User identification
User identification
User identification - user recognition computer system based on a previously defined description. The purpose of identification is to determine the user's authority (the right to access data and select the mode of their use).
In English: User identification
Finam Financial Dictionary.
See what "User authentication" is in other dictionaries:
user identification- vartotojo atpažinimas statusas T sritis automatika atitikmenys: angl. user identification vok. Anwenderidentifikation, f; Benutzerkennung, f rus. user identification, f pranc. identificateur d utilisateur, m ... Automatikos terminų žodynas
network user identification- (ITU T X.7). Topics telecommunications, basic concepts EN network user identificationNUI ...
Authorization (identification) of the website user- Authorization (identification) checking the user for the right to view certain pages of the site. User identification is carried out using a username (login) and a password ... Source: Order of the Treasury of the Russian Federation of 28.08.2008 N 231 ... Official terminology
automatic user identification- - [L.G. Sumenko. The English Russian Dictionary of Information Technology. M .: GP TsNIIS, 2003.] Topics information technologies in general EN user automatic secure authentication ... Technical translator's guide
This term has other meanings, see Identification. Identification in information systems is a procedure, as a result of which its identifier is revealed for the subject of identification, which uniquely identifies this ... ... Wikipedia
Identification- - user recognition process automated system, for which he gives her his unique name, for example login. This name is called an identifier. Identification allows the system to distinguish one user from another, two ... ... Banking encyclopedia
identification (code) of the user (to determine his authority)- - [E.S. Alekseev, A.A. Myachev. English Russian explanatory dictionary on computer systems engineering. Moscow 1993] Topics information technologies in general EN user identification ... Technical translator's guide
password identification- A procedure for unambiguously identifying a user by a password, a copy of which is stored in the system. The procedure is performed to determine the rights and authorities of a user to use system resources. [L.M. Nevdyaev. ... ... Technical translator's guide
GOST R ISO / IEC 19762-3-2011: Information technology. Automatic identification and data collection technologies (AISD). Harmonized Dictionary. Part 3. Radio frequency identification (RFID)- Terminology GOST R ISO / IEC 19762 3 2011: Information Technology... Automatic identification and data collection technologies (AISD). Harmonized Dictionary. Part 3. Radio frequency identification (RFID) original document: 05.02.21 abstract ... ...
GOST R ISO / IEC 19794-4-2006: Automatic identification. Biometric identification. Biometric data exchange formats. Part 4. Fingerprint image data- Terminology GOST R ISO / IEC 19794 4 2006: Automatic identification. Biometric identification. Biometric data exchange formats. Part 4. Fingerprint image data original document: 4.16 valley: Area, ... ... Dictionary-reference book of terms of normative and technical documentation
The problem of user identification is due to the fact that interaction on the Internet is objectively mediated due to the architectural features of this information and telecommunication network. Moreover, this mediation manifests itself at various levels of the Internet architecture. This problem finds its expression in various branches of law, but in each of them it is associated precisely with the specified features of the Internet architecture.
At the same time, the legal expression of the problem of user identification has two aspects, which can be conventionally designated as "positive" and "negative" (these terms are functional, not evaluative).
"Positive" aspect systemic problem user identification is expressed in the need to define the user as the subject of legal relations. Before the digital era, identification of the subject of legal relations could also pose a problem, but the reason for such a problem, as a rule, was rooted in the will of the other party, who wants to hide his "true" name, company name, organizational and legal status or other legal qualities that are aimed at isolating a person in the system of legal relations. In modern conditions of information and telecommunication networks, such a problem no longer depends on the will of the party, but is determined by the basic technical parameters ways of carrying out legal communication. In civil law Russian Federation, as a general rule, citizens (and. 1 article 19) and legal entities(Clause 1 of Art. 48) acquire rights and obligations under their own name, and not under a network pseudonym - however, this aspect in practice is not considered as an obstacle to the validity of originally anonymous or "pseudonymous" legal relations on the Internet. In administrative and criminal law, this problem does not make it possible to reliably determine the person who committed the offense. In other branches of law and legislation, this problem manifests itself in a similar way.
