MozillaZine

A possible security enhancement for the future

Discussion of features in Seamonkey
Zosimos
 
Posts: 136
Joined: April 23rd, 2004, 12:12 pm
Location: Ohio, USA

Post Posted October 27th, 2014, 7:46 am

Look at this:

http://yro.slashdot.org/story/14/10/24/2052218/verizon-injects-unique-ids-into-http-traffic

Verizon Wireless, the nation's largest wireless carrier, is now also a real-time data broker. According to a security researcher at Stanford, Big Red has been adding a unique identifier to web traffic. The purpose of the identifier is advertisement targeting, which is bad enough. But the design of the system also functions as a 'supercookie' for any website that a subscriber visits. "Any website can easily track a user, regardless of cookie blocking and other privacy protections. No relationship with Verizon is required. ...while Verizon offers privacy settings, they don’t prevent sending the X-UIDH header. All they do, seemingly, is prevent Verizon from selling information about a user."

But one of the posters to the thread had a great idea:

http://yro.slashdot.org/comments.pl?sid=5868703&cid=48225583

Wonder if a chaff approach would help (Score:5, Insightful)
I wonder... if we wrote addons for popular browsers that would inject bogus X-UIDH headers into every request, whether we could make this kind of inappropriate privacy intrusion prohibitively expensive. If it works as he surmises, maybe we can overwhelm Verizon's ad exchange platform with meaningless data.


Yes, this! Could a browser plugin be created, or even a feature added to the browser itself, to add fake IDs of this sort and confuse unauthorized tracking?

raj_bhaskar

User avatar
 
Posts: 1894
Joined: November 7th, 2002, 3:50 am
Location: Glasgow, Scotland

Post Posted October 28th, 2014, 2:23 am

The Modify Headers extension should probably be able to do this for you (AMO says it's for Firefox only, but I've got it installed fine, and you could always try Lemon Juice's add-on converter if it doesn't).

Return to SeaMonkey Features


Who is online

Users browsing this forum: No registered users and 1 guest