How to use CSS only for user tracking?

zz_ jesse 2021-06-18 07:45:59
use css user tracking


translator : Van Gogh Huang https://juejin.cn/post/6887478219662950414

Tracking users in a browser leads to repeated discussions about privacy and data protection . similar Google Tools like analysis can capture almost everything you need , Including sources , Language , equipment , Stay time and so on .

however , Want to get some interesting information , You may not need any external trackers , You don't even need to JavaScript. This article will show you , Even if users disable JavaScript, You can still track user behavior .

How trackers usually work

Usually , This kind of tracker analysis tool should be used to JavaScript. therefore , Most of the information can be easily read , And it can be sent to the server immediately .

That's why there are more and more ways to block trackers in browsers . similar Brave Browser Or some of them chrome The extension prevents the tracker from loading , for example Google analysis . One of the tricks is , for example Google Analysis is always integrated from the outside , One from Google CDN Of JavaScript Code . Embedded URL It's always the same , So it's easy to stop it .

So the tracker always uses JavaScript What to do . Even if you stop URL Limits the tracker , Website owners may be able to JavaScript The way the code is embedded in the page continues to work . The most powerful protection is to ban JavaScript, Although it may come at a very high price .

Last , We can still not use JavaScript Tracking something , Instead, use some CSS skill . Of course CSS Not for tracking , Let's get started .

Find device type information

Media query should be every web Developers know . With this , We can get CSS The code only executes under certain screen conditions . So we can do it for smartphones or tablets and so on , Write your own query criteria .

All of us CSS The magic behind the trackers is their property , For example, we can put a paragraph URL As attribute value . A good example is background-image Properties of , It allows us to set a background image for an element . This picture starts with a paragraph URL obtain , And in the process of execution , It's a priority request , So I'm going to tell this URL Address : background-image: url('/dog.png'); Send a GET request .

But in the end , No one forced us to make sure that this URL Links do get access to images . The server doesn't even need to respond to requests , But we can still respond GET request , Enter data into the database .

const express = require("express");
const app = express();
app.get("/", (req, res) => {
res.sendFile(__dirname + "/index.html");
});
app.get("/mobile", (req, res) => {
console.log("is mobile")
res.end()
)}
app.listen(8080)
Copy code

As for the back end , I use Express.js As a server . It provides a simple HTML Website ; If the access device is a smartphone , It will call mobile route . And our backend is the only one that uses JavaScript The place of .

@media only screen and (max-width: 768px) {
body {
background-image: url("http://localhost:8080/mobile");
}
}
Copy code

In our index.html In file , We have the top one CSS Code . Only when the user device matches the media query , Just ask for a background picture .

Now if a smartphone visits this page , The media query will execute , And send a request for a background picture , At the same time, the server will output that it is a smart phone . These operations are completely unused JavaScript.

And because we don't send a picture in response , There will be no change in the content of this website .

Find the operating system information

Now it's getting crazier , We can roughly find the fonts that the user's operating system supports through it . stay CSS in , We can use a variety of backup options , let me put it another way , You can specify multiple Fonts . If the first one doesn't work on the system , The browser will try the second .

font-family: BlinkMacSystemFont, "Arial"; When I embed this code in our website , my MacBook Use the first apple standard font , This font can only be used in Mac OS Upper use . When in my life Windows PC On ,Arial Normal use .

When using Fonts , We can define a custom font and where to load it from .Google Fonts work the same way , If we want to use a custom font from somewhere , You have to load it from the server first . And we can use fonts many times .

 @font-face {
font-family: Font2;
src: url("http://localhost:8080/notmac");
}
body {
font-family: BlinkMacSystemFont, Font2, "Arial";
}
Copy code

Here we are for all body Some of them set up Fonts . Logically speaking , You can only use one font . So that MacBook On , Using the first font , The system's own font . Similar to Windows On other systems in the world , The system checks whether the font exists . Of course , There must be no , So try the next font we define ourselves . It still has to be loaded from the server , So our CSS The code will trigger again GET request .

After all Font2 Not a real font , So we continue to try , It will eventually use Arial typeface . For all that , We can still do it without user awareness , Use a reasonable font .

Trace element information

up to now , What we do is when users arrive at the site , Analyze the information immediately . Of course , We can also use it CSS Respond to individual events .

As shown below , We can use the following example , To analyze mouse over or activity events .

<head>
<style>
#one:hover {
background-image: url("http://localhost:8080/one-hovered/");
}
</style>
</head>
<body>
<button id="one">Hover me</button>
</body>
Copy code

When the mouse hovers over the button every time , It sets the background image over and over again , One GET The request goes with it .

We can when the button is clicked , Do the same thing . stay CSS in , This is the event .

<head>
<style>
#one:active {
background-image: url("http://localhost:8080/one-clicked/");
}
</style>
</head>
<body>
<button id="one">Click me</button>
</body>
Copy code

There is also a series of other events . for example , Hover events apply to almost every element . So in theory , We can track every user's behavior .

Hesitation timer

Use more code , We can combine these events and learn more , Not just what happened .

For many webmasters , More interested in , How long does the user hesitate to see or hover over an element before clicking on it . Through the following code , We can measure the time it takes for a user to hover and click .

let counter;
app.get("/one-hovered", (req, res) => {
counter = Date.now();
});
app.get("/one-active", (req, res) => {
console.log("Clicked after", (Date.now() - counter) / 1000, "seconds");
});
Copy code

Once the user hovers , The timer will start . Last , We can work it out until a few seconds have passed .

