865
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 02 Apr 2025
865 points (97.4% liked)
Technology
72784 readers
2957 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
Good start. Now make a version that clicks each ad a random number of times from randomly generated IP addresses.
That's not how IP addresses work.
What if we use a Visual Basic UI to hack the IP address by netmask?
Yes, but this only works if you connect your VPN via 3 block chain proxies.
Make sure you're behind a 54mghz ram modem firewall
Is it from this? https://youtu.be/hkDD03yeLnU
I liked your post ❤️
Feed it SQL injections?
Have it form connections to all the other browsers using the extension and they all send a click.
Naw, it’s an MMORPG.
Is the botnet itself breaking the law or is breaking the law with a botnet breaking the law?
Okay okay, how about a counter that is updated with each user clicking on an ad, and the client can decide what they want to do with that information, totally not a botnet right?
peer networks are not illegal if the peers are consenting members.
It just changes the user agent instead...
You can fake your IP. There isnt really any authentication at the IP level. Just make a packet and overwite the IP field.
Edit: I was corrected. The TCP handshake requires you to have a valid IP you can respond from. So even though you can fake your IP, you can't use that to talk to most websites.
You need a TCP handshake prior to sending any http payload.
Oh yeah. Forgot about that.
I misremembered my internet class. Sucks that it made ya feel bad.
Edit: and you can put whatever you want as your source IP at the IP level. Though idk how modern security deals with that. I know I was taught that that was a way to DoS attack, so I imagine it's protected against.
If you just do it on your own computer, the packet will be already dropped by your own gateway. You can fake whichever address in your local subnet, but those are very likely remapped anyway in your gw to the one given by your ISP.
If you would have access to the switch port used by your ISP in the Internet exchange point (IX), you would have more liberties in choosing the IP.
Nothing is random
In bot cases like this you would have a proxy list that it “randomly” picks from
Yes that is what was proposed, you’re the only one who seems unclear on it
I said the end goal in my top level comment. I didn't go into methodology because I figured someone else could do it more eloquently; thank you for doing so.
It does if it reports the URL to click home somewhere and users can opt in to pull the list to auto click.
It would DDoS the ad servers. Muwhahahaa
Yes. That’s just what I want. An extension sending all ads served to me to a central location, so my fingerprint can be very easily indexed and stored on a definitely never hacked, leaked, or sold database.
And it would totally never get abused or hit a false positive.
Totally doable if this was a distributed service.
ok not randomly generated, but you know
Ad Networks use browser fingerprinting to detect duplicate clicks, which is tied to your hardware, system locale, installed fonts etc.
Sounds like a solvable problem
Chameleon add-on for Firefox, randomly rotates your browser, OS, screen size, timezone, device type, language, and other customizable parameters every x minutes.
I've set it to do so every 5 minutes, and to omit desktop & tablet as device types (else some websites display the respective page) and timezones (messed up 2FA).
I also disabled blackberry and windows phone from the manufacturer ID, that would have the opposite effect from obscuring me.
For the rest of it, it's working great.
Tell me how, then, because I don't know how to get around the font thing. Everybody's computer has a different set of fonts, and blocking browsers from seeing what fonts you have installed would help identify you even more.
A browser extension that limits webpages to default Windows fonts only would eliminate that factor from contributing to identification without flagging it as suspicious. A slightly more robust version could frequently cycle between multiple subsets of default Windows fonts. Say Windows comes with 100 fonts. So you could have thousands of configurations with different subsets of those.
"Just" remove a random 2.5% of the fonts, a different random set per request (context).
Just have everyone agree on a set of fonts to report and report those.
That would solve the anonymity problem but not the "obscure when requests are duplicates" problem
I think that reveals you aren't a "normal" request. Since "normal" user requests don't have that exact list of fonts. I'm anonymous, but aberrant.
That one browser which everyone hates despite it being the best adblocker and anti-surveillance browser out there randomizes your fingerprint.
which one
Brave