commit 4c67df8cca70c69615ee42ec3119806198112203 Author: hiro hiro@torproject.org Date: Wed Feb 27 17:01:50 2019 +0100
Update tracking --- patterns/tracking-protection.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/patterns/tracking-protection.md b/patterns/tracking-protection.md index 77b357a..45938b3 100644 --- a/patterns/tracking-protection.md +++ b/patterns/tracking-protection.md @@ -8,9 +8,18 @@ Categories:
*Avoid the tracking of visitors of websites.*
-## Threat model ## +Websites collect an incredible amount of information about their visitors via attributes of the browser. This information is shared with third parties and saved in logs. This information can also be involuntarily leaked when accessed by malicious actors or used by advertising and tracking network across the web to reduce the anonymity set or identify individual users. + +Individual users are tracked via a technique known as *fingerprinting*. Fingerprinting means accessing device features and behaviors in order to differentiate one user from another. In this case the attacker uses any information that is provided automatically by the browser or implements mechanism involving some specific browser interactions, using JavaScript or cookie-like identifier storage, just to name a few example.
+There are also some more advanced fingerprinting techniques trying to capture users' behaviors. + +## Threat model ##
+- An attacker wants to access user configuration details (i.e. language settings) +- An attacker wants to access information about device and hardware characteristics +- An attacker wants to access information about the operating system and version +- An attacker wants to profile user behaviors by recording their in-site or across-site (network) activity
## User story ##
tor-commits@lists.torproject.org