How ads follow you around the internet

A video-version of How tracking pixels work by Vox: In this video, we explain how cookies work and what you should know about how they’re being used. And we get a little help from the man who invented them. Spot on “Finding Dory” analogy. One thing where they do go off a bit is that […]

Stealing Usernames, Passwords, and other (Personal) Data via Browsers and NPM Packages

👋 This post also got published on Medium. If you like it, please give it some love a clap over there. Late 2016, Stoyan Stefanov published “Oversharing with the browser’s autofill”. It’s an article on stealing personal data using the browsers their form autofill feature. The attack works by leveraging abusing the fact that autocompletion […]

Stealing your browser history with the W3C Ambient Light Sensor API

A few years ago window.getComputedStyle and the like where adjusted to return the default color of links, instead of the actual color on screen. Security and privacy were the driving factors behind that decision: by styling :visited links with a different color than their non-visited counterparts, a hacker could easily determine which sites a user […]

favicon.ico and redirect links as a privacy leak

Without your consent most major web platforms leak whether you are logged in. This allows any website to detect on which platforms you’re signed up. Since there are lots of platforms with specific demographics an attacker could reason about your personality, too. The attack works by loading in a website’s redirect script, with its favicon […]

How you can use Facebook to track your friends’ sleeping habits

“lastActiveTimes”: { “3443534”: 1456065265, “675631492”: 1456066386, “8657643”: 1456062331, “255277634”: 1456052450, “6423324”: 1456065173, “235323452”: 1456065096, “3265233223”: 1456066381, “2432885644”: 1456064016, “7464340313”: 1456062500 } In the HTML source code of Messenger.com you can find an object containing userids associated with timestamps of last activity – as shown above. Given this it’s really easy to scrape and combine this […]

Your Face is Big Data

Interesting project by Russian photographer Egor Tsvetkov in which he took photos of random, anonymous, people riding the subway, and then running them through a face recognition app named FindFace. The result: 70% of those photographed could be linked to one or social network profiles of ‘m, thus un-anonymizing them. End of anonymity: Identification of […]

Collusion – See who’s tracking you online

Collusion is an experimental add-on for Firefox and allows you to see all the third parties that are tracking your movements across the Web. It will show, in real time, how that data creates a spider-web of interaction between companies and other trackers. A neat demo/datavisualization is also available, in case you don’t want to […]