Category Archives: Blog

Using OSINT to Stop Human Trafficking

Human trafficking is a growing worldwide problem. According to the International Labor Office in Geneva, the 2017 estimate of worldwide human trafficking was 40 million people, including 25 million victims of forced labor and 15 million victims of forced marriage. One in four of these victims are under the age of eighteen.  

While the United States has a record of sustained efforts to investigate and prosecute cases of human trafficking, there is still a long way to go, both with victims trafficked within the U.S. and with victims who are brought from outside the country. 

Often, victims of human trafficking are not free to ask for help. Their ability to contact others is controlled and monitored by their victimizers. Victims may have access to cell phones or social media but not be allowed privilege to speak freely online or to reach out to lifelines. Some victims may not even be aware that they are victims, let alone that there is help available for them. Their victimizers can brainwash them, punish them, threaten them, and—if the victim manages to escape—stalk them and blackmail them into returning. 

When a victim is underage, it can be particularly difficult for them to realize they can find a way out or that a better life is available if they do. 

Prevention of underage human trafficking becomes a struggle with two separate issues: how to identify the victims and how to collect the evidence critical to legally proving that human trafficking has occurred.  

Open-Source Intelligence (OSINT) techniques can help with both issues by identifying the victims and through collecting evidence necessary for law enforcement officials to build a case. 

OSINT is the use of Publicly Available Information (PAI) to produce actionable intelligence and includes such commonly used vehicles as social media accounts and website traffic information. Many tools have been created to take advantage of public information, which allows law enforcement and those who assist them to identify victims and collect evidence faster than ever before. 

One of the biggest capabilities developed for connecting law enforcement needs to OSINT experts is the Torch Initiative. The Torch platform is a collaborative effort between Echo Analytics Group and All Things Possible Ministries, uniting expertise in OSINT with expertise in helping victims of human trafficking to shine light in the darkness and create a solution. 


  1. What is human trafficking? 

Human trafficking is a version of modern-day slavery that exploits victims through force, fraud, or coercion to obtain some type of labor or commercial sex act. While most victims of human trafficking perform sex work, other types of human trafficking include agricultural labor, domestic and commercial cleaning services, construction, manufacturing work, and more.  

Advertising for trafficked labor and services often occurs online, whether on the dark web or on public social media and other public sites. The Internet was not originally well-regulated with regards to the advertising and sales of sexual services. After laws like the FOSTA-SESTA Act were put in place, it became less difficult to hold traffickers accountable. Unfortunately, like many other types of criminals, traffickers will always find creative workarounds to regulations and after being shut down, quickly return to recruiting, advertising, and controlling their victims online.  

Social media is often used by traffickers to accomplish their goals. Social media is used to recruit multiple victims by posting misleading job advertisements. It is also used to recruit individual victims by posing as a romantic interest or by pressuring victims to bring their friends into the same scheme. 

A wide variety of techniques are used on social media against human trafficking victims to make them easier to control. In the past, it was usual to remove the victim’s access to cell phones, smart phones, and the Internet. These days, more victims are reporting that they are allowed to keep restricted access to various methods of communication, but victims’ social media use may be restricted or monitored. Their accounts may be hacked, or they may be forced to make posts reassuring others of their safety. They may be stalked or harassed by their victimizer or forced to stalk and harass other members of the same schemes if they show any signs of wanting to escape. 

Because of brainwashing and other manipulative tactics that can be used by traffickers, it can even be difficult for the victims to identify that they are victims at all, thinking that the situation they are in is one they can control—until it is too late. 

The intersection of the sex trade and human trafficking of underage victims is both particularly important to identify and sets clearer boundaries for proof. It can be difficult to prove that force, fraud, or coercion is being performed against an adult victim. However, with an underage victim the burden of proof lies only in the validation that they are under the age of consent. 


  1. What is OSINT? 

Open-Source Intelligence (OSINT) is the collection and use of Publicly Available Information to produce actionable information. This Publicly Available Information can include social media posts, likes, friends, timestamps, location data, relationship statuses, and more, as well as a wide range of different types of information from other sources, such as broadcast media, newspapers, public records, website data, and more.  

This information can be collected using multiple tools, many of which were developed as an open-source project and published free of charge for public use. Once collected, the information can be processed to correlate seemingly random bits of data into the information needed. Echo Analytics Group has built a dashboard tool, the Cyber Intelligence Dashboard, to handle many types of OSINT research and analysis tasks and to make the process more efficient.  

Many law enforcement agencies from the Federal to the local level have partnered with or are training OSINT experts to collect evidence, track suspects, run background checks, perform due diligence on vendors, and more. These agencies are discovering the benefits to having access to OSINT expertise, saving them time and money across many different types of investigations. 

OSINT approaches are often based on collecting Publicly Available Information on the human level, that is, where information consists of names, locations, and statements posted online, and merging it with information found the machine level, such as IP addresses, timestamps, and user agents.  

One example of how this combined OSINT approach can work in the human trafficking realm is PhotoDNA, which compares photos as they are uploaded with known sources of underage pornography and advertising for the sex trade. Social media sites can set up automatic checking of all photos uploaded to their sites against known images of underage sex trafficking, then forward all possible cases to a human OSINT professional for further research in collaboration with Law Enforcement. These collaborative efforts can help to identify the victim and collect evidence of their age, providing law enforcement agencies with critical information to support the rescue of trafficking victims and the arrest of their traffickers. 

Many people have explored the power of the Internet and specifically social media to research other people, from identifying an unknown number on their caller IDs to looking up former classmates online. An OSINT analyst starts with the same techniques but expands their searches into more obscure and more technical areas, using a wider array of tools and skillsets. OSINT analysts combine research expertise, computer and networking expertise, and forensics techniques to uncover the “needle in the haystack,” the one piece of critical information buried under a mountain of data. 


  1. Using OSINT to identify underage human trafficking victims. 

Human traffickers are very clever in how they target their victims and how they advertise to clients. They often recruit or advertise jobs or services on public social media using legitimate-appearing front businesses, then take potential victims and clients to another site to “close the deal.” The second site might be on the dark web or a more secure site, or it may simply be on a different public social media site or chat application. The act of switching sites helps break up any patterns that might cause the site’s or app’s algorithms to flag the conversation.  

However, OSINT researchers can still establish patterns of behavior of potential traffickers, such as when a trafficker contacts a high number of user profiles of underage people over an extended period on a messaging app, then follow potential traffickers between sites, even if they change their user IDs. Identifying potential traffickers can lead researchers to potential victims or networks of victims. The researchers can also start by establishing patterns of behavior of victims. 

Once a potential victim has been identified, the person’s age can be researched using their social media profile and the profiles of others on their network. Public records and other OSINT techniques—such as extracting the date a photo was taken—can supplement social media results. 

Evidence proving the person is a victim of human sex trafficking can be established the same way, although such a search may extend into the dark web, where it is vital that an OSINT researcher practice good attribution management, that is, covering up their digital “trail” to ensure their research activities cannot be tracked. Human traffickers are not always digital experts, but they can be just as skilled in OSINT techniques as the people who hunt them. 

Regardless of where the OSINT researcher is searching for information, it is vital that they do so in a manner that doesn’t cause further danger to the victims and that provides information in a way that is legally usable by law enforcement agencies. Independent OSINT researchers, though well-intentioned, may not provide information admissible in a court of law. 


  1. The TORCH Initiative 

Echo Analytics Group and All Things Possible Ministries have partnered to create the TORCH Initiative, which seeks to work with law enforcement agencies to track down victims of human trafficking, using proven methods that both protect the victims and provide usable evidence. 

Echo Analytics Group, a Quiet Professionals company, is known for its innovation in the OSINT field. Founder Buddy Jericho is a former member of the U.S. Intelligence Community and pioneered OSINT methods for use in counterterrorism activities for Special Operations Forces. Jason Jones, Director of Operations, also leads in OSINT innovation, developing the Torch case management platform, the first of its kind, in collaboration with All Things Possible Ministries. 

