Xa uxubusha UGoogle ukudibanisa imixholo ye-HTTP User-Agent header, umphuhlisi wesikhangeli seKiwi ukuya kwi "X-Client-Data" HTTP header eseleyo kwiChrome, enokubakho Umgaqo woKhuseleko lweDatha ngokuBanzi osebenzayo kwiManyano yaseYurophu (). Ngexesha Ubumbini bezenzo zikaGoogle zagxekwa, nto leyo kwelinye icala ukuvimba ukuchongwa okufihliweyo kunye nokulandelela izenzo zomsebenzisi, kodwa ngakolunye uhlangothi, akukhawulezi ukususa inkxaso ye-X-Client-Data header kwi-Chrome, engasetyenziselwa ukuchonga iimeko zesiphequluli xa ufikelela kwiinkonzo zeGoogle.
I-header ye-X-Client-Data ayifihlwanga kwaye nokuziphatha kwayo kumaxwebhu. Ngokusebenzisa i-X-Client-Data, uGoogle ufumana idatha malunga nomsebenzi weempawu ezithile zovavanyo kwiChrome ngokunxibelelene neziza zayo (umzekelo, ngexesha lovavanyo, uGoogle unokuvula amanqaku athile ovavanyo kwiYouTube ukuba zixhaswa sisikhangeli okanye zama nxibelelanisa iingxaki kunye nokuvula imisebenzi yokulinga).
Inhloko kuphela ngezicelo kwiisayithi zikaGoogle ezihambelana nemaski β*.doubleclick.netβ, β*.googlesyndication.comβ, βwww.googleadservices.comβ, β*.google.>" kunye ne"*.youtube. ", kwaye ithunyelwe nge-HTTPS. Kwimowudi ye-incognito, i-header ayigcwaliswanga, kodwa ukuba iprofayili ye-Google eqinisekisiweyo yomsebenzisi itshintshela kwiprofayili yeendwendwe okanye xa kubizwa umsebenzi wokucoca idatha, i-header ayicwangciswanga kwaye iyaqhubeka ithunyelwa ngexabiso elifanayo.
Iheda ixelwe ukuba ayinalwazi lwamntu kwaye ichaza kuphela imeko yofakelo lweChrome kunye neempawu zovavanyo ezisebenzayo. Ukuba i-telemetry yokusetyenziswa kwesikhangeli kunye nengxelo yokuphahlazeka ivaliwe kwizicwangciso, ukuvelisa isiseko se-X-Client-Data ye-header value isebenzisa kuphela i-13 bits ye-entropy (i-8000 indibaniselwano eyahlukeneyo), enganelanga ukuchongwa.
Ngenxa yokuba i-header ikwadibanisa ezinye izicwangciso zenkqubo kunye neeparameters, ekugqibeleni imixholo ye-X-Client-Data ifanelekile njengomthombo owongezelelweyo wedatha yokuchongwa komsebenzisi ongathanga ngqo ngexesha elifutshane (izakhono zovavanyo zenziwe kwaye zikhubaziwe ngokuhamba kwexesha, nto leyo ekhokelela kutshintsho lwexabiso ngamaxesha athile kwi-X-Client-Data).
Nangona kunjalo, ukongeza kwi-entropy yokuqala, xa uvelisa ixabiso le-X-Client-Data, kukho kwakhona ukulandelelana kwembewu okubuyiswe ngabancedisi beGoogle kwaye kuxhomekeke kwilizwe, idilesi ye-IP kunye nezinye iikhrayitheriya iGoogle ezibona zibalulekile (umzekelo, akukho nto ithintela. wena ekubuyiseni ulandelelwano olukhulu olungenamkhethe , oluzakuba sisazisi kanye).
Ukongezelela, ukujonga usebenzisa iimaski ze-Google ze-domain xa uthumela i-X-Client-Data ayibandakanyi iimeko apho umhlaseli angabhalisa i-domain njenge "youtube.xn--55qx5d" kwaye uqale ukuqokelela izichazi.
umthombo: opennet.ru