different network types. We labored with the Linux kernel staff to mitigate the exploit, leading to a security patch introduced in May 2022 to the Linux kernel, and we offer suggestions for higher securing the port selection algorithm within the paper. Online browser-primarily based gadget tracking is a widespread observe, employed by many Internet websites and advertisers. It permits figuring out customers throughout multiple periods and web sites on the internet. "fraud detection, protection against account hijacking, anti-bot and anti-scraping services, enterprise safety administration, safety against DDOS assaults, real-time focused advertising, campaign measurement, reaching prospects throughout units, and limiting the variety of accesses to services". Device monitoring is often carried out to personalize adverts or for surveillance functions. Three get together cookies. However, nowadays, customers are more aware of the cookies’ privateness hazards, iTagPro product and in order that they use multiple browsers, browser privacy mode, and cookie deletion to keep away from such monitoring.



Trackers are, subsequently, on the look for brand spanking new tracking applied sciences, significantly ones that may work throughout websites and throughout browsers and privacy modes, thereby breaking the isolation the latter attempt to offer. Probably probably the most alarming impression of gadget monitoring is the degradation of user privateness - when a user’s machine may be tracked across community changes, iTagPro product different browsers, VPNs, and browser privateness modes. This means that users who browse to one site with some id (e.g., person account), then browse to another site, from another browser, one other network (or VPN), and perhaps at one other time altogether, utilizing a very completely different and iTagPro product unrelated second identity, should still have the 2 identities linked. Often, gadget monitoring techniques are used in a clandestine manner, without the user’s consciousness and with out obtaining the user’s explicit consent. This motivates researchers to understand the challenges of machine monitoring, find new monitoring methods that can be used with out consent, and work with the relevant software program vendors to eradicate such strategies and elevate consciousness of these new sorts of assaults.



On this paper, iTagPro product we current a new browser-based monitoring technique that helps tracking across IPv4 and IPv6 networks, browsers, VPNs, ItagPro and browser privateness modes. Our tracking method can provide up to 128 bits of entropy for the system ID (in the Linux implementation) and requires negligible CPU and RAM sources for its operation. Our approach uses normal net technologies corresponding to Javascript, WebRTC Turn (in Chrome), and XHR (in Firefox). 1-celebration tracking server (i.e., there isn't any reliance on common infrastructure among the many monitoring web sites). The monitoring server then calculates a device ID. This ID relies on kernel information. Therefore, the identical system ID is calculated by any site that runs the identical logic, whatever the network from which the tracked system arrives, or the browser used. The tracking method is predicated on observing the TCP source port numbers generated by the device’s TCP/IP stack, ItagPro which is carried out within the working system kernel.

https://harry.main.jp/mediawiki/index.php?title=Is_It_Suitable_For_Big-scale_Tracking&oldid=10180568」から取得