kakkksaknmdm's comments

Any AWS metric that doesnt have the network costs is useless. If anyone wants a dedicated unmetered server up to 20gbps i'd recommend datapacket.com.

It's not okay for Apple. It's a bait and switch tactic which Google uses that Apple is doing now. They created their App ecosystem on the basis of Ad's. Now they're strong arming developers to doing things their way.

It should not be okay, and must be protested. I hope that the government and Anti-trust lawsuits force apple to unbundle the Appstore. Apple has made enough money to recoup their investment starting from the first iPhone, and made incredible profit over that too.

Now laws should be made to ban appstores bundled with an operating system, and hardware.

Everyone should be allowed to install the app store they want with a flick of a button.

I can invest some money right now and become a local ISP. Unless I'm ready to sink $500 billion, I cannot be Google.

This is how big of a problem it is. I would recommend any founder to delay startups and let anti trust probes and hopefully splits happen. Otherwise what happened to Snap, will happen to you.

Why would I want to give out that part completely? Upcoming spec change has two important thing required that will allow it to work without JS or user interaction with the page. Obviously I'm not going to give it away before the spec is implemented and once it gains enough usage on the web that going back is impossible.

Have a read: https://www.ieee-security.org/TC/SP2019/papers/405.pdf

>Latest methods dont even use JavaScript. Just CSS is enough to identify every device uniquely but you'd need JS to send the data back.

Wait for the new CSS version over which our team had a watch. Wont require JS after it comes out. ;D

Also we know many exploits to bypass noscript if we wanted to (yes I know there are bounties for this, but we were paid much higher then any public bounty for this stuff)

This was used publicly in around 2016, stopped using around 2017 when research showed even better ways that cannot be spoofed: https://boingboing.net/2019/05/22/unique-device-fingerprints...

Ours was more advanced then this. As far as I've read the paper cited on the source above, they are like 30% of ours tech POC back in 2015.

This is what we knew of in 2015: https://boingboing.net/2019/05/22/unique-device-fingerprints... you can figure out where the industry is now yourself.

This is one that we knew of in 2015, and the public researchers just found out in 2019: https://boingboing.net/2019/05/22/unique-device-fingerprints...

Now we're waaay past this easy stuff to fake stuff. This now considered to be basic.

Look into distill networks, but their public product is very far behind what we did. Not sure if they have better tech to be used in future.

Yes to all. Have a look if you want for a bit of evidence: This was one of the 10's of possible techniques that could identify devices uniquely among billions https://boingboing.net/2019/05/22/unique-device-fingerprints...

However the author of the paper could not get it to work on low end devices, whereas we could. And we discovered this around 2015.

No, not this is some amateur work. State of the art techniques css fingerprinting can uniquely identify 1 device from billions.

Also this is nothing but getting dimension of screen and other browser attributes which are useless now. The current state of the art cannot be mitigated unless you put a 95% penalty on performance on the CSS engine AFAIK.

Large companies have fixed ad spend budgets. If they dont spend they lose. Doesn't matter if its lost to fraud.

Google, Facebook advertiser have more specific budgets, especially Facebook which has a large number of small advertisers.

Large adnetworks however get large advertisers with advertising budgets in tens of millions on average.

There is a larger pressure on Google and Facebook to be competitive then say smaller ad networks.

Also the techniques that I mention of are not in use in wild after the POC on millions of devices few months ago. They're a backup plan. Also not every adtech company has them. Maybe 2 or 3 at the most are at the cutting edge of tracking.

Google knows this very well. You really think Google couldn't counter fraud? Its a fake and manufactured outrage. No one wants to give away their "secret sauce" just yet.

Also right now many adtech companies are going bankrupt. Many larger one are waiting for smaller ones to be gone after which the landscape changes.

I worked in the ad industry. Every web-browser including brave, tor,safari is uniquely identifiable even on same hardware.

All the public computer researchers and browser vendors are years behind the techniques to fingerprint devices (probably 5+).

Canvas, WebGl etc are techniques of the past. There are much more advanced ones, than can identify devices with completely uniquely (on both desktop and mobile)

Also we know when users fake their fingerprints, and the algorithm respects the decision even though we know who the user is despite faking with all state of the art methods.

Latest methods dont even use JavaScript. Just CSS is enough to identify every device uniquely but you'd need JS to send the data back.

Every public researcher I've seen are given honeypot techniques that they consider state of the art even thought the industry is way ahead of the researchers.

>How's this polluting their telemetry? Also, how is some random UA NOT polluting their telemetry? It's a horrible excuse, that's all it is. It was fine and then suddenly it became "an issue". It's singling out them, SPECIFICALLY. Nice try.

Read the reply too. ;)

Wrong! Google deliberately blocked Edge, see the tweet here for proof: https://twitter.com/sinclairinator/status/113344983464663859...