Anonymity on the web is virtually impossible. Pseudonymity is what you get. This point is illustrated here.
[...]Some users configure their web browsers to block cookies entirely or least for certain websites (like banner providers). They’re attempting to protect their privacy, imagine that. Anyway, there seems to be a way to track users with Basic Auth instead of cookies.[...]
Embedding an identifiers into a web site is not hard. Basic authentication credentials are one way to accomplish this. Inserting an identifier into the links of dynamically generated pages is another.
For example, instead of <a href=”http://www.d-kriptik.com/nopage.html”>, which is generic, you could use something like <a href=”http://www.d-kriptik.com/12345/nopage.html”>, where “123456″ is an identifier generated and embedded into links when someone requests a generic page that has no such identifier embedded in the request. Most web bulletin boards do something like this. Amazon does this too.
However, depending on your purposes (and traffic), you don’t need to be so creative. Just watching the usage of a web site without any sort of embedded identifiers will often reveal this level of detail as well.
Anyway, I really enjoy reading Jeremiah Grossman’s blog and RSnake’s blog. Great stuff.
-
These kids understand looking the part.
Teen #1: Hey, man, I think we should get our important stuff laminated. No one ever questions lamination.
Teen #2: Yeah, I could get my hall pass and be at a club and the bouncer would let me in.
Teen #1: Yeah, because of the lamination.
-
Finally, remember this?
Everyone thought the doors were incredibly cool. Oh, and they were. Upon entering a secure area (that is, anywhere except the lobby), one simply waved his RFID-enabled access card across the sensor and the doors slid open almost instantly. When leaving an area, motion detectors automatically opened up the doors. The only thing that was missing was the cool “whoosh” noise and an access panel that could be shot with a phaser to permanently seal or, depending on the plot, automatically open the door. Despite that flaw, the doors just felt secure.
That is, until one of G.R.G.’s colleagues had an idea. He grabbed one of those bank-branded folding yardsticks from the freebie table and headed on over to one of the security doors. He slipped the yardstick right through where the sliding doors met and the motion detector promptly noticed the yardstick and opened the door. He had unfettered access to the entire building thanks to a free folding yardstick.
It always makes me laugh.
[...] about « Anon web, looking part, door [...]