This topic contains 1 reply, has 2 voices, and was last updated by electricfoxyboy 1 month, 4 weeks ago.
- November 24, 2020 at 2:23 pm #333545
I know a bit about networking, a lot about marketing & analytics, but nothing about network analysis or reverse engineering. So i’m hoping somebody here can help me solve a puzzle that’s been bothering me.
An app called Killi is trying to make waves by playing off the fear that evil companies are selling your data, but this wonderful company is finally taking ethics into it’s own hands and splitting the profits by paying YOU for your data. Finally, YOU get to decide what you sell, and if you go all in you can earn $3 a month. That’s like a free coffee, and as long as you aren’t some bougie twat you’ll still have change left over.
So: what do they track? Just the basics, nothing that isn’t already being tracked. The sites you visit. Your location. purchase history. Demographic information. Personally identifying information like name, address, and phone number. your bank records. Plus you have a chance to earn even more! If some company decides you’re particularly interesting, they can target you with a survey to answer specific questions to learn even more. And of course they may insert ads into your content. They’ll insert ads before every video you watch. I bet they insert affiliate links to.
Is this all safe you might ask? of course! See, we have an SSL certificate. We got it for free from lets encrypt. Plus, your data is protected with a password! Oh right, FAQs. what do we have here. “why can’t I log in?” well, **we are now requiring users to provide a password to log in.** Apparently we were not before.
Sarcasm aside, this whole thing seems incredibly sketchy. Sure, I technically “buy data” all the time because i can pay Facebook to show ads to people who viewed my site, and change the ad based on their age and gender. I also have analytics so I can track viewer trends. But how many companies are able to keep 24/7 tabs on users behavior at all times?
I would love to see if somebody could sniff the data that is being sent back to this company, or find a way to see how they are modifying the pages you view or what you do on your phone. If not i’m familiar enough with linux that if somebody were to point me in the right direction I could buy one of those monitor mode wifi adapters and run my traffic through there. I’m just really curious about this.
- November 24, 2020 at 2:23 pm #333546
Seeing what data they are physically sending through traffic analysis is likely impossible. They are encrypting your data which means you won’t be able to directly recover it without exploiting a bug in the code itself or through reverse engineering. Bug exploits could be done through attacks like buffer overflows, but is a super advanced subject, not an easy one, and one that gets harder and harder on modern hardware with hypervisors. Reverse engineering the code is also tricky, but there are PC flavors of things (for example, the Chrome extension) that make that task easier.
What you CAN do (comparatively easily) is a correlation attack where you watch for patterns in the amount of data sent off when you do certain things. A simple example of this is to create two websites on a local network – make them exactly the same except make the URL address super long. Start Wireshark and Chrome, wait for the network traffic to stabilize, then visit the first site. Let things stabilize and then visit the second site. Lather, rinse, and repeat. You can then compare the packet sizes to see if they tell you anything. If Killi optimized the data length in the packet, you should see the longer URL captures taking more data.
This concept can be expanded. Are they sending photos back? Which photos? Prices back? Names? Friends? Cookies? Health information? You get the picture.
- November 24, 2020 at 2:23 pm #333547
Doesn’t seem worth it to me. Put me in the “bougie twat” category when it comes to paying for a cup of coffee.
You must be logged in to reply to this topic.