[ubuntu-uk] Websites and your PC hardware details
Bruno Girin
brunogirin at gmail.com
Sun Feb 3 16:00:34 UTC 2013
On 3 February 2013 14:55, Byte Soup <bytesoup at gmail.com> wrote:
>
> On Feb 3, 2013 10:53 AM, "Simon Greenwood" <sfgreenwood at gmail.com> wrote:
> >
> >
> >
> >
> > On 3 February 2013 10:34, Byte Soup <bytesoup at gmail.com> wrote:
> >>
> >> oops! I posted the wrong link, it was from a related link at the bottom
> of that page
> >>
> >> http://m.bbc.co.uk/news/technology-21058994
> >>
> >>
> >
> > That's almost certainly specfically related to Windows as Windows is the
> only OS that I'm aware that binds its licencing to machine components. The
> article is far too vague (and was factually incorrect but was corrected) to
> really say anything concrete about the phenomenon but the screenshot
> indicates that they were having issues with some Blizzard games, so it's
> probably a DRM issue with game clients rather than browsers.
> >
>
> That's what I was thinking it is a vague article. I just wondered what
> kind of information our browsers gave up about us when running Linux
>
It's device fingerprinting [1] in action. A large UK bank I work for uses
this as one attribute that is fed to their fraud engine. It's a combination
of server-side and client-side code (the client side being JavaScript) that
is run every time one of their customers connect to their internet banking
site. The fingerprint doesn't actually identify a unique device but it
gives enough information to (1) identify when the user starts connecting to
the bank with a new device and (2) compare the fingerprint with a database
of known dodgy fingerprints. After that, the fraud engine's rules come into
play and will use the fingerprinting results to calculate a final score
that will be an indication of how likely the transaction is to be
fraudulent. This is combined with other parameters, such as geographic info
based on IP address. So for example, you could have rules that say:
- new device but same location as last time: no problem
- new device, new location but still in UK: let the transaction go through
but contact the customer
- new device from abroad: block the transaction
It's the same sort of rules that are applied when you take cash out of an
ATM: if you've always taken cash out in the UK and you suddenly take cash
out in a country that is a fraud risk (e.g. Russia), it raises alarms and
they may block the card. On the other hand, if you travel regularly and you
often take cash out abroad, they may let it go through but contact you.
Cheers,
Bruno
[1] http://en.wikipedia.org/wiki/Device_fingerprint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20130203/ae3a3ef9/attachment-0001.html>
More information about the ubuntu-uk
mailing list