←back to thread

Everyone knows your location: tracking myself down through in-app ads

(timsh.org)
1957 points apokryptein | 1 comments | 02 Feb 25 17:07 UTC | HN request time: 0s | source
Show context
theptip ◴[02 Feb 25 17:58 UTC] No.42910331[source]
> Why do they need to know my screen brightness, memory amount, current volume and if I'm wearing headphones?

This is clearly adding entropy to de-anonymize users between apps, rather than to add specificity to ad bids.

replies(9): >>42910433 #>>42910476 #>>42910497 #>>42910702 #>>42914420 #>>42915971 #>>42916080 #>>42919652 #>>42937487 #
jmward01 ◴[02 Feb 25 18:17 UTC] No.42910476[source]
It would be amazing if you could build and send fake profiles of this information to create fake browser fingerprints and help track the trackers. Similarly, creating a lot of random noise here may help hide the true signal, or at least make their job a lot harder.
replies(1): >>42910540 #
nickburns ◴[02 Feb 25 18:24 UTC] No.42910540[source]
Unfortunately fingerprinting prevention/resistance tactics become a readily identifiable signal unto themselves. I.e., the 'random noise' becomes fingerprintable if not widely utilized.

Everyone would need to be generating the same 'random noise' for any such tactics to be truly effective.

replies(2): >>42910643 #>>42913074 #
jmward01 ◴[02 Feb 25 18:37 UTC] No.42910643[source]
A sufficient number of people would need to, not everyone. And if I were the only one then tracking companies wouldn't adjust for just me. Basically, if this were to catch on then ad trackers wouldn't adjust until there was enough traffic for it to work. Also, that doesn't negate the ability to use this to create fake credentials that aids in tracking ads back to their source.
replies(1): >>42912335 #
sebastiennight ◴[02 Feb 25 22:07 UTC] No.42912335[source]
They don't need to adjust.

Here's a real-life example: You show up alone at the airport with a full-face mask and gray coveralls. You are perfectly hidden. But you are the only such hidden person, and there is still old cam footage of you in the airport parking lot, putting on the clothes. The surveillance team can let you act anonymous all you want. They still know who you are, because your disguise IS the unique fingerprint.

Now the scenario you're shooting for here is:

10 people are now walking around the airport in full-face masks and gray coveralls. You think, "well now they DO NOT know if it's ME, or some terrorist, or some random other guy from HN!"

But really, they still have this super-specific fingerprint (there are still less than 1 person in a million with this disguise) and all they need is ONE identifying characteristic (you're taller than the other masked people, maybe) to know who's who.

They didn't need to adjust their system one bit.

replies(3): >>42912878 #>>42913991 #>>42914311 #
1. jmward01 ◴[02 Feb 25 23:13 UTC] No.42912878[source]
Swapping fingerprint details is different than your example since it happens immediately and out of view. You could change fingerprints very often/create a new set for every browser tab. Additionally, as I pointed out before, they won't adjust until there is enough usage and when there is enough usage then the random settings are hard to distinguish because it isn't 1 in 1m. I get that they will keep trying to track down things that make browsing specific, but that is what updates are for. We need to at least make it hard.