Hacker News new | past | comments | ask | show | jobs | submit login

> Are you're saying that sites will try to falsify who I'm visiting by redirecting my traffic?

By pretending to be you. Capturing your visit and replaying it. Tweaking details. Redirecting. Performing unseen requests in the background. Most notably, trying to override the tracking code by side-injecting their own to capture your identifying tokens (which is why you need an extension).

There are countermeasures to all the attacks and to some as yet unanticipated, but it takes a single integrated protocol that cryptographically verifies and compounds in each step from the request to the response.

And that's what I did.




> a single integrated protocol that cryptographically verifies and compounds in each step from the request to the response

Sounds expensive. Does it scale?


Horizontally scalable, but it's expensive in two ways. The first is that I put asymmetric encryption in at some steps where I could, arguably, have settled for symmetric encryption (which is much faster). My reasoning being that I don't want a single compromise to require me to rotate everyone's keys simultaneously.

Secondly it requires communication between the publisher and a tracking server. The expensive part would be placing those tracking servers as close to publishers as possible, meaning that wide physical distribution would be necessary for best performance.

But otherwise, no shared state is required between transactions. There are no sessions. Each request-response cycle can be handled independently of the others, so an arbitrary number of trackers in arbitrary locations are possible.

Information gathered by the tracking server is uniquely signed and sent to a classifying system which reassembles the records into an aggregate view of what happened. Notably, the classifier cannot forge transactions either.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: