Comment by josefdlange

9 years ago

But why not spend ten minutes and make their net code use SSL and then avoid it altogether?

I guess one could argue that the footprint of adding SSL client behavior to a sneaky hidden tracker might be shitty to do and make it more identifiable. But also SSL libraries are typically linkable on the host system anyway, no compilation past the headers needed.

It's just a weird "workaround" on their part if that's the intention.

5 comments

josefdlange

Reply
foota  9 years ago

Consider perhaps Windows firewall. I believe it can be configured to block connection by opening program.

Alupis  9 years ago

Perhaps bots are more easily discernible from a human user who's using a real browser. If the goal is to be stealthy, then they'd want to appear as human-like as possible.

josteink  9 years ago

Windows has very sophisticated firewalling and network access can be filtered on a per-process, per-network basis.

Restrictive companies will only allow pre-approved applications, for specific ports, like I.E. doing HTTP/S over ports 80 and 443, and only on approved/trusted networks.

  • josefdlange  9 years ago

    Yeah, realized the folly in my logic -- see my edit on my top-level comment. This strategy is pretty much how LS works on macOS as well.

  • rasz_pl  9 years ago

    and DNSCache at 53, same DNSCache that listens on localhost and will relay any request from anybody, _non filterable_ localhost