All Things Possible Ministries is a non-profit organization known for locating and rescuing victims of human trafficking in some of the least accessible areas of the world and providing resources for victims to make their way back into safe communities. All Things Possible Ministries and founder Victor Marx have extensive experience in working with all types of groups across cultures, defying stereotypes and crossing battle lines to defend the defenseless. They have a history of working closely with law enforcement agencies and understand what they need in order to move forward on human trafficking cases.  

The OSINT analysts working with and trained by Echo Analytics Group have been skillfully trained in using techniques to swiftly identify trafficking victims. These analysts have also set up several proven workflows to quickly establish the ages of victims online, even when the answers aren’t obvious. They are experts in conducting their research in ways that not only protect the victim from punishment but ensure traffickers don’t get off on a technicality due to poor evidence collection.  

The Torch Initiative is an excellent example of how using OSINT can be beneficial in helping underage human trafficking victims and in holding their traffickers accountable. Law enforcement agencies that are not already working with an OSINT expert may wish to consider partnering with one, or in investing in training for their own team members.  

Likewise, OSINT experts—whether professional or amateur—should consider contacting the Torch Initiative or a similar group to volunteer their talents and use the amazing resources at their fingertips to help rescue human lives.  


Let us know here if you are an OSINT professional or amateur researcher and are interested in working with Torch. If you are interested in learning how to become an OSINT researcher or analyst, we provide online and in-person classes. Click here to sign up for OSINT training. 

Protecting Critical Infrastructure with OSINT

Ransomware and other malware attacks are on the rise. Criminals are constantly probing online systems to discover their vulnerabilities to hold systems hostage. Meanwhile, U.S. foreign adversaries are increasingly targeting assets in digitally accessible spaces to achieve their political goals.  

Open-Source Intelligence (OSINT) is being used by both attackers and cyber security professionals to find ways to exploit critical systems and functions. Often, attackers and cyber security experts must use the same tools to search accessible online spaces for pieces of publicly available information that, when combined, might provide keys into an organization’s systems.  

OSINT is a powerful tool being re-engineered by 21st century cyber-security professionals to identify and disrupt vulnerabilities before they can be exploited.  

Attackers are becoming more sophisticated, targeting specific entities for disruption rather than merely taking the “low-hanging fruit” approach to selecting targets. They are not only targeting systems but people, using Human Intelligence (HUMINT) techniques—also known as “social engineering”—to extract valuable pieces of information from staff, vendors, and other human partners—people who may not understand how vital the information they provide may be. 

Of particular interest to both criminal and nation-state attackers are organizations that serve as critical infrastructure for the U.S. and allied nations. Because these organizations are important pieces of the day-to-day operations and defense of a nation, they make for high-value targets. In addition, some organizations involved in critical infrastructure tend to have weaker defenses against ransomware and other malware attacks due to the nature of their industry and the fast pace of technological innovation used during malware attacks.  

In other words, what was not understood to be a point of vulnerability yesterday is now known to be vulnerable today. 

Cyber security professionals of organizations involved in critical infrastructure must become more aware of basic security procedures to protect themselves. Further, because their organizations are such high-value targets, they must take extra steps to secure their most valuable resources against threats.  

Organizations must learn to integrate OSINT into their security plans. They must assess what resources, people, and systems are most vulnerable and most valuable to attackers, then prioritize plans to ensure that their most critical resources are the best defended and most resilient to attack. 


  1. What is OSINT? 


Open-Source Information (OSINT) is the use of Publicly Available Information (PAI) to develop actionable intelligence—that is, the information needed to achieve specific goals, such as covertly accessing a network and implanting malware there.  

Ransomware attackers first performs reconnaissance against an organization by researching their public information, including the personal information of key employees, online. In order to find the best way to get into a target system and plan what to attack once they get in, the attacker uses OSINT techniques.  

When an organization researches their own vulnerabilities to malware attack—and whether their vendors are vulnerable to that type of attack—the organization is using OSINT techniques. 

There are a wide variety of tools and techniques that can be used to research and develop OSINT, from tools developed by curious amateurs researching how systems work, to for-profit businesses that develop business analytics tools to determine what their customers are saying about them, to national security programs that develop malware to spy on, and sabotage, other nations’ systems. 

These tools are constantly changing and evolving for a variety of reasons. As social media platforms change, as new operating system exploits are discovered, and as recent technologies connect systems, users, and devices, OSINT tools evolve to best discover what information is available to be used. 

While some information that is being shared publicly by an organization can be controlled, once it has been released to the public, it can be found online forever. Even after controlling what information is available in the future, it is important to know what information an organization has shared with the public in the past and how that information might be used. 


  1. What is critical infrastructure and why is it vulnerable? 


Critical infrastructure is the collected systems and institutions needed to keep our nation operational and to defend it in an attack. The Cybersecurity and Infrastructure Agency (CISA) has defined sixteen areas of critical infrastructure: 

  • The chemical sector 
  • The commercial facilities sector, including sites that facilitate crowds, like open spaces, concert venues, and hotels 
  • The communications sector 
  • The critical manufacturing sector 
  • The dams sector, covering over 90,000 U.S. dams 
  • The defense industrial base sector 
  • The emergency services sector 
  • The energy sector 
  • The financial services sector 
  • The food and agricultural sector 
  • The government facilities sector 
  • The healthcare and public health sector 
  • The information technology sector 
  • The nuclear reactors, materials, and waste sector 
  • The transportation systems sector 
  • The water and wastewater systems sector 

Our economy and lives depend on the various elements of these critical infrastructure systems. Ransomware and other malware attacks against them give attackers a disproportionate amount of leverage. Often, those organizations’ leaders, eager to halt the threats to people’s lives and welfare, can be more likely to cooperate with the attackers.  

Making critical infrastructure even more tempting for attackers, some elements of our critical infrastructure are outdated and therefore particularly vulnerable to attack.  

The designers of the outdated systems had no idea how their systems would be abused in the future. They certainly could not have anticipated the OSINT tools used to perform reconnaissance and exploitation against their systems.  

While some sectors of our infrastructure are aware of the possibility of harm—such as the defense, information technology, and financial sectors—other sectors may be less prepared to defend themselves from attack.  

They may not understand the dangers posed by outdated software and equipment being used. They may not be aware of how recent technology can cause unexpected disruption throughout critical technologies and may not be structurally prepared to address those threats. And even the best prepared organizations may struggle to educate and prepare their workforce on the shielding of critical personal information that can be used to guess passwords or to send emails, texts, or voice messages from a seemingly legitimate source.  

For example, some farms do not necessarily have a standalone IT department with an OSINT expert on hand, available to anticipate and respond to malware attacks, even as they add sensors to their equipment that may open their networks to outside attack.  

Some industries tend to respond quickly to public perception of having insecure technology, if only because the loss of customers due to lack of confidence can quickly spiral out of control. Other critical infrastructure sectors that are not as sensitive to public opinion may be understandably more conservative about adopting recent technology—and its associated growing pains and expenses. 


However, ransomware and other high-tech attackers do not wait for the bugs to be worked out of critical infrastructure systems before they attack. 


  1. Who targets critical infrastructure? 


Critical infrastructure is targeted by two main groups: criminals and nation-state actors. Both will use the same types of OSINT tools to research and exploit their victims, but the two groups have different purposes, and therefore target different elements of the systems they infiltrate. 

Criminals attempt to take down critical infrastructure for money. Their primary goal—generally via ransomware—is to make normal operations difficult to pursue. They halt critical functions to put pressure on an organization to pay their ransom. 

Their goals are to encrypt information to prevent it from being used, to destroy or encrypt backups, and to halt systems long enough to collect payment. They wish to cause inconvenience and disruption to make a profit. Recently, attackers have begun to export, or “exfiltrate,” substantial amounts of data that can be used later as blackmail material or sold for additional profit on the dark web’s black markets.  

