User tracking without cookies

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • borked
    Totally Borked
    • Feb 2005
    • 6284

    #1

    User tracking without cookies

    Could be a real money spinner and/or invaluable way to track your vids ending up on the tubes (combine with quantum-x's open source method of adding frames to vids to track vids).

    Basically a fantastic way to track the vast majority of your users without using cookies, but simply their unique browser fingerprint....

    the science

    test yourself

    I've been "tracking" my JS users for 7 days (not 'my' users but those of sites that use my service) and I have to say it looks pretty remarkable to date with 9.2 million unique fingerprints and 38 million "tracked" fingerprints over that time period (8 million had to be 'tracked' using the python script to match signatures that had gone through updates (browser update or font addition/deletion) ). Disclaimer though, as I don't 'own' those users and so set cookies etc I can't say at all what my false positive/negative rate is.

    This could be *very* big indeed and could easily find its place in DRMing vids to find out who uploads stolen content (unless CDNs are used to distribute said content)... tag in an md5 hash of the browser fingerprint and check that off against member logins/hash's.

    I remember wanting a browser uniqueness possibility about 2 yrs ago but everything I tried was too unreliable - this however, with its bit scoring to give confidence values on uniqueness is a frikken gem

    If you can understand the reasoning and algorithms behind it. knock yourselves out! I have millions of hits but it's not my traffic, so I can't experiment with understanding if I'm dealing with false positives (tracking one unique user that is in fact multiple different people) or false negatives (scoring multiple uniques when in fact it's the same person). If you have something similar in traffic, then give it a go and compare with unique cookie IDs over a period to see if you've got a good method of server-side tracking...

    For coding work - hit me up on andy // borkedcoder // com
    (consider figuring out the email as test #1)



    All models are wrong, but some are useful. George E.P. Box. p202
  • Barefootsies
    Choice is an Illusion
    • Feb 2005
    • 42635

    #2
    Time will tell on this one. I would like to see some better tracking tools in regards to video.
    Should You Email Your Members?

    Link1 | Link2 | Link3

    Enough Said.

    "Would you rather live like a king for a year or like a prince forever?"

    Comment

    • borked
      Totally Borked
      • Feb 2005
      • 6284

      #3
      Originally posted by Barefootsies
      I would like to see some better tracking tools in regards to video.
      Quantum-x (the cool photog guy in paris) had a real gem of a script that could 'track' a video and strangely enough it was never adopted by anyone that I know of. Tag his gem with this one and you can pinpoint who (which member) is/was responsible for leaking content.

      It does however require direct server-to-client interaction so CDNs are out, unless one of the good guys in CDN start to offer this as an 'add-on'.
      Log the member and unique fingerprint and server up the content DRMd with that data....
      Last edited by borked; 05-18-2010, 01:29 PM.

      For coding work - hit me up on andy // borkedcoder // com
      (consider figuring out the email as test #1)



      All models are wrong, but some are useful. George E.P. Box. p202

      Comment

      • ShellyCrash
        Confirmed User
        • Jun 2004
        • 6708

        #4
        This is interesting but I need to dig into it more. I don't really look at the advantages from a content site perspective, but from a sponsor program / affiliate perspective I agree that cookies are becoming more and more an unreliable way to track surfers.

        People wipe their cookies more and more frequently, and with the dating model sometimes users convert days, weeks, even months out. I'm doing some pretty cool things with the sales tracking on swurve so our affiliate backend isn't dependant on cookies to give webmasters credit for sales.

        Coming out of beta soon so don't want to go into too much detail but hit me up on ICQ if you want to discuss.

