362
Watching us or clickjacking for business
A few days ago looking for winter tires. Looking for in search results of Yandex. Went to the website watched. Nothing came up, I left the matter for later. Nothing filled, nothing anyone wrote (this is important).
Today I write in a personal message VC:
"You are interested in our product page.... We can help You... blah-blah-blah".
I was very surprised. How did they know it was me?
Began to examine the store's website. On the page, except jquery, I.metrics and google Analytics found a counter that sends requests to socgate.ru. Because I didn't fill, and jquery, Yandex and google is unlikely to be leaked the store, suspicions fell on socgate.ru.
IP domain: 46.4.58.141
On the same IP found: socfishing.ru
Main socfishing.ru reads:
At socgate.ru found a note user zenn (probably namesake), there are more technical details:
talk.pr-cy.ru/topic/8957-kak-rabotaet-opredelenie-stranitcy-polzovatel/?p=102653
Now the code is changed, to catch I couldn't. But 99% sure it's clickjacking (tyts).
When you visit the site for the first time the page is drawn transparent frame, the mouse is "stuck" authorize button in the VC or join the group. Then you have to "lead" not as ID 327812, but as "Ivan from Moscow, married with 2 children. The phone number....".
Scares the following:
— nothing prevents the same way (clickjacking) to de-anonymize the visitor in various dimensions, banditocratic, RTB, etc... In the end they will get not just a nameless user id, real name, contact details of the person. Gonna start calling "you came to our website but left without buying anything...";
— you can fully de-anonymize the person collecting the correspondence of nicks on forums/blogs and the name of the person. Perhaps it is already happening.
source: habrahabr.ru
Source: /users/1080