Nation-state actors often have more insidious goals. 

When a nation-state uses malware to attack critical infrastructure, often the goal is not to gain a profit, but to collect information that is otherwise difficult to obtain, to embarrass the target nation, or to prevent it from using critical infrastructure to achieve its own goals. Nation-state malware has or may have been used to collect sensitive information of other nations, disrupt energy grids, disrupt oil pipelines, close schools, and more.  

But organizations cannot assume that they will not be targeted by nation-state attackers; critical infrastructure is always of interest, and the malware used by nation-state actors has been known to spread outside the attackers’ original intent. 

Nation-states have also been known to purchase the exploits found by malicious actors, the source code of viruses, and the information exfiltrated by criminals on the black market. Often the most dangerous time for an element of critical infrastructure is after they have been hacked, as nation-states leverage information obtained by criminals to cause further damage. 


  1. How can OSINT be used to protect critical infrastructure? 


With critical infrastructure both uniquely vital and uniquely vulnerable to attack, it is important to prioritize protection. Organizations should seek out experts in OSINT to partner with their own IT, security, and leadership representatives to assess the organization’s vulnerability to attack.  

Identifying which systems and information are critical is a key step of choosing which defenses to prioritize.  

Plans for protecting critical systems and information should start with the most vital functions and communications of the organization. Teams should review systems and information to determine which systems would be considered most critical, in light of both criminal and nation-state attacks. A criminal attacker may target different vulnerabilities and capabilities than a nation-state attacker. 

Plans should include: 

  • Removing or mitigating vulnerabilities as possible. 
  • Backing up data in a location not vulnerable to spreading attacks. 
  • Creating procedures and methods to identify reconnaissance and attacks in real-time. 
  • Training for staff on how to handle suspected reconnaissance and attacks. 
  • Investigation of third-party partners and vendors as potential routes for attack.  
  • Responding during an attack, including reporting the attack to the FBI. 
  • Returning critical systems to operation in case of an attack. 
  • Preserving data about the attack. 
  • Researching the attackers to assess how the attacked occurred, who the attackers are, and how to prevent further attack. 
  • Prevent any stolen information from being used against your organization. 

Organizations must take the attitude that discovering that they have been the victim of an attack means that they are at immediate and long-term risk of follow-on attacks and reinforce their use of OSINT tools to monitor for follow-on indicators of reconnaissance, release of their data, and attack. 

In the past, many elements of critical infrastructure have been slow to change and adopt modern technology. This slowness can happen for multiple reasons, including avoiding public perception of waste. Resistance to change is understandable, but it can result in a less robust level of security as organizations attempt to modernize.  

Organizations can help safeguard critical systems from ransomware and other malware attacks by adding OSINT expertise to their incident response teams. OSINT experts have a fundamental understanding of how malicious actors identify and leverage publicly available information to infiltrate systems and accomplish their goals.  

Because of the public trust that is put into organizations providing critical infrastructure, it is essential to fully protect those systems as soon as possible. Criminals and nation-state actors will certainly not wait for securing critical systems becomes more convenient.  


Interested in our expertise? Read more about Echo Analytic Group’s OSINT services here. Interested in working with us as an OSINT expert? Check out our careers here. 


Interested in our expertise? Read more about Quiet Professionals’ services here. Interested in working with us as one of our experts? Check out our careers here. 

Protect Your Kids Through Online Safety

5 Ways to Protect Your Kids Through Online Safety

Today, over 3.8 billion people use social media platforms globally. In an age where endless information lies at our fingertips, we have access to countless connections and opportunities. For parents especially, we know you want to help your children navigate the internet safely and responsibly.

As we cannot always watch our children, consider how we can best monitor their online activity and keep them safe. In the content below, we explore five ways in which parents can protect their kids through utilizing online safety.

#1. Enable Browser Settings and Privacy Settings for Maximum Security

An estimated 20% of parents report they don’t supervise their children’s internet usage at all. Additionally, nearly 62% of teens report their parents have no idea what they do online.

Reviewing your child’s browser history gives valuable insight into what your child does in their leisure time. Aside from browser histories of video games and homework research, look for credit card or personal information used without permission.

To effectively review your child’s browser history, open your child’s internet browser such as Google Chrome, Safari, or FireFox. Then, select the icon labeled “history” to retrieve a list of website URLs visited. For a more thorough inspection, check the computer’s recycle bin to see if any files were recently deleted. Although we hope you don’t find anything alarming, you may be surprised in what you uncover.

The Advantage to Enabling Browser Settings

By activating browser and privacy settings, parents can have the peace of mind in knowing that their children are kept safe from certain websites. You can create a custom “blacklist” that blocks specific websites and domains. Such websites could include:

  • Pornography, Adult content
  • Social Networking
  • Online Gaming
  • Social Media
  • Weapon and Gun Violence
  • Dating and Media Streaming
  • Gambling
  • Phishing, virus and spyware hosting websites

By utilizing these settings, you can block inappropriate content and help protect your child from falling subject to any online danger or indecent exposure.

#2. Monitor Children’s Social Media Activity

Another great way to protect your kids through online safety is by monitoring which websites your children visit and who they communicate with. As a result, you make it more difficult for sex offenders and online bullies to harass them. Additionally, by monitoring your children’s social media and internet activity, you will learn if your child discloses private information to a stranger.

A helpful boundary to establish with your children is to limit the level of privacy they can have with their technology. For example, you could create a household rule that technology stays in the living room and outside of bedrooms. Alternatively, you could make social media a family activity! Take Buzzfeed quizzes together or scroll through the funny memes and videos with your children. As a result, your children’s experience with social media remains wholesome.

#3. Know All Your Children’s Passwords

We know that a parent’s priority is to keep their children safe. Therefore, to best monitor your child’s social media activity, it’s a good rule of thumb to know all their passwords. By allowing them privacy over their passwords, it becomes that much harder to protect them from online dangers.

Additionally, by overseeing their accounts and passwords, you learn about the age limitations on that particular social media platform. The required digital age to open a new social media account is 13. However, the age requirement can be 18 or older for certain platforms like dating applications. In the event your child is younger than the recommended age, perhaps they could either wait until they are older before signing up or, with permission, use your account login on occasion.

Know Your Why

Keeping track of your children’s social media passwords is a helpful way to protect your children through online safety. By knowing your reason behind monitoring their social media accounts and passwords, you obtain a better strategy to safeguard your children.

#4. Have an Open Dialogue With Your Kids

In today’s culture, kids receive their first piece of technology at young ages. Therefore, begin talking with your kids right from the start. Warn them about the dangers of malware, identity theft, and sex offenders, reminding them that you want them to stay safe.

If you see a sudden change in your child’s behavior, there might not always be a warning sign. However, by having an open dialogue with your kids, they can be comfortable and honest with you, ultimately sharing what’s wrong. Perhaps, they are frustrated about a math assignment; but they could be upset from a cyber bully.

#5. Enroll in an Online Safety Course

In a world of cyber bullying, identity theft, predators, and explicit content, knowledge will be your greatest defense mechanism! Join our mission to help children safely interact on the internet and social media as they navigate our global, digital society.

Our “Protecting Kids Online Safety Course” equips parents with essential tools, knowledge, and skills to combat the dangers of social media. Additionally, this course teaches parents how to effectively monitor their social media accounts.

Online Safety Course

What will we accomplish in this course?

Social Media plays a significant role in our children’s lives and they are exposed to a new world as soon as they log on. Children can be exposed to cyber-bullying, inappropriate content, predators, grooming, psychological, and physical impacts, identity theft, and unfortunately much more.

EAG acknowledges this rapidly growing issue and has created a course to equip parents with essential skills and tools to combat the dangers of our children using social media platforms. Our course empowers you to provide a hedge of protection around your child in your communities and their online activities.

