Tracker pixels are surprisingly commonly used by legitimate senders… your bank, your insurance company, any company you patronize. These assholes hide a 1-pixel image in HTML that tracks when you open your email and your IP (thus whereabouts).

I use a text-based mail client in part for this reason. But I got sloppy and opened an HTML attachment in a GUI browser without first inspecting the HTML. I inspected the code afterwards. Fuck me, I thought… a tracker pixel. Then I visited just the hostname in my browser. Got a 403 Forbidden. I was happy to see that.

Can I assume these idiots shot themselves in the foot with a firewall Tor blanket block? Or would the anti-tor firewall be smart enough to make an exception for tracker pixel URLs?

  • CameronDev
    link
    fedilink
    arrow-up
    4
    ·
    28 days ago

    Yes, the server gets the request for /uniqueForTracking/b19...184.gif, which could be logged.

    • evenwicht@lemmy.sdf.orgOPM
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      28 days ago

      That’s interesting. It sounds like browsers could be designed smarter. I get “403 Forbidden” chronically in the normal course of web browsing. In principle if a server is going to refuse to serve me, then I want to give the server as little as possible. Shouldn’t Tor browser attempt to reach the landing page of the host first just to check the headers for a 403, then if no 403 proceed to the full URL?

      #dataMinimization

      • CameronDev
        link
        fedilink
        arrow-up
        4
        ·
        28 days ago

        Its not a browser thing, its HTTP. The return codes are specific to the request, not the server.

        GET example.com could validly return 403, while GET example.com/tracking123.gif returns 200 or anything else.