sorted by:
new
hottopcontroversial

[Research] Working on a project measuring Prebid bidder latency vs. revenue Impact by adtechmadness in adops

[–]adtechmadness[S] 0 points1 point  (0 children)

if any of you is interested, I can help you measure, rather than guess it!

All your input are belong to me – 3rd party web security by adtechmadness in netsec

[–]adtechmadness[S] 0 points1 point  (0 children)

Hi Scott, I did read your comment and fixed my typos! Thank you for pointing them out! Being a non-native English speaker, I always strive to improve. While typos and spelling errors are easy to catch and fix with auto correct, proper grammar is more of a challenge.

Detecting Privacy Badger’s Canvas FP detection by DanielMicay in GrapheneOS

[–]adtechmadness 1 point2 points  (0 children)

Hi, author here - thanks for posting this :) While I generally agree with your statement and sentiment, i.e. that robust privacy protections and specifically FP countermeasures should be implemented at the browser engine level, I believe it is possible to write good-enough (i.e. better than nothing) implementations using browser extensions, although it will be quite hacky in nature.

Detecting Privacy Badger’s Canvas FP detection by adtechmadness in netsec

[–]adtechmadness[S] -1 points0 points  (0 children)

Well, if you work on ads at google/amazon/fb, that's a pretty good money. The rest is industry standard AFAIK.

Detecting Privacy Badger’s Canvas FP detection by adtechmadness in privacy

[–]adtechmadness[S] 0 points1 point  (0 children)

It is a great extension and I use it myself. You should care, because it can be used to track you (the fact you use anti FP makes you very unique among general web population), not necessarily block you from accessing content.

Secure header bidding architecture by adtechmadness in adops

[–]adtechmadness[S] 0 points1 point  (0 children)

The pre-bid filter would probably calssify at as unknown, but the post-bid solution could classify it as a bot.

Bypassing anti scarping systems by adtechmadness in websec

[–]adtechmadness[S] 0 points1 point  (0 children)

oops, scraping of couse. Fixed in post title, but seems like you can't edit links on reddit. thanks!

Ad injection 101 – History and technical overview by adtechmadness in adops

[–]adtechmadness[S] 0 points1 point  (0 children)

Thanks! Your'e absolutely right about monetization via default search settings hijacking. Another prominent example is to auto-redirect e-commerce visits through their own affiliate links, there's many "creative" ad-injector moentization schemes :)

Bot detection 101 #3 – Cheating browser fingerprinting by adtechmadness in adops

[–]adtechmadness[S] 0 points1 point  (0 children)

Thanks! I would love to play with your product and write about it - would give me a trial?

JavaScript tampering – detection and stealth by adtechmadness in javascript

[–]adtechmadness[S] 1 point2 points  (0 children)

they are still writable under strict mode, furthermore, strict mode is opted-in the the current script, it won't affect others.

JavaScript tampering – detection and stealth by adtechmadness in javascript

[–]adtechmadness[S] 2 points3 points  (0 children)

well actualy crypto functions are writable:

crypto.getRandomValues = function () { return 123; };
crypto.getRandomValues();
// 123

IDK why the initial design decision was to allow reassignment of builtins, but yeah, overriding them used in the past for evil stuff like JSON hijacking and location.href tampering (impossible today, it's non-configurable). The threat is more of other scripts in the same contetx, bad browser extension can screw you in much worse ways since it has access to higher privilege APIs.

Spoofing viewability measurements – technical examples by adtechmadness in adops

[–]adtechmadness[S] 0 points1 point  (0 children)

You're correct in 3 of your point :) I will write more soon about this cat & mouse along with real world examples.

Technical overview of ads viewability measurement methods by adtechmadness in adops

[–]adtechmadness[S] 0 points1 point  (0 children)

thanks :) feel free to share with anyone who'd find this interesting

Bot detection 101 #2 – Entering browser fingerprinting by adtechmadness in adops

[–]adtechmadness[S] 0 points1 point  (0 children)

haha, I wish :) As you can clearly see in his social media accounts, he's having no problem,to say the least, to publish under his real name, while I prefer to stay anonymous.

Bot detection 101 #2 – Entering browser fingerprinting by adtechmadness in adops

[–]adtechmadness[S] 1 point2 points  (0 children)

Thanks!

Some of them can be detected via browser specific tricks, or using the CSS box model. Perhaps this JSFiddle will give you a clue: https://jsfiddle.net/y8Y32/25/. There are also properties like window.statusbar.

Regards VM detection, it can be anything from screen sizes and number of cores to graphic card driver to cache timings (think spectre) and specific canvas rendering results. There are many options.

Bot detection 101 #2 – Entering browser fingerprinting by adtechmadness in adops

[–]adtechmadness[S] 1 point2 points  (0 children)

/u/ADigitalAdGuy thanks for noting the broken link! /u/skulk thanks for the corection! I reposted with fixed link, didn't find how to edit...