Learn More with Echo Analytics

At Echo Analytics Group, we deliver world-class products and services to a host of businesses globally. We are a full-service intelligence firm providing services, products, training, and technology to both public and private sector businesses. To learn more about Echo Analytics Group, contact us today. If you are interested in signing up for any of our courses, you are welcome to reference our Echo Academy.

Super Cookies

Super Cookies: An Introduction

Cookies are generally employed by websites towards enhancing and offering better user experience as they simplify predictive choices. Cookies denote a set of data kept by browser following a user interaction with a specific website.

The first time you visit a website, cookies save packets of data that help improve user experience over time, especially in cases where the user returns regularly. The improved user experience entails lesser loading time of website pages, auto-login, and tailored content recommendations from tracking user behavioral patterns.

Users who share concerns relating to privacy usually delete these cookies occasionally; however, super cookies offer a different story. They are a form of tracking cookie placed within an HTTP header by the internet service provider (ISP) to gather data relating to a user’s browsing history and internet habits.

What Are Super Cookies?

Super cookies are technically not an HTTP cookie, but a Unique Identifier Header that instead injects information into packets sent from a connected user to its service provider. Whenever the ISP detects traffic from a user, it places an additional HTTP header into the packets leaving the user computer or device.

Super cookies deliver a variety of functions, including the collection of several data on users’ browsing routines as well as website details and time of visit. Irrespective of the browser used, they can also access and gather information through regular tracking cookies. Data collected by super cookies include cached images and files, login details, plug-in data, and more. The data collected are stored and not deleted, even if the traditional cookie is deleted.

Why They Were Invented

Cookies based on browsers have been around for as long as the internet. Cookies were created around 1994 by an engineer. The creation of cookies follows the idea of aiding e-commerce websites to sustain purchasing carts through its target audience. But soon enough, the usage of cookies began to spread widely. Lately, the super cookie a new form of a cookie provides several functions that primarily include the tracking of user activities.

How Do Super Cookies Work?

Cookies are data bits left after activities involving surfing the internet. This data bit comprises information necessary for recognizing a user at a later visit. For regular cookies, they are optional and can be deleted at any time. However, super cookies are more fixed and once a user encounters them, there are limited options for limiting their surveillance capability.

In a more specific form, super cookies are not, in fact, cookies at all. That is because they are not downloaded and stored on the browser. Instead, they make use of Unique Identifier Headers (UIDH), which are injected into the user’s connection at the network level. In essence, the UIDH is any data bit that enables the user’s net connectivity into a unique quantum in the whole web framework.

How Super Cookies Are Used to Track User Activity

Cookies are loved by everyone as these little scripted codes help users navigate websites easily. Cookies make browsing much easier with automatically filling login details, as well as other unique data from one session to the other.

ISPs are known to engage super cookies to attain much-better advertising pitching. The data gathered from users are used by the ISPs alongside other third parties. Some third parties also participate in tracking headers to gain data for use in pitching targeted adverts.

Super cookies are machines in data gathering and keep track of every online activity engaged by the user. Also, the data assembled by standard cookies are accessible to them. So, they get access to caches alongside plugins data.

Measure to Be Taken to Increase Privacy

The tracking process via cookies of any form is not technically damaging. But, tracking of users who wish to remain private do undermine their privacy, and this can be even more harmful than any virus or malware put together.

But in cases where you are not a willing participant, the tracking level of super cookies may be something you wish to avoid. It is understandable, as the problem varies from several unscrupulous third parties seeking to use underhanded techniques to websites trying to exploit user data.


Nevertheless, users can deactivate the storage of standard HTTP cookies through the privacy control available in the browser. Unfortunately, for super cookies, it entails a time-consuming process to manually wipe them off your computer or device.

TLS and SSL Protocols

One approach connected users can employ in shielding themselves and information from super cookies is through the use of TLS (Transport Layer Security) and SSL (Secure Socket Layer) protocols. The TLS and SSL protocols provide encryption as well as functioning as a vanguard towards user privacy. Furthermore, users can limit super cookies infiltration by visiting HTTPS websites only as these websites are created using secure protocols.

Data Encryption

Another possible alternative is the use of data encryption. In this regard, the use of a Virtual Private Network (VPN) service would allow the user to browse the web anonymously and securely. The VPN would reroute your traffic via several servers, prohibiting super cookie’s ability to cling to such traffic. Also, the VPN reduces the possibility of tracking headers to be added to your traffic as the data encryption secures all your data.

Also, if you are willing to make use of software in removing them, users can use some free tools like CCleaner or SlimCleaner. This software makes it easier to clean out any super cookies hidden with your computer or device.

Also, another approach to safeguarding your privacy from super cookies is the installation of third-party software that blocks the infestation activities of super cookies in the first place. Some extensions like NoScript and BetterPrivacy makes the process more accessible through its use of a selective filter that scans through web scripts permitted to run on your computer or device.

In Conclusion

Super cookies are not like regular cookies as they facilitate internet surfing by attaching unique identifier headers (UIDHs) to your traffic data. While the data provided from them are relevant to some advertisers and ISPs, they are challenging to detect or locate for users who desire privacy. There are several approaches to avoiding and removing them. Some methods visiting only secure protocol websites, the use of VPN, and more. Depending on which strategy you consider comfortable, there is always a solution to suit your needs.

Learn More with Echo Analytics Group

Echo Analytics Group is a full-service intelligence firm providing services, products, training, and technology to both public and private sector businesses.  Echo Analytics Group has trained thousands of intelligence professionals in-person and online.  We also deliver world-class products and services to a host of businesses across the globe.

To learn more about Echo Analytics Group, please contact us by completing our online form or through emailing us at info@echoanalyticsgroup.com.

To sign up for a course, explore our Echo Academy!

We look forward to connecting with you.

How do websites track you and your online activity

How do Websites Track You?

Several approaches are usually employed to obtaining data from users. Nevertheless, the new age of data gathering comes with its own challenges as data forgery and tampering are becoming rampant. In a bid to protect any data sent online, Digital Signatures with the ability to confirm the legitimacy of a document or software are used. In the content below, we explore digital management by defining online tracking and discussing how websites track you and your website activity.

What is Online Tracking?

Online tracking is, in essence, the gathering of useful data about users and their actions online. The most beneficial use or purpose of tracking user activity is to gain relevant insight into their behavior, needs, and preferences.  For websites, these data obtained come in handy for powerful optimization tools needed to aid user experience, commerce, customization, profiling, and targeted marketing as well as statistical resolutions.

Introduction to Digital Signature Management

Digital Signature is a form of signature which entails the use of a mathematical algorithm or pin in signing and validating a document or software authenticity. Digital Signature comes as an alternative to pen and paper in the online world. The Digital Signature Management ensures all data sent digitally from a selected source gets to the receiver in its original format.

How Do Websites Track You and Others’ Website Activity?

Generally, most users do not clearly know when or what method of tracking is employed and also the exact purpose the data would be used for. Well, there are several approaches how websites track you and your activities online. The dominant methods employed by most websites in tracking user activities include:

  • Browser Foot Printing
  • Cookies And Tracking Scripts
  • HTTP Referrer
  • IP Addresses
  • Super Cookies
  • User-Agents

Browser Foot Printing

Browser Foot Printing is dependent on the uniqueness of the user’s preferred browser. This method offers a highly accurate approach towards the identification and tracking of user activity every time they choose to be online.  From the browsers, websites can identify a user browser version, installed fonts, installed plug-ins, language, operating system, screen resolution, time zone, and other data even with no explicit permission provided.

If a user disables cookies completely, your browser becomes unique to the data shared. The data shared may be considered small, but there is only a tiny percentage in finding another user with similar browser information.

Cookies and Tracking Scripts

Cookies are possibly the most popular and common approach for websites in tracking user activities. Cookies are small text files saved on a user device for a specific time frame after visiting a website. The contents of cookies can comprise of log-in data or details useful in improving or optimizing user experience. Some sites make cookies necessary to enhance user access to its essential functions. But cookies, alongside these benefits, also identify users and track website activities as well.

