Fooled by the proxy
If you find yourself counting distinctive customers visiting a site you can’t base it on IP handle.
Why? As a result of giant corporations have customers behind a proxy plenty of instances and all of the site visitors will come from one IP handle. There are quite a few different customers and inside IP addresses behind that proxy.
So for instance, if Medium says I’ve 400 guests per day on common and solely 7 of the have been underneath 400 and most have been upwards of 600 to 1000, then I doubt that many individuals are repetitively my tales. I imply, what number of instances does one individual must view certainly one of my weblog posts?
If you wish to work out what distinctive customers are behind the proxy, you could possibly attempt to use fingerprinting however in a company community, a lot of the customers are going to have an identical user-agent as nicely, since all of them use the identical company software program in lots of circumstances.
You can attempt to use cookies, however you even have to contemplate circumstances the place the cookies get blocked, to be truthful. Not all customers will allow you to retailer a cookie of their browser so then what occurs? Do they get blocked?
The one foolproof approach that I can consider in the intervening time (although it’s late) is to base readers on authentication the place a consumer logs in — however some individuals gained’t log in to learn a retailer even it if is free. I often don’t.
Even then, one individual may purchase a membership and share it with a bunch of different individuals. How do you detect that? Simultaneous customers, completely different IP addresses, for one factor. You possibly can’t simply base it off IP adjustments although and you could have a case the place the identical consumer is wanting on the content material on their cellphone and an online browser on the identical time.
The opposite factor is, in case you base it on IP handle, you could possibly have a number of individuals utilizing the identical VPN service, otherwise you might need individuals who dwell in the identical home studying the content material on the identical laptop. In that case they might even have the identical net consumer agent.
So it’s probably not truthful to attempt to compute distinctive customers and not using a actually clear approach of distinguishing these customers.
Additionally, you could possibly have one other state of affairs, like a bunch of Google bots from completely different IP addresses. Do these depend as readers?
What about individuals attempting to recreation the system with their very own bots? How do you inform if somebody is manipulating the site visitors?
I’ve handled all this stuff previously and never simple, however these are gotchas for anybody attempting to measure their net site visitors and distinctive guests.
Teri Radichel
If you happen to appreciated this story ~ clap, observe, tip, purchase me a espresso, or rent me:
Medium: Teri Radichel
Electronic mail Checklist: Teri Radichel
Twitter: @teriradichel
Twitter (firm): @2ndSightLab
Mastodon: @teriradichel@infosec.alternate
Put up: @teriradichel
Fb: 2nd Sight Lab
Slideshare: Displays by Teri Radichel
Speakerdeck: Displays by Teri Radichel
Books: Teri Radichel on Amazon
Recognition: SANS Distinction Makers Award, AWS Hero, IANS School
Certifications: SANS
Schooling: BA Enterprise, Grasp of Sofware Engineering, Grasp of Infosec
How I received into safety: Girl in tech
Purchase me a espresso: Teri Radichel
Firm (Penetration Exams, Assessments, Coaching): 2nd Sight Lab
Request providers through LinkedIn: Teri Radichel or IANS Analysis
© 2nd Sight Lab 2022
____________________________________________
Writer:
Cybersecurity for Executives within the Age of Cloud on Amazon
Want Cloud Safety Coaching? 2nd Sight Lab Cloud Safety Coaching
Is your cloud safe? Rent 2nd Sight Lab for a penetration check or safety evaluation.
Have a Cybersecurity or Cloud Safety Query? Ask Teri Radichel by scheduling a name with IANS Analysis.
Cybersecurity & Cloud Safety Assets by Teri Radichel: Cybersecurity and Cloud safety courses, articles, white papers, displays, and podcasts