« Negative»The aspect of the systemic problem of user identification is expressed in the need to protect the rights of Internet users as subjects of personal data. V this case on the contrary, the reverse side of the problem of user identification is being actualized. V modern internet so much information about users is accumulated that even if the user does not directly communicate his passport data to an indefinite (or definite, but unreliable) circle of persons, sooner or later the amount of information on the Internet makes it possible to establish the identity of a particular user to any interested person. Today, legislation on personal data is actively developing in the Russian Federation, but the Law on Personal Data itself is based on the Convention on the Protection individuals in the automated processing of personal data in 1981, in which at that time it was extremely difficult to take into account the promising technologies of "big data". The practice and discussions in the field of personal data in the context under study are built around a restrictive or expansive interpretation of the provisions of the Personal Data Law, including the definition of personal data. The main difficulty in this situation is to find a balance between the interests of individual users (their legal protection as subjects of personal data) and a sufficient degree of freedom for the development of Internet business, many restrictions for which may represent an administrative barrier.
In this case, the "positive" aspect of the problem of user identification is a classic expression of this problem. From a legal point of view, in the context of doctrinal and practical approaches developed in domestic jurisprudence, such an approach on currently may be allowed in the following ways, depending on the type of legal relationship in which it is updated:
- 1) protective legal relations. An example is criminal law. This is where the problem of user identification becomes question of fact, and the identity of the user is to be established by means of forensic methods and by the totality of evidence. The manifestation of the architectural features of the problem of user identification in protective legal relations lies in the fact that it is impossible to manage with only "computer" evidence, since in any situation it should be assumed that there was another person at the computer, or that the source of the corresponding e-mail was forged, or that the message was intercepted along the way and replaced by another, etc. Therefore, it is required to use additional evidence of the "pre-digital era" - testimony, as well as fingerprints [on the keyboard] and other traces in the forensic sense;
- 2) regulatory legal relationship. An example is civil law. The parties are interested in having a legally significant and legally grounded confidence that the actions leading to the establishment, change and termination of civil legal relations are carried out by precisely those subjects with whom they are already in any legal relationship or intend join it. The same applies to a possible example with regulatory relations within the framework of an administrative nature - the subject of legal relations on the Internet, for example, must be sure that the requirement to remove “prohibited information” comes from Roskomnadzor.
The general legal solution in this situation is legal presumption identification of the subject of the legal relationship. This presumption is rebuttable - the alleged subject of the legal relationship can refute the fact, for example, the use of a certain communication Internet service. Such a presumption may have different grounds - for example, legal - law or contract - or mixed - for example electronic signature, which refers, rather, to the architectural aspects of computer technology, but the value of which is due precisely to the law.
It is interesting
In the case of "prohibited information", the interaction of Roskomnadzor with the hosting provider is determined by the Procedure for the interaction of the operator of a single automated information system"A unified register of domain names, page pointers of sites on the Internet" and network addresses that allow identifying sites on the Internet, containing information, the dissemination of which is prohibited in the Russian Federation "with the hosting provider, approved by Roskomnadzor Order No. 170 dated February 21, 2013 According to and. 5 of this Procedure, a notification of inclusion in the Register, drawn up in Russian and English, is sent to the email of the hosting provider from email address This e-mail address is being protected from spambots. To see it, you must have Java-Script enabled and signed with an enhanced qualified electronic signature of the Registry operator. In this case, in fact, there are two ways to solve the problem of user identification: presumption based on law (a letter sent from specified address, is considered a letter sent on behalf of Roskomnadzor by this issue) and mixed - the use of an enhanced qualified electronic signature is required.
In the same case, if such a question spills over into protective, but private law and based on the principles of adversarial legal relationship, this presumption may already be of a procedural nature. For example, in a dispute with an Internet company, both the user and the Internet company may not dispute the existence of a legal relationship, although the argument arising from the systemic problem of identifying users in this case, depending on the circumstances, may be useful for one, and for the other side.
At the same time, the most interesting tool for resolving the "positive" aspect of the problem of user identification is precisely the electronic signature, which can be of several types.
If you are paranoid, it does not mean that no one is following you.