Third-party or tracking cookies are sometimes considered problematic as they save user browsing history over more extended periods. These cookie types are often engaged by advertisers who track user activities over several websites to create a profile based on browsing behaviors. Although a large number of these tracking cookies are invisible, some visible tracking cookies include the embedded Twitter feeds. Some websites provide the possibility of disabling cookie tracking through their site, but this may limit some site features. Nevertheless, users can restrict the activities of cookies by disabling them from the browser’s privacy settings or browse in incognito mode.

IP Addresses (Internet Protocol Address)

The Internet Protocol address is a unique number used in identifying a computer connected to the internet. The IP address is amongst the basic identification options for users on the internet, as it can be used to determine approximated location, say a user’s area or city.

Notably, this address can change with time and is not the most dependable, but data provided alongside other website tracking approaches can combine to deliver a user location. A known approach to hiding IP address is through the use of a VPN (Virtual Private Network) software, which encrypts and protects your internet traffic.

HTTP Referrer

The digital marketing process involves engaging the right audience, and a known approach is finding out where a similar audience found their website and how well to engage them better. When a user visits a website, the HTTP referrer detects and recognizes the previous webpage address used in linking the new webpage.

The HTTP referrer serves as a referrer header, which passes the data to the website you are presently viewing. The data are usually relevant for promotional or statistical needs. Similar to other methods, users who wish to not have their data shared can turn it off as well.

Super Cookies

Super Cookies are tracking cookies intended to be saved permanently on the user’s PC. With similarities in function to regular cookies, super cookies are not easy to detect and take away. Super Cookies save cookie data in several locations, and once the website notices the user deleted a part of it, the deleted data is restored from new places.

Super Cookies are not easily identified when added from a browsing session, and there is no easy removal process as well. Super Cookies permit third parties tracking, and advisable protection is through VPN or visiting only websites using HTTPS (SSL or TLS certification).


A final way in which websites can track you and your online activity is through user agents. They are a line of text that provides your browser and operating system information to the web server. Each browser features its own exclusive user agent, and they send these details to every website a user visits.

The web server engages the received data to optimize its web pages to suit each browser and operating system. For instance, a website mobile version is usually made available for mobile browsers. The user agent is also used in gathering statistics for browser market-share.

In Conclusion

Data in the digital age are enormously valuable and can serve several purposes. For privacy and other individual reasons, understanding your digital footprint or signature and how website tracks user activity may be considered relevant. The multiple approaches used in tracking users are continuously evolving and gaining more innovative insights. While tracking may not be required for some website, data collection is becoming a norm, and user understanding of the processes is vital.

Want to Learn More?

Echo Analytics Group is a full-service intelligence firm providing services, products, training, and technology to both public and private sector businesses.  Echo Analytics Group has trained thousands of intelligence professionals in-person and online.  We also deliver world-class products and services to a host of businesses across the globe.  To learn more about Echo Analytics Group please contact us @ info@echoanalyticsgroup.com.  To sign up for a course, check out Echo Academy here: https://echoacademy.thinkific.com/collections

User-Agents (UA)

Every user makes use of different browsers or devices in accessing web services. Also, once connected, you are more likely to notice different looks for the same website under different browsers. Once a browser directs a request to a web service, the browser recognizes itself through the user agent string attached before retrieving the necessary content demanded.

Every user connected to the internet has a user agent (UA). It is some form of software acting as a bridge between the internet and the user. It is easier to understand UAs if you take them alongside the evolution of the internet.

The data contained in the string for user agent, aids websites in delivering the content in a format optimized for the browser. Websites depend on user agents to optimize site content and they remain an essential data source.

Why User-Agents Were Invented?

Released in 1993, the first web browser was the Mosaic, created by the National Center for Supercomputing Applications (NCSA). The creation of user-agent string aligns with the history and reason behind the idea of various browsers. For Internet Explorer, it seeks identification as Netscape 4; similarly, Firefox also wants identification through Konqueror and WebKit. For Chrome, its identification is through Safari.

Although the idea makes user-agent sniffing a little more tricky, each browser (with Opera as an exception) wants to provide a definitive technique for identification that stands out. An aspect to note about sniffing is every browser invests a great deal of time in delivering optimized content as well as the compatibility of their product.

How Do User-Agents Work?

User-Agents comprise of alphanumeric strings created to serve as identification for the ‘agent’ or program requesting the webserver. The request could be for any information like document, pictures, or web page.

The UA uses the alphanumeric string as a standard portion of web architecture that is sent by all web requests through the HTTP headers. The UA string, in turn, is useful in providing specific data about the hardware and software on the computer or device creating the demand.

Although UA does not identify specific persons, it does offer developers a tremendously powerful approach to analyzing and segmenting traffic. Users can decide on critical decisions regarding how to manage web traffic based on the UA string. Such choices may cover fundamental redirection and segmentation, to more intricate content edition and device targeting verdicts.

The data, collected directly from the UA string itself through the UA parsing process, contains browser, OS, and device details. The UA strings do not follow any standard or pattern. With the UA sent, the outcome of the detection is created equal to match the request approach sent by the computer or device. Some methods may hog server resources due to less sophisticated and disorganized APIs and codebases.

How User-Agents Are Used To Track Your Activity

In the early times, the internet was basically a text-based system, where users had to create commands to navigating and sending messages. Nowadays, the browsers can aid users with a simple point and click actions that act as an “agent,” transforming operations into commands.

Whenever a browser loads a website, a user-agent identification alongside network, computer, or device details and others required is provided to the site. The host of information is a set of data for web developers that permits customization of user experience based on the user agent request. The two basics for device detection includes:

  • Having the User-Agent lookup occur very fast, and
  • Extreme accuracy when identifying the device type.

Almost immediately, the user agent can identify itself to the web server; the process is termed Content Negotiation. The Content Negotiation allows the website to serve different versions of itself, based on the user agent string. The UA also sends its ID card to the server, which responds with a mixture of suitable files, media, and scripts.

Browsers are significant examples of a UA, but other tools like Search engine crawlers which are primarily automated can also act as UAs. A more comprehensive list of likely UAs online can be viewed with this resource link.

Measures To Be Taken In Protecting User-Agent

The UA is generally a software agent that acts on behalf of the user making the request to websites. The format taken by the UA string in HTTP includes a list of keywords alongside optional comments. Seeking privacy with user agents can be helpful, especially if you do not want to be followed by promotional websites. The primary attack comes with access to user data, and some privacy steps can be taken to limit such access.

A notable approach is by blocking specific UAs. Some unwanted visitors always try to seek access and preventing their UAs would stop any traffic containing specified keywords in the UA field.

Another approach is to keep your browser updated and only engage the default user agent. Making regular switches amongst them might seem unusual, so once you feel worried about being tracked, it becomes necessary to blend with others by using reliable browsers. Millions of users engage popular browsers who make use of the same UA, so by using the default UA, it limits the difference.

Also, users can enable tracking protection. The use of tracking protection makes it harder for websites to follow such users. And the harder it becomes, the more your chances are with better privacy.

In Conclusion

User-Agents are helpful to both browsers and users. In the early days of the internet, user agents were engaged in distinguishing Mosaic from Mozilla, since frames were supported on Mozilla and not Mosaic. With several advanced browser features getting detected directly via JavaScript presently, the UA string modern use is in figuring out what device/platform a client is using.

The idea of optimized content suitable to your computer or device connected to the internet makes them a resourceful tool. With the data exchange happening in a matter of seconds, user privacy may face some challenges when such data becomes compromised.  The use of tracking protection systems and updated browsers offer a practical approach to tackling this challenge.


Want to Learn More?

