Chris,
please see a few comments inserted inline. Where I say 'you', I mean a
generic computer user, not you personally.
caution: boring-as-batsh*t detail follows :)
davidt
On Sun, Apr 02, 2017 at 11:30:27AM -0700, Chris Trask wrote:
> Here in the ancient land of dialup, Cloudfront is a significant
> problem in internet usage as it can sometimes download multi-megs of
> data into your machine, leaving you dead in the water. It's a system
> owned by Amazon that tracks your internet browsing. Basically, every
> time you visit a new website, data is sent to the system and stored.
Web tracking has been around for years (remember all the 'web-beacon'
emails?) 'Cookies' are stored on your system when you access a website
(with relevant info stored at the server), so they know who and where
you are without having to continually ask for this data. You implicitly
agree to accept the offered cookie (browser config), or you can turn
this off.
Cookies are required to allow things like shopping carts to work (as -
generally - any single HTTP transaction is standalone - and there is
nothing to tie one page access to the next otherwise). Turning cookies
off will stop this, and other 'experience' features, from working. Some
sites actively remind you about this.
> When using Firefox and other browsers, a link is initiated where they
> will download tiles onto your browser screen, sometimes stock images
> to click on, and sometimes images of sites you've visited recently.
Note that your browser is asking to download these things, either
directly or by following included references/links, so as far as your
system, and any firewalls, are concerned, these are legitimate accesses.
In the old Opera days, the tile images were usually an icon or a low-res
image of the page that is stored locally on your system along with some
context data. On opening a new tab before displaying the tiles there may
be an access to check to see if that context info is up to date. I
wonder if you told your browser to delete all browsing history on exit
if it cleared the tiles each time?
I guess it's possible that they do grab another image snapshot each time
these "glorious days of unlimited bandwidth", but again this will be
driven from your side, not theirs, and as stated in the post, you can
turn these off- this may be the best option!
> Amazon AWS and Google 1e100.net are still problems.
These are Content Delivery Networks (CDNs) belonging to the respective
organisations. Space and download from these servers are 'rented' to
customers. You may find if you block these domains, many other seemingly
quite unrelated things will stop working.
These are also geographically replicated, and the internet name service
(DNS) responses from the servers are tailored so that (hopefully) you
grab the content from something nearby, so it's faster for you, with
lower transmission costs for the CDN. I know we discussed these off
list- just reiterating for anyone else that may be interested.
> Using these two programs together with TCPView shows how
> Cloudfront and other intrusives get around firewalls. They are routing
> through ports 80 and 443, whereas my Proxomitron firewall only monitors
> port 8080 activity. Same with the native hosts file. Now I can block
> anything, though building up a list is tedious, especially when you
> first start using PeerBlock/Guardian.
Port 80 is the standard TCP port for HTTP. Likewise 443 for HTTPS. The
difference between the two is that with HTTPS, SSL is used to negotiate
an encrypted session between the server and your browser, and inside
this encrypted session is 'normal' HTTP communication, but a firewall
can't see anything but the IP addresses*.
Note that some AV software 'plugs' itself into the browser itself to be
able to scan the data outside of the encryption - and this one reason
why many products cause the host system to run like a complete pig.
TCP port 8080 is an old (like really OLD) port used for communication
with a local proxy server/download cache (local can mean 'at your ISP',
'on your network' or even a program running on your own machine). Not
many ISP's require a specific cache config in your browser these days
(they generally divert it transparently if needed), though they can send
you a proxy-auto-config (.pac or .wpad) file to cause your browser to
have certain cache settings without you knowing, if you allow it (auto
configuration in the proxy panel - usually switched on out of the box),
including proxy bypassing for certain targets.
To track all of this stuff, you need to be watching 80 & 443 at least
(not that 443 will yeild anything other than that there was a
conversation) *and maybe some certificate info.
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
|