Skip to main content

Online Privacy (About gstatic.com and DoNotTrackMe)

There was a time when we use to get  a call from marketing companies selling blah-blah products and these calls were the last call we want to receive.
Then comes a National Do Not Call and we get a rid of these marketing calls.

But what about internet. Big internet marketing companies (like Google and others) whose business base is marketing and selling ads are tracking us. They track every site we visit, how much time we spend on each site, our search preference and based on state-of-art algorithms there robots decide what ads we will receive.

Google do the same thing through gstatic.com domain. If you do the packet trace when you do the browsing, you will find the significant traffic from gstatic.com although you haven't ask anything from that domain.

Document on gstatic.com which itself talk about Advertisement .

Will we wait for government DND type initiative or we will do something by own to protect us.
They are many browser extensions available freely in market to stop those sites to track you. Firstly, you should have a "AdBlock" or any other ad blocking tool in your browser and you should also look at "Do Not Track Me" and other similar extensions.



Note: This document is not complete and still need further modification and enhancement.


Popular posts from this blog

Flaw in ServerKeyExchange messages of TLS Protocol

Here we will discuss the flaw in the ServerKeyExchange messages of the TLS protocol which caused the Logjam attack over TLS while using Diffie-Hellman Key Exchange. Before SSLv3, we don't use to authenticate the ServerKeyExchange messages where server negotiates with client regarding usage of cipersuite and parameters. From onwards SSLv3, TLS send the signed message where it mention about parameters it will use but remain silent over ciphersuite. Or in other words, signed portion contains parameters but not contain information about ciphersuite the server will going to use. Now just to remind you, the difference between DH and DH-EXPORT is the size of parameters only. So how to use this flaw - If the server supports DH-EXPORT, an attacker (Men-in-the-Middle) can edit the negotiation sent by the client (even if client doesn't support DH-EXPORT), and replace the list of client supported ciphersuite with DH-EXPORT only. The server will in turn send back a

Identity PSK ( iPSK)

With the evolution of IoT (Internet of Things), devices that connect wirelessly have increased many folds. From webcams, Smartwatches, fitness bands, firestick, Alexa, Google Home, and many more.., everything is going wireless for connectivity and so does the security threat. The main concern with IoT devices is the unavailability of the full wireless protocol stack (and in the majority of devices, support of 802.1x is not available). So, previously we only have the WPA-PSK option for connecting the IoT devices.  In WPA*-PSK (WPA or WPA2) WLAN, a Pre-Shared Key (PSK) is configured and distributed to all the clients that connect to the WLAN. This leads to PSK leakage, and it can be accessible to unauthorized users (due to the nature of common PSK across all the devices).  Therefore, there was a need to provision unique PSK or Multiple PSK per SSID. Identity-PSKs are unique pre-shared keys created for clients/groups on the same WLAN. Features of iPSK:-   1.Unique PSK for individual Cli