Echo Analytics Group is a full-service intelligence firm providing services, products, training, and technology to both public and private sector businesses.  Echo Analytics Group has trained thousands of intelligence professionals in-person and online.  We also deliver world-class products and services to a host of businesses across the globe.  To learn more about Echo Analytics Group please contact us @ info@echoanalyticsgroup.com.  To sign up for a course, check out Echo Academy here: https://echoacademy.thinkific.com/collections

Internet Protocol (IP) Address

Every system connected to a network features a unique identifier. And similar to addressing letters sent via mail, computers employ a unique identifier in communicating data to other computers on a similar network. Nowadays, most networks, comprising of internet-connected computers, make use of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol as a standard for network communication.

In a TCP/IP network, the identifier used is called the IP address. An Internet Protocol (IP) address is a unique identifier for computers or devices using the TCP/IP protocol. Networks who engage the TCP/IP protocol route messages via the IP address of the receivers.

Why The IP Address Was Invented

Following the invention of TCP/IP protocol suite in the 1970s, the most popular network protocol globally, the core of these early systems was based on a set of protocols which interconnected computer network. These features allowed the communication of the computers over a network. The role of IP address considered as follows: “A name indicates what we seek. An address indicates where it is. A route indicates how to get there.”

Nevertheless, it ensured the exchange of information between two computers occurred just between them. This guaranty follows the idea of no “centralized” computer for the transfer to be possible, thus limiting the prospect of a widespread attack.

The protocol system employed in the connection of other network computers became the foundation of what developed into the TCP/IP protocol system, which the Internet and other computer networks use globally.

In 1983, the first version of the Internet Protocol, the Internet Protocol version 4 (IPv4), was initially deployed in the ARPANET. The header of each IP packet contains the IP address of the sending host and that of the destination host. An IP address serves two essential functions.

  • The IP address identifies the host, or, more precisely, its network interface.
  • IP address makes available the location of the network host, with the added capability of creating a path to the host.

In the early 1990s, the hasty exhaustion of the available IPv4 address assigned for ISPs and end-user organizations led the Internet Engineering Task Force (IETF) to explore newer approaches towards the expansion of the addressing the internet capabilities.

The outcome led to the redesigning of the IP system which eventually developed into the Internet Protocol Version 6 (IPv6) introduced in 1995. The introduction of the IPv6 technology followed several testing stages until the mid-2000s before commercial usage began. Due to the historical pervasiveness of IPv4, the primary use of “IP address” typically still implies addresses defined by IPv4. Nevertheless, other versions, like v1 to v9, were well-defined but only v4 and v6 ever received general use.

How IP Address Work

Currently, the two versions of the Internet Protocol, IPv4, and IPv6, are simultaneously in active use. Amid several technical changes, the format of addresses for the particular version is defined differently.

Every IP address takes the format of a 32-bit numeric address inscribed as four numbers separated by periods. The number ranges from 0 to 255. For instance, could represent an IP address. The four numbers contained within an IP address are engaged in diverse ways of identifying a specific network alongside a host.

The four regional Internet registries include ARIN, APNIC, LACNIC, and RIPE NCC. These designated regional Internet registries allot Internet addresses from the three classes highlighted below:

  • Class A – supports 126 networks, with each having 16 million hosts.
  • Class B – supports 16,000 networks, with each having 65,000 hosts.
  • Class C – supports 2 million networks with each having 254 hosts.

With the number of unallocated Internet addresses nearing exhaustion, a new classless scheme named CIDR is progressively replacing the class system with the adoption tied to IPv6. The IP address size, in this case, is increased from 32 to 128 bits.

Considering an isolated network, IP addresses can be assigned at random as far as it remains unique. Nevertheless, the connection of a private network to the Internet entails the use of registered IP addresses (called Internet addresses) to avert duplication.

An IP address can either be dynamic or static. Dynamic IP addresses are considered a temporary address that is allotted to a computer or device each time it connects to the Internet. Static IP addresses do not change as they are permanent Internet addresses.

How IP Address Are Used to Track User Activity

The IP framework can track user activity as it enables most 2-way communication involving the internet. The framework does this by allotting unique protocol addresses with numerical identifiers to every connected device for identification.

These IP address feature also aid proper communication with website services, and even in recognizing and locating devices online. The IP address of a connected user consist of two parts:

  • Network ID, and
  • Host ID

With the possibility of global communication, IP addresses also allow Internet Service Providers (ISPs) to be able to differentiate unique hardware for billions of users. The ISPs can track online activities via IP address as well as tracing your exact position. Consequently, a user approximate physical location is visible to any website with access to the user’s IP address.

Nevertheless, ISPs can tell your location at any time, and even though some policies are employed to provide privacy, connection logs of internet activities are kept. In most nations, law enforcement agencies can use details from ISPs. Some countries, like the UK, do not require a warrant following the Investigatory Powers Act 2016

Measure to Be Taken in Protecting Your IP Address

Data on location, browser history, and more are collected over time through IP addresses. These data can give a detailed story about your routines, interest, and information related to your internet usage.  Well, a hidden IP address can stop details of your activities and location from being determined or traced.

Also, if you desire more privacy, the IP address can be changed to keep your details anonymous. Once you understand how the IP address works, the measure to be taken in protecting your privacy is pretty straightforward. Nevertheless, internet privacy, online freedom, and security are three primary reasons most users seek the protection of the IP address. Below are four effective methods of protecting an IP address.

Virtual Private Network (VPN)

VPN services offer the easiest and possibly the best approach to protecting your IP address. The first step is choosing a well-rated VPN provider. Users can download and install their client software, followed by connecting to a suitable server on the VPN provider’s network. After connecting to the server, the VPN will become the middle-man between your device and the Internet.

Once you make any data request over the internet, the VPN removes your IP and replace it with one of theirs. Also, as the data request returns with a result, the server puts back your IP address. With the use of a VPN server, any website or service has absolutely zero chance of knowing who is communicating.

Every application connected to the internet would follow this process, as the VPN would route all data through to increase user protection. Nevertheless, VPN also offers the following additional benefits:

  • VPN services allow users to pick selected servers available for several locations.
  • The connection between your device and the server is encrypted.

The Onion Router (Tor)

The Onion Router (Tor) offers another excellent approach to hiding IP address. While it’s a little more complicated and slower compared to VPN, Tor is entirely free. To get started, users are required to download, install, and configure a Tor browser. The Tor browser bears similar appearances and functions to the Mozilla’s Firefox. This system depends on a global network of volunteer-run servers termed the “relays nodes.”

Once a device makes a data request, the request randomly “bounce” around several nodes before getting to its final destination. The outcome of the data request also follows a similar process. Each node is only aware of the next and previous nodes in the network chain, thus eliminating the possibilities of the website or service to track it back.  All data on the Tor network is encrypted.


The proxy is another excellent way of hiding an IP address. In terms of connection, proxies are relatively easy to set up. Proxies can be free and offer minimal impact to the Internet speed. A proxy can be configured straight from an existing browser, and different process follows the set up in all major versions).

Accessing the web through proxy requires no extra software and only the IP address of a proxy server. With the browser set up correctly, the proxy relays everything sent and received through it while swapping the users’ IP with that of the server. Similar to VPN, choosing a proxy server location is available dependent on your goal.

Proxies are only efficient in masking IPs and come with limitations. They do not encrypt your data, hence, less privacy and security. And similar to Tor, running another application aside, a browser would entail a more complex setup that requires native proxy support and likely your network settings at the OS level.

Nevertheless, there are several sources online to get proxy server IPs, and a simple Google search can provide the free ones as well as paid providers.

Public Wi-Fi

The use of public Wi-Fi can also protect your home IP from being known. The IP address does not travel and whenever your device is connected to Public Wi-Fi, their IP address is what is used. In this case, the IP address used in accessing the internet would be different from your IP at home.

Nevertheless, this solution is not always convenient, especially in the long run, as it offers several downsides. The most grievous are the possibilities of specific individuals using such networks to hack your connection.