        Start making money with the hottest hookup site!
        up to $55 PPS or up to 75% Revshare
        ICQ 196766477

        Comment

        • borked
          Totally Borked
          • Feb 2005
          • 6284

          #5
          Originally posted by ShellyCrash
          ...but from a sponsor program / affiliate perspective ...
          bingo

          I'm not at all familiar with swurve link?), but I'm 100% all for thinking outside the box and it looks like your program is doing just that

          For coding work - hit me up on andy // borkedcoder // com
          (consider figuring out the email as test #1)



          All models are wrong, but some are useful. George E.P. Box. p202

          Comment

          • ShellyCrash
            Confirmed User
            • Jun 2004
            • 6708

            #6
            Trying to get you on ICQ but it says you're not online. I'm @ 196766477

            Start making money with the hottest hookup site!
            up to $55 PPS or up to 75% Revshare
            ICQ 196766477

            Comment

            • ShellyCrash
              Confirmed User
              • Jun 2004
              • 6708

              #7
              Also on a side note for the content guys out there, Adobe was in Vegas at Internext in Jan saying they were coming out with some really awesome new content protection. Just throwing that out there to you guys as well.

              Start making money with the hottest hookup site!
              up to $55 PPS or up to 75% Revshare
              ICQ 196766477

              Comment

              • TheDA
                Confirmed User
                • May 2006
                • 4665

                #8
                "Your browser fingerprint appears to be comparable with another 12,285 fingerprints among the 940,561 tested so far."
                Last edited by TheDA; 05-18-2010, 02:13 PM.
                Sharleen Spiteri - 1989 - In The Ass

                Comment

                • BIGTYMER
                  Junior Achiever
                  • Nov 2004
                  • 17066

                  #9
                  That is pritty interesting to say the least.

                  Comment

                  • borked
                    Totally Borked
                    • Feb 2005
                    • 6284

                    #10
                    Theda - I guess you had noscript installed....
                    Nothing is 100% and noscript does a good job of being very restrictive on everything. This is gotten around by s simple login requiring java or JavaScript activated dnd then you're fine


                    Fuck I hate browsing on s phone .... As my Internet went titsup during an interesting icq convo I went to the phone. But this tiny thing was mexnt for one thing only and that's talking not typing!!

                    For coding work - hit me up on andy // borkedcoder // com
                    (consider figuring out the email as test #1)



                    All models are wrong, but some are useful. George E.P. Box. p202

                    Comment

                    • rowan
                      Too lazy to set a custom title
                      • Mar 2002
                      • 17393

                      #11
                      Your browser fingerprint appears to be unique among the 944,853 tested so far.

                      Interesting... I've been using something similar (or maybe the same - haven't read the entire article yet) to calculate uniques from logs that don't include an IP address, but do include all request headers.

                      Comment

                      • TheDA
                        Confirmed User
                        • May 2006
                        • 4665

                        #12
                        Originally posted by borked
                        Theda - I guess you had noscript installed....
                        Nothing is 100% and noscript does a good job of being very restrictive on everything. This is gotten around by s simple login requiring java or JavaScript activated dnd then you're fine


                        Fuck I hate browsing on s phone .... As my Internet went titsup during an interesting icq convo I went to the phone. But this tiny thing was mexnt for one thing only and that's talking not typing!!
                        Yes I do, but I had to 'allow' eff to run the test.
                        Last edited by TheDA; 05-18-2010, 03:11 PM.
                        Sharleen Spiteri - 1989 - In The Ass

                        Comment

                        • rowan
                          Too lazy to set a custom title
                          • Mar 2002
                          • 17393

                          #13
                          BTW... this makes my anonymous proxy less useful! LOL

                          Although it does strip and replace the user agent...

                          Comment

                          • AdultSoftwareSolutions
                            Confirmed User
                            • Mar 2009
                            • 193

                            #14
                            I was reading this the other day. Interesting stuff.

                            For those of you who are curious, what it does is query the browser to find out the surfer's agent tag, fonts installed, flash / java version, etc. From there it combines all that info. The chances of each system having exactly the same thing installed is pretty rare. The question remains is it rare enough to be commercially viable.
                            Adult Software Solutions (ICQ 559884738)
                            PHP, MySQL, Flash, Actionscript, Java, Wowza, CMS, Tube, VOD, CRM, Dating, Social Networks, Paysites, TGPs, Directories and more.
                            If you can think it I can build it.