Identification of users on the Internet - many methods to find out everything about a user from open and semi-open sources on the Internet. Using the Internet, a person leaves a huge amount of information about himself. Perhaps there would be nothing wrong with this if everyone were prophets and knew how, to whom and in what direction it would come out later. But until the connection with the astral is established, it would be nice to stop and look around: do I still do this? An ordinary Internet user may get the deceptive impression of his own anonymity on the World Wide Web. So, the first thing to understand is that it is false! And there is only one reason - yes, yes, it is. The saddest thing is that the users themselves killed the slightest hint of anonymity on the network, and as soon as she tries to raise her head, people immediately drive anonymity with a new aspen stake in the chest.
It is necessary to divide information about a user on the network into two unequal categories: what he leaves himself, and what programs inform about him without unnecessary noise. And is it any wonder that the user posts most of the information about himself voluntarily and without any coercion - and the best dossier is the one that a person writes about himself. Yes, yes, the first thought about
You must be registered to see links.
Twitter and Facebook was absolutely correct. And if we add to this that the data in them will not go anywhere from the cache search engines and Internet archives, and all your messages written now can be read in 5 years, and in 40 years, it becomes scary. Moreover, not abstract intelligence officers will be able to read, but everyone who wants to. We live in a glass cage that we ourselves built.
Identification without the user's knowledge
Mobile phones are watching you, sir!
As is known,
You must be registered to see links.
He does not use a mobile phone so that all services cannot track his movements on the street and in general everywhere. It makes a lot of sense if you -
You must be registered to see links.
The frequencies of your satellite phone are known to the FSB, and on a call a homing missile will fly to you (search for proofs yourself). However, for an ordinary citizen with a GSM phone, positioning is not the worst thing. But first things first and let's start with the mentioned positioning.
- Positioning.
The approximate location of the included cell phone... Considering that the phone does not levitate by itself, but lies in the pocket, then the location of the person using it is known. Two basic techniques are used: using positioning relative to base stations and using the GPS built into the phone (if there is one, and it is in the overwhelming majority of smartphones). The error in the case of the first method in GSM networks is about 100 meters (in terms of distance from the tower), and even more, given the unpredictable urban development. Generally speaking, the positioning capability in GSM networks is provided by the time sharing technology, and is a side effect. The position of the phone is defined as the distance from the base station from which it operates in this moment... That gives the possible position of the subscriber in the form of a ring: a width equal to the uncertainty along the radius, and around the base station. This principle worksYou must be registered to see links.
From MTS, upsetting schoolchildren who are skipping couples. The service from MTS, in general, should exclude the positioning of a person who has not given consent, but if you have a good friend in some kind of opsos, he will be able to point at the dude who keeps your stolen and turned on mobile phone.
The second method (GPS) gives an accuracy of 5 to 50 meters, which is already pretty good. You can always check how your placement corresponds to reality by going to Google Maps from your smartphone (the author usually has an error of 15 meters). You can read more about this.You must be registered to see links.
.
- Wiretapping.
You should decide whose wiretapping you are afraid of. IfYou must be registered to see links.
That fears are fully justified (
You must be registered to see links.
). According to quite reliable data, the guys from the FSB have an agreement with the operators mobile communications and can listen to any number. But if you are afraid of cool-hackers with homemade devices for intercepting and decrypting on the fly the signal in the GSM network, then you can calm down - at the moment there is no full-fledged working prototype. But works
You must be registered to see links.
More details
You must be registered to see links.
.
You must be registered to see links.
,You must be registered to see links.
And others like them. In general, mobile phones have radically changed the rules of the game - and Google and Apple are well aware of this. Whoever controls the mobile market will control the future. The smarter the phone, the more useful and convenient functions it has, the more data it sends about you to the manufacturer. And not only about you - the task of smart phones is to index and send the maximum possible amount of data about the world around them to the servers. Here are just a few examples.
You must be registered to see links.
It is a database of over 100 million wifi hotspots around the world with their geographic coordinates... With an accuracy of 20 meters, by the way. And it is replenished as follows - if you want to go from your phone via wi-fi to Google Maps, then your phone scans, finds out the ssid and mac-address of not only the point to which you connect, but also all nearby ones and sends them to Skyhook - a partner of the Empire of Good. What for? The fact is that having a database of 70% of wi-fi points in the USA and Canada, as well as points in all major cities in the world, it is more convenient for advertisers (Google) to track you and provide targeted advertising based on your location. At least for now.
