2

since the 9th of Sep some events (about 0,01 %) and their dimensions were unreadable by permutation. Like the event "VideoView" becomes to "eiVwoediV".

Does anybody have the same problem or anybody know why? The analytics is implemented via Google Tag Manager.

Thanks for advice!

cqueiser
  • 49
  • 6
  • While I know the word "permutation" I do not understand it's application here. Can you give an example of what problem you are experiencing ? – Eike Pierstorff Sep 16 '15 at 10:34
  • I'm sorry. Yes of course. Event before the 9th: VideoView and sometimes since the 9th: eiVwoediV and other variants – cqueiser Sep 16 '15 at 10:35
  • I haven't seen that before, but are you customising any code to provide event parameters? – nyuen Sep 16 '15 at 14:46
  • @nyuen Me too! Totally strange. I'm only pushing some variables (about 18) to the DataLayer. – cqueiser Sep 16 '15 at 15:56
  • Yesterday Events: 2.866.942 and 26 of them became like i said before. – cqueiser Sep 16 '15 at 16:00
  • Looks like at least for the example you provided, the name "VideoView" is being reversed, with other permutations, but I would think that with such a small number, you should just ignore it. Could have been someone doing some testing. – nyuen Sep 16 '15 at 16:03
  • Thanks @nyuen, i will watch this behaviour a little bit longer...but it's strange i can't explain these permutations :-/ – cqueiser Sep 16 '15 at 21:30
  • 4
    Related / possible duplicate: http://stackoverflow.com/questions/32572264/what-might-be-shufflling-my-query-string-parameters-constructed-in-javascript – m90 Sep 23 '15 at 15:00
  • *WOOOOW* Great! Thank you @m90 :-D – cqueiser Sep 24 '15 at 15:38

2 Answers2

5

I am Tomas and I am a Software Engineer at CLIQZ.

We are a German Startup who are integrating search and innovative privacy features into browsers. This is indeed a result of our Anti Tracking feature. A similar question was also asked on reddit and it was already answered by our head of PR, so I will just quote the same answer here:

CLIQZ Anti Tracking is not designed to block tracking in general, but rather only the tracking of individual users — which we consider a violation of our users’ privacy, and therefore inappropriate. Unlike other anti-tracking systems, ours doesn’t block the signals completely; thus, website owners are able to get data for legitimate uses, such as counting visits.

To prevent the identification of users (e.g. by using JavaScript hashes), CLIQZ Anti Tracking does in fact permute strings. . Whenever a new tracker shows up in our data, our system initially treats it as a user-identifying tracker and changes the string to preventively protect our users. Our system uses so called k-anonymity techniques. If it sees the same string for an event with multiple users showing up independently over the course of several days, it puts it on a whitelist of legitimate, non-identifying trackers. Once a tracker is whitelisted, it remains unmodified and website-owners see the original string. In other words, CLIQZ Anti Tracking limits the functionality of legitimate trackers only temporarily. As soon as it becomes clear that a tracker doesn’t violate our user’s privacy, everything works as usual. Privacy is extremely important to us and we believe this technology is necessary to protect our users from snooping.

I hope this helps.

Community
  • 1
  • 1
tomas
  • 963
  • 6
  • 19
  • Can you give more technical details? Why isn't this listed as a feature on the product page? https://addons.mozilla.org/en-us/firefox/addon/cliqz/ – David Pattison Oct 19 '15 at 17:14
  • @DavidPattison Exactly what technical details are you interested in? A paper describing the technology will soon be published and I will make sure to share it here, but until then if you have more specific questions, I would be happy to forward them to my colleagues who are working on this feature. It is not yet listed as a feature, because we were just testing it with a small percentage of our users just to collect some feedback. This feature will soon be pushed to all our users and listed as a feature on our site. – tomas Oct 21 '15 at 11:29
  • @DavidPattison Here is the whitepaper with a description of CLIQZ anti-tracking and how to comply with the technology: https://cliqz.com/content/tracking/cliqz_whitepaper_tracking.pdf The feature will be released to all of our users in March and the scientific paper will be published at the [WWW conference](http://www2016.ca/) in April. Once it's made public, I can also post a link here if you're interested. – tomas Feb 12 '16 at 19:09
3

We caught it! We luckily had a known customer who created such requests and we phoned him!

We nailed it down to one Firefox plugin:

https://addons.mozilla.org/de/firefox/addon/cliqz/

We could reproduce the described behaviour by installing the plugin. The strange thing is, that the add-on has not been modified recently, regarding to addon.mozilla.org.

The malicious version we installed is version 1.0.37, and can be installed from https://s3.amazonaws.com/cdncliqz/update/Cliqz.1.0.37.xpi It seems, they tested some anti-tracker functionality. Probably they uploaded some new rules on 2015-09-09.

Thank you for four days of searching.

M. Röder
  • 119
  • 4
  • 1
    See also: https://www.reddit.com/r/javascript/comments/3lxg26/parameters_of_a_get_request_get_shuffled/cve0ac4 – BlaM Oct 09 '15 at 10:35