Ad-blocking Companies " Block " Unblockable Tracker

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Ad-blocking companies have figured out a way to block the unblockable – a pernicious tracker technique that hides advertising networks from your browser in plain sight. Whenever your browser visits a website supporting third-party advertisers, the site shows it tracking pixels or IFRAME tags that cause it to make extra requests. These requests go to ad companies that use various techniques to identify your browser and track it across multiple sites.

Ad-blocking companies are in a constant battle with the advertisers to block these trackers. The latest weapon in this fight exploits a long-established web concept called a CNAME record. CNAME stands for Canonical Name. It’s an alias that the owner of a domain (say, example.com) can use to describe a subdomain (like innocent.example.com). You could set the CNAME for ads.example.com to resolve to an entirely different domain, like dedicated-tracker.eviladcompany.com. When your browser reaches out to innocent.example.com, it’ll send a query to the name server, which will look up the second domain instead. That’s a problem for people that don’t want advertisers to track them. Ad-blocking software tends to trust cookies sent by the same domain that you’re visiting. If innocent.example.com sends you a cookie, it could contain session information that helps the site remember who you are. Blocking it would break the site’s functionality. So companies that use CNAMEs to hide third-party trackers behind their own domains can fool ad blockers into waving through cookies from their advertising friends.
Those companies reportedly include French marketing outfit Eulerian, which according to a post on ad blocker uBlock Origin’s GitHub site used this ‘unblockable tracker’ approach on a subdomain at liberation.fr, pointing to liberation.eulerian.net. Any company trying to seem innocuous would use a random subdomain – in Eulerian’s case, f7ds.liberation.fr. Sneaky. According to another poster who searched for the inline code, the company is doing it on several other sites, too.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top