In Conclusion

IP addresses are essential in our everyday connection to the internet. There are several benefits attached to using an IP address as it varies in importance for the User, the ISPs, and also security outfits. If it becomes a necessary step to maintain a high level of privacy, the use of VPN, Tor, Proxies, and Public Wi-Fi are some Excellent options to consider. These options offer various levels of flexibility to match different needs. Your IP address is essential, be free, and be safe.

Want to Learn More?

Echo Analytics Group is a full-service intelligence firm providing services, products, training, and technology to both public and private sector businesses.  Echo Analytics Group has trained thousands of intelligence professionals in-person and online.  We also deliver world-class products and services to a host of businesses across the globe.  To learn more about Echo Analytics Group please contact us @ info@echoanalyticsgroup.com.  To sign up for a course, check out Echo Academy here: https://echoacademy.thinkific.com/collections

HTTP referrer HTTP referer

How the HTTP Referrer Works

The HTTP referer (also called HTTP referrer) is an optional HTTP header field that recognizes webpage address (i.e., the Uniform Resource Identifier or IRI) connected to the resource being requested. By inspecting the referrer, the new webpage can determine where the original request was initiated.

Generally, such situations usually imply once any user clicks a hyperlink on a webpage, the browser forwards a request to the server containing the destination of the webpage. The inclusion in such requests usually comprises of the referrer field, which shows the last page the user visited before clicking the new link.

How The HTTP Referrer Works

The HTTP referrer provides the services of a referrer header, which transmits data from the former webpage to the new website a user is presently viewing. It simply refers to any source online responsible for driving visitors and visits to a website. Typical examples include Affiliate links, email marketing campaigns, links built into the software, links from other websites, online ads, search engines, social media, and more.

Each time a user visits a website, one of the essential data recorded are details of previous web pages. These details are usually in the form of the page’s URL — for example, the last page visited before selecting a link to the new website.

The idea of using HTTP referrer is to deliver useful information relating to the referral page as well as the link clicked to access your website. The log containing such detail is referred to as the referrer log. Technically, when the term “referrer” is used by the web developer, it is explicitly referring to online resources, including sites or services found in the referrer log.

Why Is HTTP Referrer Important?

The information provided by the HTTP referrer offers a better analysis of where website traffic is coming from. Additionally, it also provides an insight into what works for a website form the marketing standpoint and which marketing approach is currently valid. Generally, information obtained from HTTP referrer aid most websites make better choices when it comes to strategizing.

How HTTP Referrer Are Used to Track User Activity?

Website owners often desire to know where their visitors are coming from and may decide to track its user’s path. The HTTP Referrer offers a unique approach to telling website owners both useful and less useful links.

Once a user connected to the internet clicks a link in a browser, it loads the clicked web page and also tells the new webpage where the user visited last. Therefore, it contains all the information related to past websites.

The HTTP referrer is also engaged when a web page is loading its content. Let’s say, if a web page contains ads or tracking script, the user browsers also provide information to the advertiser or tracking network about the page currently in view. Also, web bugs, which are a file object placed on web pages, exploit the features of HTTP referrer in tracking users.

Measure That Can Be Taken To Protect Privacy

The HTTP referer remains a common and powerful tool capable of pointing out which website the link was located that the current visitor clicked to visit your site. Although it remains beneficial to web designers and SEOs who seek to leverage more gaining the right audience and visitors, some users are not comfortable with been tracked.

There are several measures to be taken in protecting yourself from been tracked with HTTP referer. But how is it done?

One step to more privacy and protection starts with the security settings on a user’s browser. In the security settings, the HTTP referer can be turned off to limit its features. After turning it off, accessing URL with HTTP referer can be granted only if the referer can be established.

Another step to mitigating the risk associated with HTTP referer is by the sensible design of applications. The use of practical application boosts security by making a password reset URLs only functional for single usage.

Also, it is essential to engage only sites that always use HTTPS. Websites with HTTPS offer several security benefits, including the fact that such websites would never convey referrer data to non-HTTPS sites. Although the concept is turning out to be less useful in this context as most websites are now making use of HTTPS, but it remains worthy to note.

Additionally, users should consider not using any third-party content or widgets (i.e., social networking widgets) on less secure areas or websites. For instance, login areas, payment forms, password reset pages, etc.

In Conclusion

The use of the HTTP referer makes it an easy task for some website owners who may consider the possibility of seeing what pages visitors are coming from. The usage of certain websites can be linked to other websites, especially when you probably follow a link displayed on the page. Nevertheless, privacy and data usage are always essential reasons for a variety of users and now yo know that specific steps can be taken to improve your overall safety as well as limit the activities of the HTTP referrer.

Learn More with Echo Analytics Group

Echo Analytics Group is a full-service intelligence firm providing services, products, training, and technology to both public and private sector businesses.  Echo Analytics Group has trained thousands of intelligence professionals in-person and online.  We also deliver world-class products and services to a host of businesses across the globe.

To learn more about Echo Analytics Group, please contact us by completing our online form or through emailing us at info@echoanalyticsgroup.com.

To sign up for a course, explore our Echo Academy!

We look forward to connecting with you.

browser fingerprinting digital signature management series

Browser Fingerprinting

Browser Fingerprinting

Browser fingerprinting offers an incredibly accurate approach of recognizing unique browsers as well as tracking online activities. It can be well-defined as a device or machine fingerprint which collects information about the computer or device for the purpose of identification.

Browser fingerprinting remains a powerful technique used by websites in collecting information relating to active plugins, browser type, and version, language, operating system, screen resolution, time zone, and other vital details.

Why Browser Fingerprinting?

Browser fingerprinting is integrated into almost all sites for the purpose of web tracking, averting click fraud, accessing user data, and other variable influence on users. Another popular application of browser fingerprinting is its beneficial use for targeted advertising.

They also find usage in the regeneration of deleted cookies or re-linking old cookies. Browser fingerprinting is useful to enhance electronic authentication actions as well as in the prevention of unlawful system access that lacks reliance on the user interface.

How It Works

Browser fingerprinting offers a powerful approach for website owners to gather information about the user browser and other relevant data. These data points may appear generic and may not be mostly personalized to identifying users.

Whenever cookies are turned off, the browser fingerprints can serve in the full or partial identification of individual computers or devices. So, once a user is connected to the internet, the computer or device would provide several detailed data to the receiving server about websites visited.

Website owners use the data made available by the browsers in identifying unique users and tracking their online habits. The process takes the uniqueness of browser information to identifying connected based on the data obtained.

Nevertheless, there is significantly a slight possibility for two users to have 100% similar browsing data. According to Panopticlick, only 1 in 286,777 other browsers would have the same fingerprint for two users. Website owners use Browser Fingerprinting to create a massive database that stores user information, which can be accessed for additional analytics purposes.

These websites collect a broad set of visitor’s data for later usage. All data collected do not automatically reveal your exact location or other personal details like address or name, but it is precious to advertisers and companies seeking targeted campaigns. The data collection and tracking approach remain extremely valuable due to its advertising potentials. So, the more the data, the more accurate targeted ads can be, which (indirectly) implies more revenue.

Track User Activity

Websites employ several approaches towards tracking connected users. The collected information and browser fingerprint provide a less intrusive method, with most users less aware of the process. The browser fingerprinting technology allows websites to interact with the user browser and retrieve data. Sites with browser fingerprints do not necessarily know the user’s name but look to collect data and information that are considered valuable.

Once a user visits such a site, the fingerprinting code begins the interaction process with the connected computer or device for data processes like knowing your operating system, installed fonts, and more. Many times, the browser fingerprint code would execute the digital equivalent of a RADAR test, transmitting signal just to see what response it gets.

The website code contained in the transmitted signals instructs the browser on the answers needed. The coding for browser fingerprinting may include words or icons that never appear on the screen, allowing websites to track small differences in how every computer or device responds. Every site has its own data points to building its fingerprint database, which makes it hard to detect. Apps can feature browser fingerprints as well, via even more attributes available on the connected device.

