There is that famous technical interview question that goes: what happens behind the scenes when you type in a domain name and press enter?
-
There is that famous technical interview question that goes: what happens behind the scenes when you type in a domain name and press enter? The intention is you talk all about resolving DNS of the host, TCP things and HTTP etc.
A more truthful answer would include:
- Your email address is sent to launch darkly to get applicable feature flags.
- A gigabyte of data is logged to DataDog
- Details about the way you moved your mouse are sent to segment.io
- A bunch of telemetry is sent to Sentry.
- Ads are injected from Facebook.
- Metrics are recorded to Hubspot.
- Page renders in browser.@SecureOwl Followed by:
- Malicious ad fingerprints your browser and runs a zero day exploit.
- Your AWS, GitHub, and npm credentials are exfiltrated within seconds.
- Within 5 hours you are triaging a widespread supply chain attack that started with you typing in a domain name and pressing enter. -
R relay@relay.infosec.exchange shared this topic
-
There is that famous technical interview question that goes: what happens behind the scenes when you type in a domain name and press enter? The intention is you talk all about resolving DNS of the host, TCP things and HTTP etc.
A more truthful answer would include:
- Your email address is sent to launch darkly to get applicable feature flags.
- A gigabyte of data is logged to DataDog
- Details about the way you moved your mouse are sent to segment.io
- A bunch of telemetry is sent to Sentry.
- Ads are injected from Facebook.
- Metrics are recorded to Hubspot.
- Page renders in browser.Well ... I don't know if that is "more truthful"
Yes, that's true for many websites - though in some cases only after the page has been rendered, not before - but it certainly doesn't apply to every domain name or website. Not by a long shot.
I'm in favor of raising awareness among internet users, but I'm against going overboard and painting a bleak picture. That's more likely to lead to resignation than to a change in behavior in my opinion.
-
There is that famous technical interview question that goes: what happens behind the scenes when you type in a domain name and press enter? The intention is you talk all about resolving DNS of the host, TCP things and HTTP etc.
A more truthful answer would include:
- Your email address is sent to launch darkly to get applicable feature flags.
- A gigabyte of data is logged to DataDog
- Details about the way you moved your mouse are sent to segment.io
- A bunch of telemetry is sent to Sentry.
- Ads are injected from Facebook.
- Metrics are recorded to Hubspot.
- Page renders in browser.I forgot to add that none of this can happen until Cloudflare gets to decide you are a worthy human for some reason
-
I forgot to add that none of this can happen until Cloudflare gets to decide you are a worthy human for some reason
@SecureOwl that's after the TPM decides your hardware is still blessed and the HDMI equipment grants you permission to observe pixels displayed on the screen.
-
There is that famous technical interview question that goes: what happens behind the scenes when you type in a domain name and press enter? The intention is you talk all about resolving DNS of the host, TCP things and HTTP etc.
A more truthful answer would include:
- Your email address is sent to launch darkly to get applicable feature flags.
- A gigabyte of data is logged to DataDog
- Details about the way you moved your mouse are sent to segment.io
- A bunch of telemetry is sent to Sentry.
- Ads are injected from Facebook.
- Metrics are recorded to Hubspot.
- Page renders in browser.@SecureOwl You forgot "Cloudflare delays everything by a further 30s to make sure you're not a bot" (so that the site doesn't waste time tracking and pushing ads to non-humans!)
-
R relay@relay.mycrowd.ca shared this topic
-
@SecureOwl Don't forget the full google search on each partial domain, character-by-character as you type, with all the ad and promoted link bids that entails.
@AMS @SecureOwl Plus the predicted keypresses, and comparison with previous "keypress sessions"!
-
There is that famous technical interview question that goes: what happens behind the scenes when you type in a domain name and press enter? The intention is you talk all about resolving DNS of the host, TCP things and HTTP etc.
A more truthful answer would include:
- Your email address is sent to launch darkly to get applicable feature flags.
- A gigabyte of data is logged to DataDog
- Details about the way you moved your mouse are sent to segment.io
- A bunch of telemetry is sent to Sentry.
- Ads are injected from Facebook.
- Metrics are recorded to Hubspot.
- Page renders in browser.@SecureOwl Type in a domain name and press enter *into what*?
-
There is that famous technical interview question that goes: what happens behind the scenes when you type in a domain name and press enter? The intention is you talk all about resolving DNS of the host, TCP things and HTTP etc.
A more truthful answer would include:
- Your email address is sent to launch darkly to get applicable feature flags.
- A gigabyte of data is logged to DataDog
- Details about the way you moved your mouse are sent to segment.io
- A bunch of telemetry is sent to Sentry.
- Ads are injected from Facebook.
- Metrics are recorded to Hubspot.
- Page renders in browser."Yes, interviewer, when I press enter, uBlock Origin intercepts the request and gets to work filtering ad and tracking sites like google-analytics.com."
Interviewer: "Do you realize this is a Google interview?"
-
There is that famous technical interview question that goes: what happens behind the scenes when you type in a domain name and press enter? The intention is you talk all about resolving DNS of the host, TCP things and HTTP etc.
A more truthful answer would include:
- Your email address is sent to launch darkly to get applicable feature flags.
- A gigabyte of data is logged to DataDog
- Details about the way you moved your mouse are sent to segment.io
- A bunch of telemetry is sent to Sentry.
- Ads are injected from Facebook.
- Metrics are recorded to Hubspot.
- Page renders in browser.@SecureOwl Haha …
Page renders in browser.
As if! First a metric shit-ton of external JS libraries are pulled, then the needed CSS styles are compiled on-the-fly locally in the client, causing the client to stall all connections, then the page gives an “application error” because your client by default denies local storage and cookies.
-
"Yes, interviewer, when I press enter, uBlock Origin intercepts the request and gets to work filtering ad and tracking sites like google-analytics.com."
Interviewer: "Do you realize this is a Google interview?"
@generalx @SecureOwl Probably fine. They want you to drink their corporate kool aid, not the consumer kool aid they distribute widely.
-
@generalx @SecureOwl Probably fine. They want you to drink their corporate kool aid, not the consumer kool aid they distribute widely.
Wouldn't the corporate koolaid be the justification of Google Analytics and how my salary depends on it? To ignore the internet hype around tracking and privacy? To become an analytics evangelist and see tracking as a powerful utility unlocking shareholder value?
-
P pixelate@tweesecake.social shared this topic
