tracking.md 2.13 KB
Newer Older
mazenovi's avatar
mazenovi committed
1
2
3
# Tracking

# <i class="fa fa-user-secret" aria-hidden="true"></i>
mazenovi's avatar
mazenovi committed
4
5


mazenovi's avatar
mazenovi committed
6
## [panopticlick](https://panopticlick.eff.org/)
mazenovi's avatar
mazenovi committed
7

mazenovi's avatar
mazenovi committed
8
### Is your browser safe against tracking?
mazenovi's avatar
mazenovi committed
9

mazenovi's avatar
mazenovi committed
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
[Electronic Frontier Foundation](https://www.eff.org/about)'s project


## Fingerprint

![Finger print](images/tracking/fingerprint.png)<!-- .element style="width: 80%" -->


## Cookies

* Palie à l'amnésie du protocol HTTP
* En têtes HTTP envoyées par le serveur

  ```http
  Set-Cookie: name=value[; Max-Age=age][; expires=date]
  [; domain=domain_name][; path=some_path][; secure][; HttpOnly]
  ```

* Renvoyées inchangées par le client à chaque requête

  ```http
  Cookie: name=value
  ```

* Cloisonnés par domaine
  * accessibles via les sous domaines


## just do it

* [<i class="fa fa-github" aria-hidden="true"></i> willdurand-edu/cookie-playground](https://github.com/willdurand-edu/cookie-playground)

```bash
Vincent Mazenod's avatar
Vincent Mazenod committed
43
git clone https://github.com/willdurand-edu/cookie-playground.git
mazenovi's avatar
mazenovi committed
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
php composer.phar install
php -S localhost:4000 -t .
```

* tracker exposes a dashboard at: http://localhost:4000/tracker/public/dashboard.
* The website does not do much, but is available at: http://localhost:4000/website/.


## Space cookies

* Techniques de tracking
  * Cookies plus persistants
  * moins limité en taille

* [Supercookie](https://en.wikipedia.org/wiki/HTTP_cookie#Supercookie)
  * cookie de niveau racine (.com)


## Space cookies

* Flash cookie
  * utilise la persistance flash
    * [LSO (Local Shared Object)](https://fr.wikipedia.org/wiki/Objet_local_partag%C3%A9)
      * cross domain
      * accès à l'historique des sites visités utilisant flash

mazenovi's avatar
mazenovi committed
70

mazenovi's avatar
mazenovi committed
71
72
73
74
75
76
77
78
79
80
## Space cookies

* [Zombie cookie](https://en.wikipedia.org/wiki/Zombie_cookie)
  * cookie perpétuellement recréé

* [Evercookie](https://en.wikipedia.org/wiki/Evercookie)
  * exploite toute les possibilités
    * [<i class="fa fa-github"></i> samyk/evercookie](https://github.com/samyk/evercookie/)

* [Cookie de tracking / assiste.com](http://assiste.com/Cookie_de_Tracking.html)
mazenovi's avatar
mazenovi committed
81
* [Using HTML5 Local Storage vs Cookies For User Tracking ...](http://johnsteinmetz.net/blog/using-html5-local-storage-vs-cookies-for-user-tracking/)