                            Comment

                            • LoveSandra
                              So Fucking Banned
                              • Aug 2008
                              • 10551

                              #15
                              Originally posted by ShellyCrash
                              Trying to get you on ICQ but it says you're not online. I'm @ 196766477

                              Comment

                              • BestXXXPorn
                                Confirmed User
                                • Jun 2009
                                • 2277

                                #16
                                Originally posted by rowan
                                Your browser fingerprint appears to be unique among the 944,853 tested so far.

                                Interesting... I've been using something similar (or maybe the same - haven't read the entire article yet) to calculate uniques from logs that don't include an IP address, but do include all request headers.
                                This is WAY not accurate enough to even be considered a replacement for cookies...

                                The largest diff in these sets of info is going to be the installed system fonts... That means every single layman user that never adds fonts is going to fall into some rather large buckets. Not to mention... I just installed a font and now I'm not even in the same bucket...

                                Serving DRM content... well if it's using DRM in the first place it would have to be cracked to be reused... or capped, or whatever... in which case your unique code would also be destroyed. Except this unique code isn't really unique... far from it... and all the user would have to do is install a single font or remove one to become a different "user"... Unless you plan on logging every single request with IP and browser signature... but even then they can change who they are by installing a font...
                                ICQ: 258-202-811 | Email: eric{at}bestxxxporn.com

                                Comment

                                • TheDA
                                  Confirmed User
                                  • May 2006
                                  • 4665

                                  #17
                                  Originally posted by LoveSandra
                                  What the fuck has that got to do with anything? Fuck all as usual!
                                  Sharleen Spiteri - 1989 - In The Ass

                                  Comment

                                  • BestXXXPorn
                                    Confirmed User
                                    • Jun 2009
                                    • 2277

                                    #18
                                    Originally posted by TheDA
                                    What the fuck has that got to do with anything? Fuck all as usual!
                                    Hahhaa you know I've seen the damn random smiley post many places and this is proof positive it's a bot. It's just selecting a random post and replying with a message generic enough to fit ALMOST any post. Key word being "ALMOST"
                                    ICQ: 258-202-811 | Email: eric{at}bestxxxporn.com

                                    Comment

                                    • ShellyCrash
                                      Confirmed User
                                      • Jun 2004
                                      • 6708

                                      #19
                                      Originally posted by AdultSoftwareSolutions
                                      For those of you who are curious, what it does is query the browser to find out the surfer's agent tag, fonts installed, flash / java version, etc. From there it combines all that info. The chances of each system having exactly the same thing installed is pretty rare. The question remains is it rare enough to be commercially viable.
                                      Not at the level where it could replace cookies- BUT- in time, possibly.

                                      Also, again coming from a community background, I see high potential to use this to identify fraud. Not only could you use this to identify people like nigerian scammers, but maybe could use it to identify chargeback customers down the line.

                                      Again, the technologly doesn't seem to be there yet, but I see alot of potential in it.

                                      Start making money with the hottest hookup site!
                                      up to $55 PPS or up to 75% Revshare
                                      ICQ 196766477

                                      Comment

                                      • CYF
                                        Coupon Guru
                                        • Mar 2009
                                        • 10973

                                        #20
                                        Your browser fingerprint appears to be unique among the 948,773 tested so far.

                                        Currently, we estimate that your browser has a fingerprint that conveys at least 19.86 bits of identifying information.
                                        Webmaster Coupons Coupons and discounts for hosting, domains, SSL Certs, and more!
                                        AmeriNOC Coupons | Certified Hosting Coupons | Hosting Coupons | Domain Name Coupons

                                        Comment

                                        • ProG
                                          Confirmed User
                                          • Apr 2009
                                          • 1319

                                          #21
                                          I like the idea but I'm struggling to think of a use for it other than Google Analytics using it to track surfing habits to target ads based on your fingerprint lol.
                                          History will be kind to me for I intend to write it.

