Tracking a user in Internet is carried out by many agencies and also by many advertisers to provide accurate advertisements. Recently an advanced method of tracking a user has been revealed.
Users may think that deleting the history and also wiping the cookies from the system will make them untraceable and also not able to build the websites they have visited. It is a completely false statement if you assume.
All the activities made will leave a trace somewhere at sometime and now a security researcher has indicated a way by which a user can be tracked and the sites he / she visited before can be listed.
The tracking can be done due to the improper implementation or loophole in the #HSTS (HTTP Strict Transport Security) this protocol has been in use after it has been proved that HTTPS traffic can be intercepted through SSL Striping technique.
This HSTS is nothing but forcing the browser only to use #HTTPS and not #HTTP protocol. It also looks for the certificate issuer instead of the certificate provided by the site since any site can has a in-built root certificate.
Here comes the problem due to this action the history will be managed even when the user deletes the history and also it uses the #Persistent cookies will not even delete even the user deletes the cookies available.
The security researcher demonstrated this by developing a site which will allow the users to check their recently viewed sites even after wiping the history and cookies.
This method will not work if the user has installed the #HTTPS Everywhere plugin in the browser and also the tool tracks the traffic only to HSTS protected sites and not others since they uses #Supercookie.
The researcher developed a site and named is as #Sniffy and you can test by viewing this site and remember it only shows the HSTS protected sites and not all sites.
P.S : The post is to create awareness and not to be misused.
No comments:
Post a Comment