- Google glasses
Excellent, breakthrough photo search technology. You can take a picture of a landmark through your phone and immediately find out all the information about it from Google. And you can google information about trade mark by taking a photo of her logo. And a lot of things you can do! You just need to understand that if before that Google had only "ears" through which he read the requests you stuffed with him, now there are "eyes" as well. And given the ubiquitous GPS binding, Google knows where you are, what you are looking at and what you want to know about it. And, most likely, Google glasses will find application not only in mobile phones, and the functionality itself will seriously expand and integrate so conveniently with the rest of Google services that it would be simply stupid not to use it. After all, it's great to look at any object and immediately find out all the available information about it, look around on the street and see the names of people passing by, prices to the nearest cafe, and so on. This is where the fun begins.
- Google account
Android synchronization, which, however, is customizable by the user, happens in a very curious way - all your data from your phone is synchronized with your Google account and stored on the server. Thus, Google knows your calendar, your contacts, your calls, your to-do list, your mobile number ... yes, everything you did with your phone. By the way, they say that Android phones take regular screenshots of the screen and subsequently send them to Google servers - if there are Android owners with root access, check and unsubscribe here.
You must be registered to see links.
). And, of course, that Google, that Apple, thanks to the ability to buy applications for the phone, knows your credit card number.
Generally, Android phones phenomenal, they fully meet the expectations of a phone. If Apple's phone is a racial fascist phone (nya!) That only allows you to do what the Fuehrer Steve Jobs allowed (unless you jailbreak, of course), then Google's phone gently tells you, “do what you want, but only please tell me everything, everything, okay? " And this insinuating whisper is very difficult to refuse ... But just think - is it worth sharing with a transnational corporation, whose mission is to "organize world information and make it public and useful" in most aspects of your life. Yes and Apple I should have known less about my hamsters... How to resist all this? Buy yourself a mobile that is just a phone, not a small computer. For the rest, it is better to use a laptop.
Browsers are jacking after you too!
Once upon a time, cookies were invented for this task. But, unfortunately, cookies are only the most innocuous thing that a user who wants to maintain anonymity on the Internet has to face.
You must be registered to see links.
(external ip, IP address) - every computer on the Internet has an external ip-address, which is generally obvious. And at first glance, the identification of a specific user with it is very difficult ... First,
You must be registered to see links.
Dynamic IP addresses given by the provider to the user from a certain range of addresses at random with each new connection. And, secondly, there are networks where many computers sit on the same external ip (yes, and for the sins of one, everyone is banned at once). Let's assume that you still have a static white ip and an off-scale degree of paranoia. In this case, immediately put
You must be registered to see links.
Or join the ranks
You must be registered to see links.
But identification difficulties exist only at first glance. If you take a closer look, you can understand that even with the help of a dynamic IP address, you can determine the country and the user's provider (and split it - with respect, curator of ZOG). Well, this already narrows the range of search. If this confuses you, then to falsify your ip server logs without the help of Tor "and in Ognelis there is
You must be registered to see links.
Forcing the server to believe that your true external IP address is just a proxy, and behind which the "real" ip is hidden (from an arbitrary range specified in the settings).
You must be registered to see links.
(HTTP cookies) is perhaps the most well-known public identification method on the Internet. It works as follows. When a user makes his first http-request to a site (for a reason, put
You must be registered to see links.
It receives cookies from the site - pieces of data that the browser saves as a file. This data is a kind of identification of the user on this site and is valid until the expiration date. As the name suggests, the expiration date tells the browser when to delete the cookies it receives. As soon as the shelf life has expired, the cookies are deleted. If the date is not specified, cookies live until the end of the session (for example, closing the browser). And, of course, they can be deleted at the user's request (that is, by handles). The most interesting example in terms of cookies is of course Google. Empire of Good issues cookies immediately until 2020 and sincerely hopes to use them to track user requests and transitions from site to site. There are other methods, for example, using so-called third-party cookies. The idea is as follows - when the user loads the page
You must be registered to see links.
Among other things, it contains components from other sites - for example
You must be registered to see links.
