Sorry to TL;DR but 50 page PDFs can be opaque for discussion.
The presentation takes a while to get around to it, but it's a way to see your browser history using cert pinning/redirection. Specifically (ab)using features in the browser that even the paranoid don't disable. And then using that information to fingerprint you.
Maybe people have been so beaten down that they've given up. Track us all you want, nothing we can do about it!
The country's smartest and brightest are graduating from Stanford and MIT and going to work for companies whose entire business model depends on vacuuming up as much of the world's personal information as they can get away with. Depressing.
And you're only talking about the small percentage of the geeks. The non-geeks in our society have absolutely NO clue at all that such technology exists, how it works and how effectively it destroys privacy. Basically, they still live in dream land.
Technology moves faster than anything, not just the law.
Are there any good services or packages for doing this, especially for RoR? I don't need it for advertising, but for banning abusive users who are able to evade the usual means of detection.
I'd advise not making it obvious they've been banned. Let them submit like normal, and maybe show it back to them like normal, but hide it from everyone else. They might just assume everyone is ignoring them.
We've got hellbanning. It helps but they figure it out pretty quickly, especially in chat. I run a kids site, so we have to be pretty draconian about keeping out bad actors.
The presentation takes a while to get around to it, but it's a way to see your browser history using cert pinning/redirection. Specifically (ab)using features in the browser that even the paranoid don't disable. And then using that information to fingerprint you.
Demo: http://zyan.scripts.mit.edu/sniffly Code: https://github.com/diracdeltas/sniffly
It's a good find, even if it's not perfect the way the CSS link visited computed style checks was.