Comment by bigiain

4 years ago

> How do we, as the people building the platforms these perpetrators ride on, stop them?

Every now and then, I get mad while I'm bored and have a bit of free time, and I'll write a script to make requests with randomised tracking codes. I've got about 30 available VPN end points easily available, and I'll cycle through them all sending requests with random ID in whatever the format looks like. It _probably_ makes no difference, but _maybe_ it'll make their data less useful (and if nothing else, I get a bit of satisfaction from doing it.)

2 comments

bigiain

Reply
carimura  4 years ago

I stew on this idea all the time and conclude that only scale (lots of users?) would make this effective. But then I ponder the remedy itself being wielded against legitimate parties and I get slightly sad and move on to something else to worry about.

  • bigiain  4 years ago

    Yeah - I do worry about making a request that might "verify" some other legitament user's url, so I won't do this if the identifiers looks like consecutive numbers, but if they look like guids I'm perfectly happy to blast 10,000 or 100,000 random ones back at them.