1

A news site I visit often has a limit on 10 views a month.

I don't log in and I delete my full browser history and use Chrome incognito mode.

The website still remembers my page view count.

I'm wondering how they do that. What else is available besides cookies?

Ctrl-alt-dlt
  • 2,397
  • 1
  • 18
  • 28
CodeMonkey
  • 125
  • 1
  • 4
  • 5
    Do you have a static IP address? – Karan May 21 '15 at 14:54
  • 1
    If it embeds any other type of content ( Facebook, Twitter, ect. ) anything that would make you unique could be used even if you use incognito mode. incognito mode isn't really a privacy setting it just doesn't keep a web cache locally. – Ramhound May 21 '15 at 14:57
  • Yes. but Isn't it illegal to log IP addresses? – CodeMonkey May 21 '15 at 14:59
  • @CodeMonkey: Which news site are you referring to? – James P May 21 '15 at 15:00
  • Its a danish one www.b.dk – CodeMonkey May 21 '15 at 15:02
  • @CodeMonkey - We can't speak to the legality of logging an ip address seems unlikely since an ip address alone can be used to identity your actual identity. – Ramhound May 21 '15 at 15:05
  • 2
    Isn't it illegal to try and bypass site access restrictions? – AFH May 21 '15 at 15:17
  • It might be, I'm not sure. But I'm not so much trying to by pass it as I'm just curious how they did it. Deleting my cookies is not illegal i think. – CodeMonkey May 21 '15 at 15:19
  • 1
    @CodeMonkey: Have you tried using another browser to see if still detects the previous page views? – James P May 21 '15 at 15:20
  • If you have a static IP, then that's the #1 suspect as to how they're tracking you. Anyhow, check out this other SU question: [What hardware information about your PC's can gathered by websites/ISP's?](http://superuser.com/questions/206164/what-hardware-information-about-your-pcs-can-gathered-by-websites-isps) for some ideas on how they can track you beyond cookie usage. – Ƭᴇcʜιᴇ007 May 21 '15 at 15:22
  • I do this, with my site [www.hitanalysis.net](http://www.hitanalysis.net) - it tracks by the IP but interestingly, it doesn't collect any personal data - if I visit a site which uses Hit Analysis from my home it would flag as the name of my ISP which basically means I'm not tracked. If I log on from a static work IP address, then I can usually detect the company! But only by company, not individual. However, it will still be fairly easy to give you messages etc you're interested in. – Dave May 21 '15 at 16:08
  • 1
    Try using a VPN/TOR or a public proxy with incognito mode to single out whether it's IP logging or something else. – Firelord May 21 '15 at 17:55

1 Answers1

2

Possibly through the use of super cookies (and here).

HSTS “allows a website to indicate that it should always be accessed using a secure connection that encrypts your communication with the site.” This “flag” is then saved by your web browser, ensuring that any future visits to the website are secure. But this can also be abused, using this feature to store a unique number that can be used to track your web browser.

The first link says Chrome is supposed to clear these when cookies are cleared, the second says only VPN will save you.

Sir Adelaide
  • 4,969
  • 2
  • 13
  • 36
  • Unless you log in, of course. – SDsolar Sep 18 '17 at 01:06
  • As for how HSTS (which really is just a flag and does not send any information to the server _directly_) can be abused, see https://security.stackexchange.com/questions/79518/what-are-hsts-super-cookies/79522#79522 – Arjan Oct 06 '19 at 08:07