-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathTODO
More file actions
74 lines (65 loc) · 2.69 KB
/
TODO
File metadata and controls
74 lines (65 loc) · 2.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
TODO
* retroactive client_id updates for old sessions that were incorrectly identified
* the client id can be more accurately matched after postback to updatesession.php
* compare which client matches more by checking probability
* update SELECT statements to use filtered views where possible (e.g. for flags like deleted or active)
* modularize the javascript a little so that SherlockSession has a getJsBlock() method
* add pretty output of all tracked datapoints for user's pleasure
BRAINSTORM
* add "method" parameter to printdefs (http, js, ?) (for what?)
* do something with unclaimed tokens and cookies
* how to use non-matches to increase accuracy?
* blacklist abusive clients
* deal with clients that block cookies
* clean up unclaimed cookies in fp_record
* flag clients that repeatedly don't claim cookies?
* use hotness formula based on session_record timestamps (newer = more likely)
* integrate evercookie
* add db caching
* create profiles / modes to use (e.g. silent, cookie-based, aggressive, etc.)
* sets of datapoints to use / ignore
* programmatically switch profiles as necessary
* modes: listen only, average, full/aggressive
* user-controlled linking of sessions and clients by means of self-identifcation (login)
* how to detect mismatched cookies and make things right in the world
* statistics / reporting
* datapoint variance
* most useful/useless datapoints
RESEARCH
* what datapoints are protected/cleared by:
* clear private data feature in each browser
* vpn / proxies
* tor
* framework for generating urls with various behaviors
* etag tracking
* cache timestamp tracking
* defenses against intentional data poisoning
* clustering of datapoints for multiple clients / locations / devices
* fuzzier matching
PLANNED
* if-mod-since header (token)
* etag / if-none-match header (token)
* client timezone (js)
* client time offset from server (js)
* capabilities / plugins (js)
* installed fonts
UNDER CONSIDERATION
* page visits
* resource + referring resource
* accessed resource
* order of visits and links clicked
* referring domain / referring url
* request round-trip time (measured by js, cluster/bucket)
* cached / uncached or requested / unrequested resources
* javascript benchmarks
* network metrics
* requested resource files cached html (?)
* refer to resource that returns no-cache headers (?)
* i copied this straight from my notes. hopefully i'll remember what i meant at a later time
* window.name (thanks samy)
* geolocation, whether through own database or third-party service
* visited links (?)
* javascript disabled (via <noscript><img>)
* video/audio volume attribute (desktop only)
* third-party identifier
* autocomplete via javascript-submitted post form?