We are talking about pictures, banners and other elements in the spirit of java scripts. And these components may well persuade the browser to accept cookies with a long lifetime from
You must be registered to see links.
And if there are similar banners
You must be registered to see links.
There are many on various sites on the Internet, then each site with them will recognize your browser. And you can always track where the user went, and what interests him. Of course, it is not the special services that are interested in this, but the advertisers (we will not recall the cases when the FBI introduced its cookies into the computers of Americans). They need to know what kind of porn the user is faking on and what kind of lubricant he prefers - this is the advertising business.
How to deal with this - a competent cookie management policy in the browser. For Mozilla Firefox recommended
You must be registered to see links.
Addition.
You must be registered to see links.
(Local Shared Objects, flash cookies) - cookies based on flash. The main danger of flash cookies is that they are installed secretly, remove by standard means their browser is impossible and most users know little about them. You can fight them in Mozilla Firefox by installing the add-on
You must be registered to see links.
Do not forget, after installation, to rejoice at how shitty you have on your computer. But protection will be incomplete if Adobe is not banned Flash Player save LSO to HDD... To do this, go to the Adobe website on the page
You must be registered to see links.
On the "Global storage parameters" tab, reduce to a minimum the allowed amount of disk space for storing information and prevent third-party flash content from saving data to your computer. By the way, an interesting observation is connected with flash cookies. If you prohibit saving ordinary http-cookies in the Skype settings, then it quietly starts saving LSO every time you open the browser in the hope that no one will find out.
You must be registered to see links.
(web beacon, tracking bug, tracking pixel, pixel tag, 1 × 1 gif) - an object embedded in a web page or e-mail, invisible to the user, but allowing to determine whether or not the user has viewed this page / soap. Initially, web bugs were 1x1 pixels that were uploaded to a page or mail from a third-party site (remember the analogy with third-party cookies?). Nowadays, the matter is not limited to pixels alone - by web bugs we mean a whole range of various features that allow you to find the user (details in the links of the English Wikipedia). In html pages, web bugs are most often used to collect statistics on attendance (they are injected into lurk Google analytics and LiveInternet). Things are much more interesting in e-mail- using web bugs, you can not only determine which IP address opened the message, but also to whom it was forwarded later). Fighting them in Firefox
You must be registered to see links.
.You must be registered to see links.
This is the name of one of the client request headers in the HTTP protocol, which allows the server to determine from which page the user went to a given site. That is, if a transition was made from
You must be registered to see links.
You must be registered to see links.
That Big Brother will be aware of the user's sexual preferences. This problem in Mozilla Firefox is solved using
You must be registered to see links.
Unfortunately, this is not all. There are also cross-site requests - here http-referer and web-bugs strongly overlap. Let me explain with an example - let's say a user viewed a blog with an embedded YouTube video, then looked at friends' profiles on MySpace, and at the end ordered a book on Amazon. Attention! He has never visited Google's website, but Google already knows what kind of video he watched and in which blog, what friends he was interested in and what kind of books they would bring him. Remember that Google is watching everyone. Is always. The secret is that all of these sites have different Google components: the blog has a link to Google's YouTube, MySpace has Google Analytics traffic analytics, and Amazon has Google's DoubleClick advertising campaign. And be sure - all transitions are logged and compared with the most advanced statistical algorithms in order to unambiguously associate the data with you. I mean surname, name, patronymic. But don't think that Google is such a universal evil. He lives from targeted advertising and wants to know your interests. And not only him - all search engines sin this to the best of their ability. It's just that Google does it on a planetary scale, unlike Yandex. To block unnecessary requests, there is an add-on
You must be registered to see links.
.You must be registered to see links.
You can use the browser cache different ways... The easiest is with the ETag HTTP header. When the page is accessed, the server issues an ETag that the browser uses to cache the content. On subsequent requests, he sends this ETag to the server, which, thus, finds out who came to him. The best part is that even when you reload the page, ETag does not change the value and the server will still recognize you. It is treated with
You must be registered to see links.
.Generally,
You must be registered to see links.
You must be registered to see links.
