A possible security enhancement for the future

Discussion of features in Seamonkey
Post Reply
Zosimos
Posts: 170
Joined: April 23rd, 2004, 12:12 pm
Location: Ohio, USA

A possible security enhancement for the future

Post by Zosimos »

Look at this:

http://yro.slashdot.org/story/14/10/24/2052218/verizon-injects-unique-ids-into-http-traffic

Verizon Wireless, the nation's largest wireless carrier, is now also a real-time data broker. According to a security researcher at Stanford, Big Red has been adding a unique identifier to web traffic. The purpose of the identifier is advertisement targeting, which is bad enough. But the design of the system also functions as a 'supercookie' for any website that a subscriber visits. "Any website can easily track a user, regardless of cookie blocking and other privacy protections. No relationship with Verizon is required. ...while Verizon offers privacy settings, they don’t prevent sending the X-UIDH header. All they do, seemingly, is prevent Verizon from selling information about a user."

But one of the posters to the thread had a great idea:

http://yro.slashdot.org/comments.pl?sid=5868703&cid=48225583

Wonder if a chaff approach would help (Score:5, Insightful)
I wonder... if we wrote addons for popular browsers that would inject bogus X-UIDH headers into every request, whether we could make this kind of inappropriate privacy intrusion prohibitively expensive. If it works as he surmises, maybe we can overwhelm Verizon's ad exchange platform with meaningless data.


Yes, this! Could a browser plugin be created, or even a feature added to the browser itself, to add fake IDs of this sort and confuse unauthorized tracking?
User avatar
raj_bhaskar
Posts: 1946
Joined: November 7th, 2002, 3:50 am
Location: Glasgow, Scotland
Contact:

Re: A possible security enhancement for the future

Post by raj_bhaskar »

The Modify Headers extension should probably be able to do this for you (AMO says it's for Firefox only, but I've got it installed fine, and you could always try Lemon Juice's add-on converter if it doesn't).
Post Reply