[liberationtech] Targeted Tracking
liberationtech at lewman.us
liberationtech at lewman.us
Wed Jul 27 18:43:36 PDT 2011
On Wed, Jul 27, 2011 at 06:39:26PM -0400, r.deibert at utoronto.ca wrote 1.3K bytes in 39 lines about:
: The Information Warfare Monitor just posted a short security note on "Targeted Tracking", the link for which is here:
: http://www.infowar-monitor.net/2011/07/targeted-tracking/
:
: Our security analyst discovered some clever ways in which emails are being sent to targets presumably to collect vulnerability intelligence that can be used later on. Please pass along to Tibetan organizations that you may believe are recipients of this email.
As the former CTO of an online marketing firm, this is called "getting
to know your customer". The only thing suspicious in the email is the
dyndns.org domain. Any real marketer would use 2o7.net or some other
global tracking system, like google-analytics.com, to see who is hitting
their page, and what characteristics each user presents. These systems
automatically map the individual and their entire history to this single
email. In fact, the more targetted you want your email campaign, the
more it costs, on the order of US$0.001 per email sent (yes, that's less
than one cent).
I believe you when you say these techniques are also being used to
target people. However, at the same time, they've been used for the past
decade to gather intelligence about customers to better target ads
and features about a product.
I get emails from many organizations, non-profit and for-profit alike,
that are loaded with tracking links, javascript, and other techniques to
elucidate my browsing history, browser profile, etc. Some examples
sitting in my inbox right now are from CPJ, ACLU, and CIMA.
It seems simpler to me for an adversary to simply buy the needed data
from an ad network rather than go through all of the trouble of
spearfishing.
--
Andrew
pgp key: 0x74ED336B
More information about the liberationtech
mailing list