#politics | Logs for 2021-03-13

« return
[10:22:40] <FatPhil> https://taibbi.substack.com
[10:22:41] <systemd> ^ 03The Sovietization of the American Press - TK News by Matt Taibbi
[13:51:11] <Bytram> Holy tracking URL, Batman!
[13:51:23] <Bytram> https://taibbi.substack.com
[13:51:24] <systemd> ^ 03The Sovietization of the American Press - TK News by Matt Taibbi ( https://taibbi.substack.com )
[13:51:31] <Bytram> =)
[14:28:03] <FatPhil> well, yeah, but it's only tracking me, and by you clicking on it, you're confusing it!
[14:28:42] <FatPhil> Adding more noise decreases the value of the signal.
[14:42:22] <Bytram> Umm, no? It's tracking you AND everyone you forward it to. Toss in some timestamps and a reasonable contact graft can be constructed. Remove the tracking part, and (presumably) become part of a much larger set -- you become less noticeable.
[14:45:10] <FatPhil> but it's told them you read ZH. how has that not decreased the accuracy of the information they have?
[14:45:32] <FatPhil> because that's not my tracking, that's ZH's tracking
[14:46:00] <FatPhil> this isn't criminal forensics, this is datamining, they're different pursuits.
[14:48:09] <FatPhil> When you visit the prostitute, and put some music on, which is the better outcome - they know the customer likes Boston, or they can't hear your monkey sounds?
[15:02:34] <Bytram> strawman?
[15:03:01] <Bytram> =yt why not both?
[15:03:02] <systemd> https://youtube.com - Sicko Mode or Mo Bamba? Why Not Both? (52; 14,010,524 views; πŸ‘578,375 πŸ‘Ž7,654)
[15:03:12] <Bytram> =yt why not both? taco
[15:03:13] <systemd> https://youtube.com - Old El Paso Hard and Soft Tacos - Little Girl (16; 1,540,002 views; πŸ‘7,314 πŸ‘Ž185)
[15:19:47] <Bytram> Also, "it's told them you read ZH" -- where/how? That link was to "taibbi.substack.com" (AFAIK, that's not ZH) And I never visited the link! I just pasted it here for the bot to resolve the URL for me.
[15:25:23] <FatPhil> if you don't follow a link, then no matter what level of tracking data is in it will track you, and therefore it doesn't matter how much tracking data is in the URL.
[15:53:43] <Bytram> agreed, but I see no reason to propagate such a link either, especially on out community. I make an effort to only push out clean links in our stories on the site.
[17:58:37] <chromas> ΒΏpor que no los dos?
[17:59:15] <chromas> Bytram: it's not ZH but the tracking part would tell them that's where the link came from
[17:59:41] <chromas> plus, this is irc, not a story
[17:59:52] * chromas gets Bytram's walker ;)
[18:34:52] <FatPhil> cheeky!
[18:37:05] <Bytram> chromas: FatPhil: So, what am I missing here? How can you tell it came from ZeroHedge? Is that UUECODEd or something?
[18:37:32] <chromas> He probably clicked it on a ZH article
[18:37:38] <Bytram> Specifically, from the: token=eyJ1c2VyX2lkIjoyNTM5NjYwLCJwb3N0X2lkIjozMzU2MzYxNywiXyI6IjZObWIrIiwiaWF0IjoxNjE1NTY1NzMxLCJleHAiOjE2MTU1NjkzMzEsImlzcyI6InB1Yi0xMDQyIiwic3ViIjoicG9zdC1yZWFjdGlvbiJ9.TLJr4vPUI8V3yHFtPJXo54RpkcRMvOinldD1plM0N58
[18:39:18] <FatPhil> chromas worked it out. I just copy and paste.
[18:39:42] <FatPhil> if you were to get the story 0.2s later, it wouldn't be fresh, so i need to optimise
[18:40:07] <Bytram> okaaau, but you knew it was from ZH, oh, because chromas *told* you?
[18:41:19] <chromas> substack would have a pretty good idea it's from zh because people clicking in from zh would have both the referer and that style of cgi token parameter
[18:42:07] <chromas> or the token has something encoded in it that lets substack know, assuming they have some sort of referral thing going on
[18:42:37] <chromas> like facebook always sticks a fbclid parameter onto whatever external links it shows
[18:43:06] <FatPhil> 20 fricken params
[18:43:44] <Bytram> Aha. I'm usually pretty good at picking up patterns in things and was wondering what I was not seeing there. So, the token=[[:anum:]]{208}
[18:44:27] <Bytram> I've seen the fpclid= before, yes.
[18:44:32] <Bytram> oops
[18:44:45] <Bytram> I've seen the fbclid= before, yes.
[18:45:23] <Bytram> looks like it
[18:45:36] <Bytram> is about time for me to get some breakfast
[18:45:44] <Bytram> thanks for the chat!
[20:12:45] <halibut> Interestingly enough, this particular token is just JSON encoded with base64. echo 'eyJ1c2<...>M0N58' | base64 -d will show you it contains user ID and timestamp information, but not referer [sic].
[20:13:20] <halibut> So, it could probably be used to infer the social impact FatPhil has by knowing that anybody following that link got it from FatPhil.
[20:14:21] <halibut> The user_id could probably refer to whomever originally posted it instead of FatPhil, but one of the other values in the token could, presumably, refer to some fingerprint that essentially means FatPhil.
[20:16:37] <halibut> Correction: The token up to the period is just JSON encoded as base64:
[20:16:42] <halibut> {"user_id":2539660,"post_id":33563617,"_":"6Nmb+","iat":1615565731,"exp":1615569331,"iss":"pub-1042","sub":"post-reaction"}
[20:17:21] <halibut> After the period, if you append an '=', decodes to a 32-byte value, possibly some key or tracking ID?
[20:17:37] <halibut> (or HMAC)
[20:21:05] <halibut> Probably enough information to encode where the link was originally found. From that, if anybody goes to that link with the correct referer, that means they ``know'' FatPhil (or, if they don't know their fingerprint is actually FatPhil, a fingerprint that essentially means the same thing) actually clicked on the link. If anybody goes to that link without the correct referer, they ``know'' FatPhil
[20:21:11] <halibut> shared the link with somebody who followed it. All that is likely useful signal to the trackers.
[20:21:14] <halibut> </paranoid_rant>
[22:03:47] <FatPhil> they can't link that to me, as that's ZH's link, not mine.
[22:06:41] <FatPhil> iat and exp are timestamps, obviously.
[22:08:47] <FatPhil> the funny thing is that b64 endcoding ensures you don't need to escape the data, but to be honest all it's doing is obfuscating the 7 actual parameters
[22:08:57] <FatPhil> none of which need escaping
[22:52:53] <halibut> I guess I did not understand where the link came from originally.
[22:53:15] <halibut> b64 is a convenient way to avoid worrying about escaping.
[22:55:13] <halibut> As an obfuscation, it is at least kind of effective. If the extra 32 bytes are some sort of MAC, then they need some escaping method guaranteed to reproduce bit-for-bit the original value, and URL-encoding does not necessarily do that, as ordering is not necessarily preserved. There are ways around that (e.g. always reorder alphabetically), but at that point b64 is probably as good as any.
[23:32:35] <Bytram> 2021-03-12 11:15:03 and 2021-03-12 12:15:03
[23:45:53] <halibut> I get 31 seconds, not 03 seconds, and that assumes the time stamps are UTC (they typically are) and then you converted to UTC-0400 (seems appropriate since I think you are on the east coast of the US).
[23:46:43] <halibut> Correction: UTC-0500, not UTC-0400