Per-origin UIDs can easily be correlated, by using the IP address as you
say. The IP address (further qualified by other headers such as the UA
string) only has to remain constant for a few hours while the subject is
linked using the set of collected UIDs. A database of UIDs is assembled (all
of which are globally unique with a multi-year expiry). It is trivial to
correlate them, with a low probability of fuzziness from NAT IP sharing, and
must happen on a massive scale.
Also, there are other ways to stop this kind of tracking, without the
wholesale deletion of cookies.
-----Original Message-----
From: Brian Behlendorf
[mailto: ]
Sent: 06 October 2015 17:23
To: Mike O'Neill
< >
Cc: 'ProjectVRM list'
< >
Subject: RE: [projectvrm] adblock sells out
On Tue, 6 Oct 2015, Mike O'Neill wrote:
This means that people maybe unaware when tracking behaviour is
undetected. Already Privacy Badger by design does not detect tracking
that uses first-party cookies, and these are just as capable in
communicating people's web activities to third-parties.
But those first-party cookies can't be correlated across sites, which is
the day trade of the third-party trackers and where the leaks come from.
That is, NYTimes might share its first-party-cookie-based clickstream logs
with a third party, but that third party could not correlate that person
at another location (aside from IP address), and could not be used to
tailor ads on a third-party site to a "NYTimes reader". That makes the
third party data mavens much less valuable.
You won't be able to ban first-party tracking unless you turned off
cookies (and thus authenticated sessions) entirely and prevented sites
from keeping their own access logs. Good luck with that.
Brian
Archive powered by MHonArc 2.6.19.