Protect Privacy

Luckily, if you seek more privacy, there are some actions to take towards reducing your fingerprints from the web. There is less possibility of removing all to protect yourself completely. Maybe new software or other sufficient approaches might suffice later.

Nevertheless, the following tools and methods below can help enhance your online privacy and minimize your browser fingerprinting.

Anti-Malware Software

The use of Anti-malware software is always beneficial, irrespective of whether a user is seeking online privacy protection or general protection for data and personal files. Outstanding anti-malware software tools like HitmanPro and Malwarebytes offers seamless solutions to reducing browser fingerprint alongside serving as a second layer of protection. In most cases, anti-malware blocks ads, harmful toolbars, and spyware software that may be running on your system background.

Disabling Flash and JavaScript

Disabling Flash and JavaScript is another practical approach to consider. Once JavaScript is disabled, these sites would not be able to detect current fonts and plugins, as well as limit the installation of certain cookies on browsers. But disabling JavaScript may limit the functionalities of websites as it is essential for them to deliver smooth operations during browsing sessions. In contrast, deactivating flash offers no negative impact on user experience.

The Onion Router (Tor) Browser

If a user is considering an extremely secure browser with a limited browser fingerprint, then the installation of Tor Browser becomes necessary. The best approach is running the Tor Browser alongside a good Virtual Private Network (VPN). The Tor browser makes use of the same default settings for all users, thus making it challenging to detect unique browser fingerprints. Also, the Tor Browser blocks JavaScript for sites, but its main downside is its slow browsing speed.

Use Private Browsing Methods (incognito mode)

Several browsers allow users to browse in private or incognito mode. This method makes the browsing session private by setting your “profile” and other data points to a certain standard. These data points are amongst the details requested by browser fingerprint, so the use of similar “profile” settings for several users creates the same fingerprints that significantly reduce your chances of exposure.

Use Plugins

Users can opt for the use of plugins capable of disabling trackers employed by some websites. Plugins like AdBlock Plus, Disconnect, NoScript, and Privacy Badger, are created to block script with potential spy ads and unseen trackers. For some sites, the use of plugins may limit user experience. But the plugins also offer the possibilities of whitelisting some websites the user trust.

Virtual Private Network (VPN)

The use of a VPN is the most popular approach to hiding IP addresses. The VPN acts as a middle man between the connected computer or device and the Internet Service Provider (ISP). With VPN, the webserver only gets access to the IP of the VPN (which is likely engaged by several users). But the IP address is only one aspect to browser fingerprinting. Irrespective of the IP sent to the web server, a user browser setting, version, and more can create unique browser fingerprint data that cannot be changed by VPN.

It merely implies your browser data still permits the webserver to detect unique visitors irrespective of the VPN used. The VPN is an excellent tool for hiding real IP addresses, but not the most effective approach to protecting users against browser fingerprint. Nevertheless, this approach still makes a list as it can be combined with other methods to offer even more advanced restrictions to browser fingerprinting.

Application Approaches

Several sites can engage in unique fingerprints from visitors to create an in-depth system for targeting visitors. The use of browser fingerprint covers a wide-ranging list of data points that is unique for different users.

If you take online privacy seriously, browser fingerprint makes use of details that goes further than just the IP address. There are several approaches available for users to engage in covering up browser fingerprints. Some of these approaches include the use of anti-malware tools, incognito mode, security plugins, Tor Browser, VPN, disabling JavaScript, and Flash. Depending on the method you consider comfortable, browser fingerprint can be reduced to suit your needs.

Learn More with Echo Analytics Group

Echo Analytics Group is a full-service intelligence firm providing services, products, training, and technology to both public and private sector businesses.  Echo Analytics Group has trained thousands of intelligence professionals in-person and online.  We also deliver world-class products and services to a host of businesses across the globe.

To learn more about Echo Analytics Group, please contact us by completing our online form or through emailing us at info@echoanalyticsgroup.com.

To sign up for a course, explore our Echo Academy!

We look forward to connecting with you.

Buddy is a military veteran, former intelligence officer, and entrepreneur who teaches dozens of courses on a variety of intelligence-related topics. He currently serves as the Chief Executive Officer of Echo Analytics Group and is based in Tampa, Florida.

An Introduction to Meta Data, Types, and Its Benefits

In IT, the word “metadata” basically refers primarily to the data behind the image, video or software application. Metadata implies data comprising of specific information that includes length, textual makeup, type, description, locational data, and other features or types of data that are used to either build or identify the element. Several types of hidden data are contained in a variety of documents, pictures, and videos which we will refer to as “elements” for the sake of this article.   For Open Source Intelligence (OSINT) practitioners, accessing the metadata behind any of these elements can sometimes be a treasure trove of valuable information.

With considerations to the scope and a variety of data types, it is not surprising that understanding metadata is becoming a priority for OSINT practitioners and other open-source research professionals. There are also other features embedded within metadata to protect the element from misuse, which includes the definition, description, limitations, and structure of the data in order to protect information leakage from things such as social media sites.


Types of Metadata

Metadata is further divided into three subcategories:

  • Administrative: It enables the usage of enhanced resource management, which displays information relating to when and how the data was made. Administrative metadata are further divided into preservation metadata and intellectual property rights (we will dive deeper into these sub-subcategories in an upcoming article).
  • Descriptive: It applies to discovery and identification with additional information like abstract, author, keywords, and title.
  • Structural: The structural category indicates how information is combined. For instance, the chapter, page arrangement, order, and more.


The Benefits of Metadata.

Metadata is beneficial for several purposes. A common benefit is data that makes the element discoverable, which comprises of information like resource identification, defining criteria, as geographical information.

Another practical benefit comes with the organization of electronic resources. It is also a critical use which supports the growth of Web-based resources. Characteristically, element links are organized as lists and created into static webpages, with other information hardcoded.

Metadata is also beneficial in facilitating integration and interoperability operations. The use of metadata also details the process in describing resources required to understand humans and machines. This understanding allows for effective interoperability, better data structures, and the interfacing process.  This is a key feature to metadata that assists artificial intelligence engines with finding and integrating the element.

Metadata also enables digital identification through standard numbers that offer a unique identity to resources defined by the metadata. Also, another practice is the combination of metadata, which serves as an identification process.

Lastly, metadata provides significant benefits in protecting future approachability. It offers critical concern offered to the fragility of digital data and vulnerability to corruption. For tasks relating to archiving and preservation, metadata can track an object’s lineage, provide physical characteristics description, and more.  For an OSINT practitioner, this is important to understand, and being able to find and extract metadata is important for research purposes and for identifying new leads, the source of the element of the larger data set with which the element belongs or is a part of.


Get-Metadata offers a free online tool that permits accessibility to hidden Exif & metadata for a variety of files, including audio, document, e-book, image, video file, and more. The platform can provide all metadata hidden within a file.  This incredible resource and others like it can be found on the Cyber Intelligence Dashboard (CID).  And, if you would like to learn more about the process of extracting metadata and the methods required to apply it to your research or investigation, feel free to check out the training courses available at The Echo Academy for Open Source Research and Analysis.

About Echo Analytics Group

Echo Analytics Group is a full-service intelligence firm providing services, products, training, and technology to both public and private sector businesses.  Echo Analytics Group has trained thousands of intelligence professionals in-person and online.  We also deliver world-class products and services to a host of businesses across the globe.  To learn more about Echo Analytics Group please contact us @ info@echoanalyticsgroup.com.  To sign up for a course, check out Echo Academy here: https://echoacademy.thinkific.com/collections


Buddy is a military veteran, former intelligence officer, and entrepreneur who teaches dozens of courses on a variety of intelligence-related topics.  Buddy currently serves as the Chief Executive Officer of Echo Analytics Group and is based in Tampa, Florida.

1 2 3 5