D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OT surveillance

 

On Thu, 27 Jun 2013, Philip Hudson wrote:

On 27 Jun, 2013, at 11:22 am, Gordon Henderson wrote:

http://url.drogon.net/1j

One of the obvious-when-you-think-about-it-but-I-never-had things coming out of the Prism furore was that URL shorteners give "data brokers" yet another chance to sell our information without our knowledge or consent.

drogon.net (that is, Gordon), of course, completely anonymizes or discards information its URL shortener might glean. Right, Gordon?

It's an off-the-shelf bit of freeware. See:

http://url.drogon.net/

then

http://lilurl.sourceforge.net/

for the code, etc.

but it really is nothing more than a database lookup. The "url" part isn't even a hash, it's a sequential number, so this is 1j, the next will be 1k, and so on.

mysql> describe lil_urls;
+-------+--------------+------+-----+-------------------+-------+
| Field | Type         | Null | Key | Default           | Extra |
+-------+--------------+------+-----+-------------------+-------+
| id | varchar(255) | NO | PRI | | | | url | text | YES | | NULL | | | date | timestamp | NO | | CURRENT_TIMESTAMP | | +-------+--------------+------+-----+-------------------+-------+
3 rows in set (0.01 sec)

mysql> select * from lil_urls where id='1j';
+----+---------------------------------------------------------------------------------------------------------+---------------------+
| id | url                                                                           
                          | date                |
+----+---------------------------------------------------------------------------------------------------------+---------------------+
| 1j | http://www.lightbluetouchpaper.org/2012/09/10/chip-and-skim-cloning-emv-cards-with-the-pre-play-attack/ | 2013-06-27 11:22:15 | +----+---------------------------------------------------------------------------------------------------------+---------------------+
1 row in set (0.00 sec)

The code itself boils down to:

                $location = $lilurl->get_url($id);

                if ( $location != -1 )
                {
                        header('Location: '.$location);
                }
                else
                {
                        $msg = '<p class="error">Sorry, but that url isn\'t in our 
database.</p>';
                }

which is about as sinple as it gets.




But it seems that everyone wants your URLs - try putting a url into twitter and they automatically will apply their shortener to it - which is obviously logged (with twitter) before they send the redirect - I've seen some system 3 deep in "tiny" URLs before you get to the right one. Tweet a link to a facebook page that links to a yahoo site that links to the bbc news site.. (for example)

No-wonder the web is so slow these days...

Then there were (are? I don't know) the ones that launch the target page in an iframe with their own header box to "like", "bookmark" it, etc.

Everyone is after your data these days, and if I wanted to, I could log the click-throughs, your IP address, set cookies and so on, but frankly, lifes too short.

Number of clicks so-far:

  gordon @ unicorn: fgrep /1j access_log | wc -l
  1

And that was from a Win8 user by the looks of the user agent string.

Like wired.com? 14 trackers on the front page. (Run Ghostery)

Want to see more? Install the collusion plugin in Firefox.

And so on.

(Did I say something about the web being slow? - loading the wired page requires your browser to load up scripts that poke data back to their motherships - all 14 of them while the page is loading. No-wonder we need 4GB of RAM and multi-core CPUs just to read a web page these days)

Everyone is tracking you these days, not just the spooks.

Gordon

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq