检测“唯一"消息.匿名用户 [英] Detecting a "unique" anonymous user
问题描述
由于欺骗是微不足道的,因此将用户或请求标识为unique是 不可能 .
但是,有几种方法可以组合起来阻止作弊尝试并为用户提供准独特的状态.
我知道以下内容:
- IP地址-将每个访问者的IP地址存储在某种数据库中
- 可以伪造
- 多台计算机/用户可以使用相同的地址
- 具有动态IP地址的用户(某些ISP会向其发送信息)
- Cookie跟踪-为每个访问者存储一个cookie.没有它的访问者被认为是独特的"
- 可以伪造
- 可以通过浏览器阻止或清除Cookie
还有更多的方法来跟踪未经授权(未经登录,未经身份验证)的网站访问者吗?
实际上,您可以通过多种方法来检测唯一"用户.我们的营销朋友经常使用这些方法中的许多方法.如果您启用了Java,Flash等插件,则变得更加简单.
目前,我最喜欢的基于cookie的跟踪演示是 evercookie ( http://samy.pl/evercookie/).它通过多种存储机制创建一个永久" cookie,普通用户无法刷新,特别是使用:
- 标准HTTP Cookie
- 本地共享对象(Flash Cookies)
- Silverlight隔离存储
- 以RGB值存储cookie 自动生成的,强制缓存的PNG 使用HTML5 Canvas标签读取像素 (cookies)退出
- 在网络历史记录中存储cookie
- 在HTTP ETag中存储cookie
- 将cookie存储在Web缓存中
- window.name缓存
- Internet Explorer用户数据存储
- HTML5会话存储
- HTML5本地存储
- HTML5全局存储
- 通过SQLite的HTML5数据库存储
我不记得URL了,但是还有一个站点,它会根据您从网络浏览器中收集到的所有信息告诉您您是如何匿名"的:您已加载了哪些插件,什么版本,哪种语言,屏幕大小,...然后,您可以利用我之前讨论的插件(Flash,Java等)来找到有关用户的更多信息....................................................................................................................................................................................................................当我发现该页面向您显示您有多么独特"或也许有人知道»» 时,我实际上会看起来好像每个用户都具有独特的风格! >
-编辑-
找到了我正在谈论的页面: Panopticlick-浏览器的独特性和可追踪性" ./p>
它收集诸如用户代理,HTTP_ACCEPT标头,浏览器插件,时区,屏幕大小和深度,系统字体(通过Java?),Cookie等内容.
我的结果:您的浏览器指纹在到目前为止测试的1,221,154中似乎是唯一的.
It is impossible to identify a user or request as unique since duping is trivial.
However, there are a handful of methods that, combined, can hamper cheating attempts and give a user quasi-unique status.
I know of the following:
- IP Address - store the IP address of each visitor in a database of some sort
- Can be faked
- Multiple computers/users can have the same address
- Users with dynamic IP addresses (some ISP issue them)
- Cookie tracking - store a cookie per visitor. Visitors that don't have it are considered "unique"
- Can be faked
- Cookies can be blocked or cleared via browser
Are there more ways to track non-authorized (non-login, non-authentication) website visitors?
There are actually many ways you can detect a "unique" user. Many of these methods are used by our marketing friends. It get's even easier when you have plugins enabled such as Java, Flash etc.
Currently my favorite presentation of cookie based tracking is evercookie (http://samy.pl/evercookie/). It creates a "permanent" cookie via multiple storage mechanisms, the average user is not able to flush, specifically it uses:
- Standard HTTP Cookies
- Local Shared Objects (Flash Cookies)
- Silverlight Isolated Storage
- Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
- Storing cookies in Web History
- Storing cookies in HTTP ETags
- Storing cookies in Web cache
- window.name caching
- Internet Explorer userData storage
- HTML5 Session Storage
- HTML5 Local Storage
- HTML5 Global Storage
- HTML5 Database Storage via SQLite
I can't remember the URL, but there is also a site which tells you how "anonymous" you are based on everything it can gather from your web browser: What plugins you have loaded, what version, what language, screensize, ... Then you can leverage the plugins I was talking about earlier (Flash, Java, ...) to find out even more about the user. I'll edit this post when I find the page whcih showed you "how unique you are" or maybe somebody knows »» actually it looks as if every user is in a way unique!
--EDIT--
Found the page I was talking about: Panopticlick - "How Unique and trackable is your browser".
It collects stuff like User Agent, HTTP_ACCEPT headers, Browser Plugins, Time Zone, Screen Size and Depth, System Fonts (via Java?), Cookies...
My result: Your browser fingerprint appears to be unique among the 1,221,154 tested so far.
这篇关于检测“唯一"消息.匿名用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