                                          Comment

                                          • rowan
                                            Too lazy to set a custom title
                                            • Mar 2002
                                            • 17393

                                            #22
                                            Originally posted by BestXXXPorn
                                            This is WAY not accurate enough to even be considered a replacement for cookies...

                                            The largest diff in these sets of info is going to be the installed system fonts... That means every single layman user that never adds fonts is going to fall into some rather large buckets. Not to mention... I just installed a font and now I'm not even in the same bucket...
                                            Did you even read the article? Their algorithm is still capable of identifying, with a low false positive rate, a computer that has made a minor change such as adding a font.

                                            Comment

                                            • rowan
                                              Too lazy to set a custom title
                                              • Mar 2002
                                              • 17393

                                              #23
                                              ^ In addition, to track theft of content you don't need the ID to be unique for an indefinite/long period, since their unique ID is detected at the time they download the customised movie, which is then stored in a database along with their member account name. If that unique ID shows up in 2 years time on a tube then you'll know which account it originally came from... even if the thief has purchased a new computer since.

                                              Comment

                                              • ottopottomouse
                                                She is ugly, bad luck.
                                                • Jan 2010
                                                • 13177

                                                #24
                                                My firefox result gives a huge list of plugins but for internet explorer its much less.

                                                The main thing seems to be the nine million fonts i've got though.
                                                ↑ see post ↑
                                                13101

                                                Comment

                                                • SmokeyTheBear
                                                  ►SouthOfHeaven
                                                  • Jun 2004
                                                  • 28609

                                                  #25
                                                  Originally posted by ProG
                                                  I like the idea but I'm struggling to think of a use for it other than Google Analytics using it to track surfing habits to target ads based on your fingerprint lol.
                                                  theres lots of different things you can do, lets say you own a tubesite, after a surfer has drained a certain amount of bw you could make the ads twice as big for that surfer.

                                                  but the idea in general is tracking a user from your end instead of letting a user tell you who they are by the cookie on a users computer.
                                                  hatisblack at yahoo.com

                                                  Comment

                                                  • Davy
                                                    Confirmed User
                                                    • Apr 2006
                                                    • 4323

                                                    #26
                                                    Your browser fingerprint appears to be unique among the 985,161 tested so far.

                                                    Currently, we estimate that your browser has a fingerprint that conveys at least 19.91 bits of identifying information.
                                                    Interesting.

                                                    Where would you store all that info? In a database?
                                                    ---
                                                    ICQ 14-76-98 <-- I don't use this at all

                                                    Comment

                                                    • Davy
                                                      Confirmed User
                                                      • Apr 2006
                                                      • 4323

                                                      #27
                                                      Originally posted by ShellyCrash
                                                      but from a sponsor program / affiliate perspective
                                                      Most programs would be more than happy to loose the tracking and instead make the sale on their own.
                                                      ---
                                                      ICQ 14-76-98 <-- I don't use this at all

                                                      Comment

                                                      • ProG
                                                        Confirmed User
                                                        • Apr 2009
                                                        • 1319

                                                        #28
                                                        Originally posted by SmokeyTheBear
                                                        theres lots of different things you can do, lets say you own a tubesite, after a surfer has drained a certain amount of bw you could make the ads twice as big for that surfer.

                                                        but the idea in general is tracking a user from your end instead of letting a user tell you who they are by the cookie on a users computer.
                                                        well I think you could accomplish that by simply tracking usage by IP address or username, or random keys.

                                                        I thought the first idea about embedding the fingerprint into a video to track it back to an IP address or username was feasible but still you would have to maintain the database of fingerprint to IP relations and hope that the fingerprint isn't removed in a re-encode.

                                                        Then if you found a video with one of your members fingerprints on a tube site- what would you do with that information? Are you going to ban the fingerprint from your server (requiring you to check every fingerprint on entrance)? Do you send them threatening emails about stealing content? heh

                                                        I still think it's a great idea to track users without dependency on an IP address it's just a matter of why you would need to do that. Affiliate tracking via fingerprint?
                                                        History will be kind to me for I intend to write it.

