[ubuntu-uk] Websites and your PC hardware details

Byte Soup bytesoup at gmail.com
Mon Feb 4 12:04:11 UTC 2013 

On 3 February 2013 23:19, Bruno Girin <brunogirin at gmail.com> wrote:

> On 03/02/13 18:09, Simon Greenwood wrote:
> >
> >
> >
> > On 3 February 2013 16:00, Bruno Girin <brunogirin at gmail.com
> > <mailto:brunogirin at gmail.com>> wrote:
> >
> >
> >
> > That makes sense in context - failed logins combined with the changed
> > hardware would trigger an alert. From a service point of view it's
> > very frustrating for a bank to freeze an account without some kind of
> > notification - my bank have frozen my account after a detecting a
> > fraudulent transaction in the past, but they do have the courtesy of
> > phoning to tell me that they're going to do it.
>
> Well, yes. When their fraud engine is properly configured, they should
> only block your card when there is a very serious fraud risk. Any other
> situation, they should notify you of the dodgy transactions and let you
> confirm whether they are legit or not.
>
>
> >
> > It would be interesting to know if this system is able to extract
> > something from Firefox, Chrome and other browsers available to Ubuntu.
>

That's exactly what I wanted to know too :-)


> > Most if not all online banking services now work on Linux-based
> > systems although we're still the poor cousin in terms of support.
>
> Not quite. All banks I've worked with run on UNIX, typically AIX or
> Solaris. Some are considering Linux and in particular RHEL but purely as
> an exercise to reduce costs and benefit from commodity x86 hardware (as
> opposed to IBM PPC or Oracle SPARC).
>
> Similarly, banks are very benefits focused in terms of what they support
> and as long as the Linux share of their web server stats is low, they
> won't (explicitly) support it. If I take the example of the one I work
> with, their logic is very simple: any browser + OS combination that
> shows more than 1% share will be explicitly supported. Interestingly,
> the result of this is that the recent rapid version changes in Firefox
> have meant that the reported share of FF has dropped because the logs
> have shown a fragmentation between different versions. Add to this that
> you have many different browsers on Linux and there is absolutely no
> chance that any given combination would reach 1% for the time being. On
> the other hand, such simple rules have meant that we've recently been
> able to drop explicit support for IE6!
>
> With regards to what device fingerprinting is able to extract, this
> depends on the browser but there are things that all of them expose.
>

I suppose also it depends on what plugins the browser has too?


> Panopticlick [1] is a good way to get an idea of the sort of information
> that this technique can extract. To come back to the original BBC
> article, something as simple as screen size and colour depth could have
> changed as a result of changing the motherboard.
>

No I agree, its probably like Simon mentions, the machine might have been
running some local applications which would have had access to this
information and fed it back to their servers, thats why the author likely
had trouble.

>
> [1] https://panopticlick.eff.org/
>
> Bruno
>

Bruno, thanks for the link above and the Digital fingerprinting wiki page,
very useful to bookmark.

>
>
> --
> ubuntu-uk at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
> https://wiki.ubuntu.com/UKTeam/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20130204/9fc00f5b/attachment.html>

More information about the ubuntu-uk mailing list