Look at this:
http://yro.slashdot.org/story/14/10/24/2052218/verizon-injects-unique-ids-into-http-traffic
Verizon Wireless, the nation's largest wireless carrier, is now also a real-time data broker. According to a security researcher at Stanford, Big Red has been adding a unique identifier to web traffic. The purpose of the identifier is advertisement targeting, which is bad enough. But the design of the system also functions as a 'supercookie' for any website that a subscriber visits. "Any website can easily track a user, regardless of cookie blocking and other privacy protections. No relationship with Verizon is required. ...while Verizon offers privacy settings, they don’t prevent sending the X-UIDH header. All they do, seemingly, is prevent Verizon from selling information about a user."
But one of the posters to the thread had a great idea:
http://yro.slashdot.org/comments.pl?sid=5868703&cid=48225583
Wonder if a chaff approach would help (Score:5, Insightful)
I wonder... if we wrote addons for popular browsers that would inject bogus X-UIDH headers into every request, whether we could make this kind of inappropriate privacy intrusion prohibitively expensive. If it works as he surmises, maybe we can overwhelm Verizon's ad exchange platform with meaningless data.
Yes, this! Could a browser plugin be created, or even a feature added to the browser itself, to add fake IDs of this sort and confuse unauthorized tracking?
A possible security enhancement for the future
-
- Posts: 170
- Joined: April 23rd, 2004, 12:12 pm
- Location: Ohio, USA
- raj_bhaskar
- Posts: 1946
- Joined: November 7th, 2002, 3:50 am
- Location: Glasgow, Scotland
- Contact:
Re: A possible security enhancement for the future
The Modify Headers extension should probably be able to do this for you (AMO says it's for Firefox only, but I've got it installed fine, and you could always try Lemon Juice's add-on converter if it doesn't).
Raj Bhaskar, https://lordofthemoon.com