                                                        Comment

                                                        • ShellyCrash
                                                          Confirmed User
                                                          • Jun 2004
                                                          • 6708

                                                          #29
                                                          Originally posted by Davy
                                                          Most programs would be more than happy to loose the tracking and instead make the sale on their own.
                                                          I don't want to trash anyone so I will just say from my perspective- there is a long term benefit to taking additional measures to ensure your affiliates get credit for all the revenue they generate for your business. Fatter paychecks = happier webmasters & happy webmasters will continue to send you traffic.

                                                          Start making money with the hottest hookup site!
                                                          up to $55 PPS or up to 75% Revshare
                                                          ICQ 196766477

                                                          Comment

                                                          • borked
                                                            Totally Borked
                                                            • Feb 2005
                                                            • 6284

                                                            #30
                                                            Originally posted by ProG
                                                            well I think you could accomplish that by simply tracking usage by IP address or username, or random keys.
                                                            My IP changes daily at 9am, so tracking me visiting your tube site via that is useless. Never seen a tube site requiring username to view vids.... so username tracking is out. Random keys? you mean in the URL, then that's only session based so may as well track via sessions.

                                                            The rest depends on how you want to tackle your own problems and why you would want to do that. My reason for eg is on a PPV site, 10 minutes are offered free with an email signup. Abuse goes that people use their 10 mins, signup with a new email, get another 10 mins etc. Cookie tracking for this is useless cos the people scamming/abusing the system know how to delete cookies so this is a great way to say "Oy no, you've already signed up (if the number of bits of information reliably tells you it's a very very good chance their fingerprint is unique.

                                                            Each to their own, and for those that would find this beneficial will find this benefical, which is why I threw it out there. Smokey's example for eg I'd never thought of, as was Shelly's. Those that have no idea have no reason to be bothered by it as they don't have such problems/come across them yet

                                                            For coding work - hit me up on andy // borkedcoder // com
                                                            (consider figuring out the email as test #1)



                                                            All models are wrong, but some are useful. George E.P. Box. p202

                                                            Comment

                                                            • borked
                                                              Totally Borked
                                                              • Feb 2005
                                                              • 6284

                                                              #31
                                                              Originally posted by Davy
                                                              Interesting.

                                                              Where would you store all that info? In a database?
                                                              In it's simplest form, you would take all those paramters of the fingerprint and make an hash of it (eg MD5: 32-digit character string) and store that. On subsequent visits, compare the hash value of the user against the hashes in the db.

                                                              This however kills all possibility of detecting the same user coming back after eg they installed/remnoved 1 font, or ones that updated their browser, since the algorithm to extrapolate/interpolate (not sure which is the best to define) the difference between fingerprints to link one fingerprint to another due to slight changes would lose all information by hashing it. I think for the most part the hash structure is the least database and CPU intensive with the caveat it will give more false negatives due to users updating browser/font/anything.

                                                              For coding work - hit me up on andy // borkedcoder // com
                                                              (consider figuring out the email as test #1)



                                                              All models are wrong, but some are useful. George E.P. Box. p202

                                                              Comment

                                                              • borked
                                                                Totally Borked
                                                                • Feb 2005
                                                                • 6284

                                                                #32
                                                                In any case, I think the chance of identifying a false positive - ie saying someone is not unique/already identified when in fact this is their first visit - (the most damaging) is far far less than coming across a false negative - ie saying someone is unique when they've already been there before) - (meaning they got in under the barrier undetected)

                                                                Without something like this (for whatever reason you would want it), a false negative is totally acceptable, but a false positive isn't since you would be "restricting" a unique user incorrectly.

                                                                Unless of course, you're shelly who would die in shame of letting a false negative through, since the affiliate that originally sent that user wouldn't get credit. Still, for an aff programme, combining this with traditional methods could end up with something quasi-bulletproof

                                                                For coding work - hit me up on andy // borkedcoder // com
                                                                (consider figuring out the email as test #1)



                                                                All models are wrong, but some are useful. George E.P. Box. p202

                                                                Comment

                                                                Working...