Is It Suitable For Giant-scale Tracking

提供:鈴木広大
2025年12月3日 (水) 11:00時点におけるAsaHupp965761 (トーク | 投稿記録)による版 (ページの作成:「<br>We describe a tracking approach for Linux units, exploiting a new TCP source port era mechanism not too long ago introduced to the Linux kernel. This mechanism is based on an algorithm, standardized in RFC 6056, for boosting safety by better randomizing port choice. Our method detects collisions in a hash operate used within the mentioned algorithm, primarily based on sampling TCP source ports generated in an attacker-prescribed method. These hash collisions rel…」)
(差分) ← 古い版 | 最新版 (差分) | 新しい版 → (差分)
ナビゲーションに移動 検索に移動


We describe a tracking approach for Linux units, exploiting a new TCP source port era mechanism not too long ago introduced to the Linux kernel. This mechanism is based on an algorithm, standardized in RFC 6056, for boosting safety by better randomizing port choice. Our method detects collisions in a hash operate used within the mentioned algorithm, primarily based on sampling TCP source ports generated in an attacker-prescribed method. These hash collisions rely solely on a per-gadget key, and thus the set of collisions forms a system ID that enables monitoring devices across browsers, browser privacy modes, containers, and IPv4/IPv6 networks (together with some VPNs). It could distinguish among devices with identical hardware and software, and lasts until the gadget restarts. We implemented this technique after which examined it using tracking servers in two completely different areas and with Linux devices on various networks. We additionally examined it on an Android device that we patched to introduce the new port selection algorithm.



The tracking method works in real-life conditions, and we report detailed findings about it, including its dwell time, scalability, and success charge in several community types. We labored with the Linux kernel group to mitigate the exploit, resulting in a safety patch introduced in May 2022 to the Linux kernel, and we provide recommendations for better securing the port choice algorithm within the paper. Online browser-primarily based system monitoring is a widespread practice, employed by many Internet websites and advertisers. It allows figuring out users throughout multiple sessions and web sites on the web. "fraud detection, safety towards account hijacking, anti-bot and anti-scraping companies, enterprise security management, protection towards DDOS assaults, real-time focused marketing, campaign measurement, reaching customers throughout gadgets, and limiting the number of accesses to services". Device monitoring is often carried out to personalize advertisements or for surveillance functions. 3 get together cookies. However, these days, customers are more conscious of the cookies’ privacy hazards, and so that they use a number of browsers, browser privacy mode, and cookie deletion to avoid such monitoring.



Trackers are, due to this fact, on the look for new tracking applied sciences, notably ones that may work throughout websites and throughout browsers and privacy modes, thereby breaking the isolation the latter try to offer. Probably probably the most alarming impact of machine monitoring is the degradation of person privacy - when a user’s device may be tracked across network modifications, different browsers, VPNs, and browser privateness modes. Which means that customers who browse to one site with some id (e.g., person account), then browse to another site, from one other browser, iTagPro bluetooth tracker one other network (or VPN), and perhaps at another time altogether, utilizing a totally completely different and unrelated second id, may still have the 2 identities linked. Often, gadget tracking methods are utilized in a clandestine method, without the user’s consciousness and with out obtaining the user’s express consent. This motivates researchers to know the challenges of system tracking, discover new tracking methods that can be utilized with out consent, and work with the relevant software distributors to remove such techniques and increase awareness of those new sorts of assaults.



In this paper, we current a new browser-based mostly monitoring approach that supports tracking across IPv4 and IPv6 networks, browsers, VPNs, and browser privateness modes. Our monitoring method can present up to 128 bits of entropy for the device ID (within the Linux implementation) and requires negligible CPU and RAM assets for iTagPro bluetooth tracker its operation. Our approach uses standard web applied sciences similar to Javascript, WebRTC Turn (in Chrome), and XHR (in Firefox). 1-social gathering tracking server (i.e., there isn't any reliance on frequent infrastructure among the monitoring web sites). The monitoring server then calculates a gadget ID. This ID is predicated on kernel knowledge. Therefore, the same device ID is calculated by any site that runs the same logic, regardless of the community from which the tracked system arrives, or the browser used. The monitoring approach is based on observing the TCP source port numbers generated by the device’s TCP/IP stack, which is applied within the operating system kernel.

https://harry.main.jp/mediawiki/index.php?title=Is_It_Suitable_For_Giant-scale_Tracking&oldid=10770311」から取得