A single page load on a basic font-download site triggered all of this:
Uncategorized
3
Posts
1
Posters
0
Views
-
A single page load on a basic font-download site triggered all of this:
- 29 separate ad-tech and tracking companies, each making multiple calls
- Google’s entire ad stack (DoubleClick, AdServices, GStatic, GVT beacons, FundingChoices, anti-fraud checks)
- Amazon’s ad marketplace (aax.amazon-adsystem.com)
- Header-bidding networks like PubMatic, AppNexus/Xandr, Rubicon/Magnite, SmartAdServer, OneTag
- Fingerprinting and identity-sync systems including Dotomi, LiveIntent, OnAudience, Evolution.ai, BTLabs
- Cross-site device matchers (Bidswitch, DeepIntent, CPE Dotomi)
- Telemetry/redirector nodes like 4DEX, Infolinks, Erne, Bumlam
- Behavioral profiling engines (bttrack.com)
- Dozens of DNS lookups in parallel just to build a single ad frame
- A fragile multi-stage real-time auction, where every bidder must respond for the ad to render
- Repeated fallbacks and retries, because the chain breaks constantly
- Aggressive layout shifts, “expanding shelf” ads, and late-loading frames caused by auction timing
- No functional relevance to the site, just monetization layers stacked on a simple font page
- Silent third-party data exposure across global trackers and brokers
- Nearly 2,400 logged network events for a page that should need maybe 20
- 29 separate ad-tech and tracking companies, each making multiple calls
-
A single page load on a basic font-download site triggered all of this:
- 29 separate ad-tech and tracking companies, each making multiple calls
- Google’s entire ad stack (DoubleClick, AdServices, GStatic, GVT beacons, FundingChoices, anti-fraud checks)
- Amazon’s ad marketplace (aax.amazon-adsystem.com)
- Header-bidding networks like PubMatic, AppNexus/Xandr, Rubicon/Magnite, SmartAdServer, OneTag
- Fingerprinting and identity-sync systems including Dotomi, LiveIntent, OnAudience, Evolution.ai, BTLabs
- Cross-site device matchers (Bidswitch, DeepIntent, CPE Dotomi)
- Telemetry/redirector nodes like 4DEX, Infolinks, Erne, Bumlam
- Behavioral profiling engines (bttrack.com)
- Dozens of DNS lookups in parallel just to build a single ad frame
- A fragile multi-stage real-time auction, where every bidder must respond for the ad to render
- Repeated fallbacks and retries, because the chain breaks constantly
- Aggressive layout shifts, “expanding shelf” ads, and late-loading frames caused by auction timing
- No functional relevance to the site, just monetization layers stacked on a simple font page
- Silent third-party data exposure across global trackers and brokers
- Nearly 2,400 logged network events for a page that should need maybe 20
I should call out bad actors. In this case it was https://befonts.com/
- 29 separate ad-tech and tracking companies, each making multiple calls
-
I should call out bad actors. In this case it was https://befonts.com/
I should also call out the good actors. Enabling private DNS with quad9 completely removed the issue.
Quad9 isn’t an ad blocker, but it is a security DNS. It quietly drops or refuses to resolve a bunch of shady ad-tech, tracking, and fingerprinting domains. On sites that rely on huge real-time ad auctions, breaking even a few of those domains makes the entire ad unit fail to load. So the page looks “clean,” not because Quad9 blocks ads, but because the ad supply chain collapses when the bad actors can’t resolve.
I think it's extra cool that a company doing a few correct things can undermine so much shit almost accidentally. Kudos to that team.
-
undefined oblomov@sociale.network shared this topic on
undefined muffa@puntarella.party shared this topic on
Gli ultimi otto messaggi ricevuti dalla Federazione
-
It is as gross to own a pretend human slave as it is to fuck a pretend sheep. Don't let your friends and family buy a Neo.
-
Il cuore batte spesso in solitaria.
Ma va bene così, fa parte di quello strano, assurdo gioco che è la vita. Una maestra severa.
-
Ben Werdmuller wrote a new perspective on RSS. It's great, just what we need. RSS is of the web, and is the simplest most obvious way to get all the twitter-like systems connected.
-
Making Glasses That Detect Smartglasses
[NullPxl]’s Ban-Rays concept is a wearable that detects when one is in the presence of camera-bearing smartglasses, such as Meta’s line of Ray-Bans. A project in progress, it’s currently focused on how to reliably perform detection without resorting to using a camera itself. Right now, it plays a well-known audio cue whenever it gets a hit.
Once software is nailed down, the device aims to be small enough to fit into glasses.
Currently, [NullPxl] is exploring two main methods of detection. The first takes advantage of the fact that image sensors in cameras act as tiny reflectors for IR. That means camera-toting smartglasses have an identifying feature, which can be sensed and measured. You can see a sample such reflection in the header image, up above.As mentioned, Ban-Rays eschews the idea of using a camera to perform this. [NullPxl] understandably feels that putting a camera on glasses in order to detect glasses with cameras doesn’t hold much water, conceptually.
The alternate approach is to project IR in a variety of wavelengths while sensing reflections with a photodiode. Initial tests show that scanning a pair of Meta smartglasses in this way does indeed look different from regular eyeglasses, but probably not enough to be conclusive on its own at the moment. That brings us to the second method being used: wireless activity.
Characterizing a device by its wireless activity turned out to be trickier than expected. At first, [NullPxl] aimed to simply watch for BLE (Bluetooth Low-Energy) advertisements coming from smartglasses, but these only seem to happen during pairing and power-up, and sometimes when the glasses are removed from the storage case. Clearly a bit more is going to be needed, but since these devices rely heavily on wireless communications there might yet be some way to actively query or otherwise characterize their activity.
This kind of project is something that is getting some interest. Here’s another smartglasses detector that seems to depend entirely on sniffing OUIs (Organizationally Unique Identifiers); an approach [NullPxl] suspects isn’t scalable due to address randomization in BLE. Clearly, a reliable approach is still in the works.
The increasing numbers of smartglasses raises questions about the impact of normalizing tech companies turning people into always-on recording devices. Of course, the average person is already being subtly recorded by a staggering number of hidden cameras. But at least it’s fairly obvious when an individual is recording you with a personal device like their phone. That may not be the case for much longer.
-
@Zambunny ti abbraccio virtualmente, per quel che vale ❤❤❤
-
@francina1909 Hey
-
In tutto l'ordine degli ingegneri non ne trovano uno che sappia far funzionare la PEC.
-
We report: all of the wind of these past few weeks has stripped the trees bare here. The ground is all mulch and rotting wood, and we are bound to get a foot stuck in there at some point tonight. With no leaves on the branches, and barely a breeze, the night is eerily quiet.
