We are being watched or clickjacking for business
A few days ago I was looking for winter tires. Searched for Yandex search results. I went to the site, watched. Nothing came up, left the case for later. I did not fill in anything anywhere, did not write anything to anyone (this is important).
Today I am written in a personal message VK:
I was very surprised. How did they know that it was me?
Began to study the site of the store. On the page, besides jquery, metrics and analytics, google found a counter that sends requests to socgate.ru. Since I didn’t fill out anything, and jquery, Yandex and google would hardly have merged the information to the store, then suspicions fell on socgate.ru.
Domain IP: 46.4.58.141
On the same IP found: socfishing.ru
')
Home socfishing.ru reads:
According to socgate.ru I found a user zenn note (maybe the namesake), there are more technical details:
Now the code was changed, I could not catch it. But 99% sure that this is clickjacking ( tyts ).
When visiting the site for the first time, a transparent frame is drawn on the page, the authorization button in the VC or group entry is “pasted” to the mouse. Then you are already “led” by the site not as ID 327812, but as “Ivan Vasilievich from Moscow, married, 2 children. Phone number .... ".
Scares the following:
- nothing interferes in a similar way (clickjacking) to de-anonymize the visitor in various analytics, banner rolls, RTB, etc. ... As a result, they will receive not just a nameless user id, but real full names and contact details of the person. They will start calling soon "you visited our site, but you left without buying anything ...";
- it is possible to completely deanonymize a person by collecting the correspondence of nicknames on the forums / blogs and the name of the person. Perhaps this is already happening.
What similar services do you know? How to block their work on the client side?
UPD: Now on the service pages it gives out:
Today I am written in a personal message VK:
“You were interested in our product on the page…. We can help you ... blah blah blah. "
I was very surprised. How did they know that it was me?
Began to study the site of the store. On the page, besides jquery, metrics and analytics, google found a counter that sends requests to socgate.ru. Since I didn’t fill out anything, and jquery, Yandex and google would hardly have merged the information to the store, then suspicions fell on socgate.ru.
Domain IP: 46.4.58.141
On the same IP found: socfishing.ru
')
Home socfishing.ru reads:
According to socgate.ru I found a user zenn note (maybe the namesake), there are more technical details:
talk.pr-cy.ru/topic/8957-kak-rabotaet-opredelenie-stranitcy-polzovatel/?p=102653Now the code was changed, I could not catch it. But 99% sure that this is clickjacking ( tyts ).
When visiting the site for the first time, a transparent frame is drawn on the page, the authorization button in the VC or group entry is “pasted” to the mouse. Then you are already “led” by the site not as ID 327812, but as “Ivan Vasilievich from Moscow, married, 2 children. Phone number .... ".
Scares the following:
- nothing interferes in a similar way (clickjacking) to de-anonymize the visitor in various analytics, banner rolls, RTB, etc. ... As a result, they will receive not just a nameless user id, but real full names and contact details of the person. They will start calling soon "you visited our site, but you left without buying anything ...";
- it is possible to completely deanonymize a person by collecting the correspondence of nicknames on the forums / blogs and the name of the person. Perhaps this is already happening.
What similar services do you know? How to block their work on the client side?
UPD: Now on the service pages it gives out:
Source: https://habr.com/ru/post/238565/
All Articles