They remove a lot of holes, with the help of which your browser becomes the one and only in the vastness of the world wide web. With NoScript, you can control JavaScript, Java, Silverlight, Flash (which knock like woodpeckers in the spring -
You must be registered to see links.
). Without them, it is impossible to guarantee the protection of the user from many attacks like XSS, CSRF and Clickjacking.
You must be registered to see links.
Yes, and the TCP protocol too. He will happily provide information about your operating system. The fact is that the TCP stack is configured differently in different OSes. And the router, as a rule, does not change the packet, but simply passes it on. The characteristics of TCP packets form their own digital signature fragment. And to recognize data about your OS, the easiest way is to use the utility
You must be registered to see links.
.Browser digital fingerprinting is a very interesting technology that allows
You must be registered to see links.
User's browser without any cookies. Simply with the help of information transmitted to the server - HTTP headers, presence / absence of cookies, java, javascripts, silverlight, browser plugins, etc. This is a kind of final boss, building a unique digital signature based on the above elements (and probably many others) described in the article
You must be registered to see links.
Moreover, the above test runs only on Pantoptclick - an open project created to protect users. And he uses a small part of the techniques described in the article, and at the same time it is very effective. The real algorithm can be more complicated and much (tens and hundreds of times) more efficient. There is a suspicion that it will not be used by advertisers in order to sniff their goods ... On Pantoptclick, it is possible to bring the uniqueness of your browser to 1 out of 50,000. However, you should take into account the following - if you disguise the browser so that nothing will be possible about know him, then among other browsers he will stand out as a man in a space suit in the center of a densely populated metropolis. One can try to disguise your assembly into something fairly typical with
You must be registered to see links.
But the main thing here is not to change the type of operating system. Remember - TCP reports it, and if it says that you have Linux, but disguised User Agent Switcher HTTP headers convince Windows, then congratulations - you've been found! Most likely, you are the only one on the Internet.
Search in Google and Yandex - if you look into the html-code of the Google search results page, you can make sure that all the results found are not just links. Each search result link contains an onmousedown method that causes the browser to take special action when the link is clicked. In this case, the transition to desired page occurs through a redirect to an intermediary address. That is, first, the browser goes to the Google server, and only after entering there, there is a transition to the desired page. The transition is carried out quickly enough, which is imperceptible on a wide channel. Meanwhile, Google gets statistics with information about what you were looking for and where you went as a result. Yandex, Yahu, and other search engines do the same. This can be counteracted by using client-side scripts in the browser that will render links in the correct format. Install the plugin for the Firefox add-on
You must be registered to see links.
And add the link cleaning scripts to the list for
You must be registered to see links.
You must be registered to see links.
This is the only way to fight. Even if you set up Google search so that it doesn't save your search history, it won't get you anywhere. However, the link can be opened in a new tab, this will bypass onmousedown and prevent Google from finding out the truth.
How to protect yourself from all this?
As you can see, literally everything knocks. First, you need to understand that any protection is not absolute and put up with it. Second, heed the advice in this article. Third, you can use
You must be registered to see links.
(I'll post an article about him over time). Fourthly - never, never use panels from Google, Yandex and others. It's not worth it - it's a giant hole into which everything that is possible goes, both about the history of search and about the computer as a whole. After all, you want only you to use your computer, not marketers, right? Fifth, use Firefox, Opera, or
You must be registered to see links.
But try to stay away from IE and Chrome. Sixth - check your browser
You must be registered to see links.
And most importantly, remember that the data that is being collected now will never go anywhere. They will forever remain in the cache of Google, Yandex, Wayback Machine and sooner or later will be processed. And can you guarantee that in the future (by the way, very close - read about Google's plans for 2020), the mathematical apparatus will not allow compiling a dossier for every Internet user and establishing soft but relentless surveillance for everyone? Even now, using an Android-based phone, you are losing your location and speed. Apart from absolutely all the information that you are looking for from him on the net. And this is just the beginning.
There is such an organization
You must be registered to see links.
That owns
You must be registered to see links.
Servers and manages everything on the Internet. ICANN servers
You must be registered to see links.
From all external IPs and this is the basis of the entire Internet. Who do you think
You must be registered to see links.
