Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Referer privacy & profiling
Posted by: jungsonn
Date: November 03, 2006 03:53AM

Searching with Google is not an exciting issue, nonetheless it could give away some interesting things as you know. Profiling users through google is pretty easy. There is a free stat script called BBCLONE, i use it myself, and thought about google it. then you can see which sites are using it, and you can see their stats. So far so good, the interesting part comes with the build in feature that it shows your referer, so if they search through google it shows the search query that was made before entering the site.

check this as an example:

http://djdarkman.extra.hu/bbclone/show_detailed.php?lng=en

and try to hover above the google referer links, you can see the searchquery. This way u can profile Torrent searchers, Porn surfers, etc.

The most striking issue i came accros, is that in my country (NL) there are providers who give an internetaccount to customers, with their "lastname" as subdomain on which they surf, like: "lastname.internetprovider.nl"

So with that hostname which BBCLONE also logs, we could Google on that, and see where that person went next, or posted on forums, and maybe have a myspace, or some community site where we could find out their email, name, phone, and even address, and thereby being profiled.

Imagine someone could build a bot that follows all those trails and logs everything into a vector, profile by profile...

This seems too easy.

Paranoid? maybe, but what could the implications be?
maybe not now, but in the near future?

A method against it is the FireFox "noreferer" type extension, this removes the referer on the Url, when right-clicked.

Any ideas or other methods: welcome!

Options: ReplyQuote
Re: Referer privacy & profiling
Posted by: rsnake
Date: November 03, 2006 11:07AM

I've used similar tactics to find out things about companies' internal networks. It's pretty trivially easy actually. :) You're not paranoid. It's a useful tool.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Referer privacy & profiling
Posted by: Obbin
Date: December 09, 2006 01:10PM

Interesting, most people isn't even aware that referer exists.

Googledork:
inurl:"bbclone/show_detailed.php"



Edited 1 time(s). Last edit at 12/09/2006 02:17PM by Obbin.

Options: ReplyQuote
Re: Referer privacy & profiling
Posted by: ntp
Date: December 23, 2006 07:26PM

I use PrefBar (Firefox Add-on), which really just modifies about:config -> network.http.sendRefererHeader

it's also a nice replacement to SwitchProxy

Options: ReplyQuote
Re: Referer privacy & profiling
Posted by: rsnake
Date: December 24, 2006 03:24PM

I looked for "PrefBar" and "Pref Bar" on addons.firefox.org... no dice. URL?

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Referer privacy & profiling
Posted by: birdie
Date: December 24, 2006 05:24PM

God, I've never thought of that, that everyone can see what I searched on google before entering their site.

Options: ReplyQuote
Re: Referer privacy & profiling
Posted by: rsnake
Date: December 25, 2006 12:46AM

Yup, worse yet, they can tell what links you've clicked on when you enter, by fetching the same URL you went to and using Jeremiah's CSS hack I can actually tell what other links you've clicked on from the search engine.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Referer privacy & profiling
Posted by: id
Date: December 25, 2006 01:03AM

yeah, what's up with the wookie pr0n?

-id

Options: ReplyQuote
Re: Referer privacy & profiling
Posted by: ntp
Date: December 25, 2006 04:19AM

rsnake Wrote:
-------------------------------------------------------
> I looked for "PrefBar" and "Pref Bar" on
> addons.firefox.org... no dice. URL?

http://prefbar.mozdev.org

Options: ReplyQuote
Re: Referer privacy & profiling
Posted by: kishord
Date: January 15, 2007 12:46AM

I have been using sitemeter http://www.sitemeter.com/ on my blog for quite some time.

http://wasjournal.blogspot.com/

It shows similar information like referer, country and location, entry page, exit page etc.
I can therefore track my visitors easily.

For people like me who don't own a domain of their own, its a nice to have tool.

If every site on the internet makes its server logs public, then you can just search for an IP address and you will see all the sites that the user visited.

In such situation, just blocking referer may not be sufficient.

Options: ReplyQuote


Sorry, only registered users may post in this forum.