It always bothered me how obsessive Google adsense slipped contextual advertising depending on my old search queries. It seems that a lot of time has passed since the search, and the cookies and browser cache were cleared more than once, but the ads remained. How did they keep tracking me? It turns out that there are plenty of ways to do this.
A small preface
Identification, user tracking or simply web tracking means calculating and setting a unique identifier for each browser that visits a particular site. In general, initially it was not conceived by some kind of universal evil and, like everything, has a downside, that is, it is intended to be useful. For example, allow site owners to distinguish regular users from bots, or provide the ability to store user preferences and apply them on a subsequent visit. But at the same time given opportunity very much to the liking of the advertising industry. As you well know, cookies are one of the most popular ways to identify users. And they began to be actively used in the advertising industry since the mid-nineties.
Today, there are many ways to identify and spy on a user online. Initially, user tracking was invented in order to distinguish real user from the bot. Then advertising companies took advantage of this method. Let's consider the most common ways.
Cookies Is the oldest and most popular method of user identification. Stores short chunks of text data. On the user's side, an identifier (cookie) is set, which is requested on subsequent calls to the site. To block cookies, you can install the appropriate plugins in your browser, or use it in “incognito” mode.
Many do not clear cookies or are afraid to delete them (some are used to log in to the site).
Local Shared Objects
This mechanism is used to store user-side information in adobe flash. Unlike a cookie, it can store large amounts of information.
When setting up the browser, look for how to disable exactly flash cookies.
If you want anonymity on the network - do not install Adobe flash player.
Silverlight storage
The Silverlight platform is similar to Adobe flash. This is where Isolated Storage is used to store all user information.
Minus: It is not possible to remove unique identifiers through browser settings. Even if you use Incognito mode, clear your history and delete all cookies, information about you will still remain in the Silverlight store.
HTML5 and data storage
HTML5 uses:
- localStorage.
- File Api.
- Indexed DB.
The storage space can be overwhelming.
However, it is not entirely clear how to manually delete all user data from these storages.
Cached objects
For fast loading caching is ubiquitous. All objects from the visited site are written to the local cache. The cache lifetime is also written here (Expires header). When the site is accessed again, a local copy is loaded.
On the other hand, disabling caching can slow down the loading of site pages and JavaScript execution.
ETag and Last-Modified
To work correctly with the cached content of the pages, the server must inform the browser that the document has been updated. ETag and Last-Modified are used for this purpose.
ETag
First, with the cached page, the server passes the version tag. This version will be checked for correctness in the future. If the version of the tag matches the loaded page, the local copy is loaded, if the version has changed, it is loaded new page from the server.
This is somewhat similar to the operation of cookies, when the server stores an arbitrary value on the client side, so that it can be read again later.
Last-Modified
Last-Modified reports the date last change document.
To get rid of ETag and Last-Modified, you need to clear the cache. Clearing cookies and history won't help.
HTML5 AppCache
Application Cache allows you to save some part of the site so that it is available offline.
To delete data from this storage on some browsers, you need to delete the entire cache, on others - clear cookies and history.
SDCH dictionaries
Such dictionaries use the compressed data of the visited pages. Most sites today run on CMS, they have several repeating blocks for all pages (footer, sidebar, header). In order not to request these identical blocks each time, the server prepares an SDCH dictionary (compressed archive) for the client. Further, during subsequent calls to the pages of the site, the server refers to the data from this dictionary.
Such dictionaries can also be used to store unique user identifiers.
Browser fingerprints
No unique identifiers are set on the client side. The server takes a dataset from the browser environment and merges them:
- User-Agent - browser version, operating system installed extensions.
- Time on the client's computer.
- Information about the installed hardware on the computer. This can be found out through benchmarks and tests implemented in javaScript.
- Monitor resolution, browser window size.
- Installed fonts on the system + installed software on the computer (some programs correct the display of web pages, so you can easily identify them).
"Network" prints
You can also identify a user by structure local network, settings network protocols... This includes: ip-address, MAC-address, port numbers for outgoing and incoming TCP / IP connections, local IP (if the user is hidden behind a proxy).
Behavioral Analysis and Habits
Almost any user can be easily identified by their behavior. This includes: browsing history, mouse movements, frequency of button clicks, browser settings.