You might think that because it's embedded in CSS In the code , The statistics may not be accurate , But that's not the case . Because the size of the request is very small , And act on the server immediately . I tried several times and measured the time , The final measurement is very accurate .

It's amazing , isn't it? ?

Make the whole function more beautiful

In order not to be found , Use inconspicuous URL It's very meaningful . Last , Everyone can see the full front-end code .

You can also use your own keywords , Instead of a few particularly prominent routing words . Last , Front end and back end URL Must match .

For the example above , I always use my own routing as GET request . It's very clear . A more elegant way is to use URL Query for , This is in CSS It also applies to .

@font-face {
font-family: Font2;
src: url("http://192.168.2.110:8080/os/mac");
/* or: */
src: url("http://192.168.2.110:8080/?os=mac");
}

This article is from WeChat official account. - Front end technology Jianghu (bigerfe)

The source and reprint of the original text are detailed in the text , If there is any infringement , Please contact the [email protected] Delete .

Original publication time : 2021-05-14

Participation of this paper Tencent cloud media sharing plan , You are welcome to join us , share .

版权声明
本文为[zz_ jesse]所创,转载请带上原文链接,感谢
https://qdmana.com/2021/06/20210601135804530S.html

  1. HTML + CSS + JavaScript to achieve cool Fireworks (cloud like particle text 3D opening)
  2. HTML + CSS + JavaScript realizes 520 advertising love tree (including music), which is necessary for programmers to express themselves
  3. Solve the problem of Web front-end deployment server (it can be deployed online without a server)
  4. HTML + CSS + JS make wedding countdown web page template (520 / Tanabata Valentine's Day / programmer advertisement)
  5. What else can driverless minibus do besides "Park connection"?
  6. Cloud native leads the era of all cloud development
  7. NRM mirror source management tool
  8. Bring it to you, flex Jiugong
  9. Lolstyle UI component development practice (II) -- button group component
  10. Deconstruction assignment in ES6
  11. Luo 2 peerless Tang clan was officially launched. The official gave a key point, and the broadcast time was implied
  12. 20初识前端HTML(1)
  13. 当新零售遇上 Serverless
  14. 20 initial knowledge of front-end HTML (1)
  15. When new retail meets serverless
  16. [golang] - go into go language lesson 5 type conversion
  17. [golang] - go into go language lesson 6 conditional expression
  18. HTML5(八)——SVG 之 path 详解
  19. HTML5 (8) -- detailed explanation of SVG path
  20. 需要开通VIP以后页面内容才能复制怎么办?控制台禁用javascript即可
  21. Web前端|CSS入门教程(超详细的CSS使用讲解,适合前端初学者)
  22. 实践积累 —— 用Vue3简单写一个单行横向滚动组件
  23. Serverless 全能选手,再下一城
  24. What if you need to open a VIP to copy the page content? Just disable JavaScript on the console
  25. Web front end | CSS introductory tutorial (super detailed CSS explanation, suitable for front-end beginners)
  26. Practice accumulation - write a single line horizontal scroll component simply with vue3
  27. Dili Reba is thin again. She looks elegant and high in a strapless hollow skirt, and her "palm waist" is beautiful to a new height
  28. Serverless all-round player, next city
  29. The difference between MySQL semi synchronous replication and lossless semi synchronous replication
  30. Vue表单设计器的终极解决方案
  31. The ultimate solution for Vue form designer
  32. Nginx从理论到实践超详细笔记
  33. Yu Shuxin's red backless swimsuit is split to the waist and tail, with a concave convex figure and excessive color matching, and his face is white to dazzling
  34. Nginx ultra detailed notes from theory to practice
  35. 【动画消消乐|CSS】086.炫酷水波浪Loading过渡动画
  36. typecho全站启用https
  37. CCTV has another popular employee. The off-site interpretation is very professional, and the appearance ability is no less than that of Wang Bingbing
  38. [animation Xiaole | CSS] 086. Cool water wave loading transition animation
  39. Enable HTTPS in Typecho
  40. 50天用JavaScript完成50个web项目,我学到了什么?
  41. 根据JavaScript中原生的XMLHttpRequest实现jQuery的Ajax
  42. What have I learned from completing 50 web projects with JavaScript in 50 days?
  43. "My neighbor doesn't grow up" has hit the whole network. There are countless horse music circles, and actor Zhou Xiaochuan has successfully made a circle
  44. 根据JavaScript中原生的XMLHttpRequest实现jQuery的Ajax
  45. Implement the Ajax of jQuery according to the native XMLHttpRequest in JavaScript
  46. Implement the Ajax of jQuery according to the native XMLHttpRequest in JavaScript
  47. 30 + women still wear less T-shirts and jeans. If they wear them like stars, they will lose weight
  48. 数栈技术分享前端篇:TS,看你哪里逃~
  49. Several stack technology sharing front end: TS, see where you escape~
  50. 舍弃Kong和Nginx,Apache APISIX 在趣链科技 BaaS 平台的落地实践
  51. Abandon the landing practice of Kong and nginx, Apache apisik on the baas platform of fun chain technology
  52. 浪迹天涯king教你用elementui做复杂的表格,去处理报表数据(合并表头,合并表体行和列)
  53. 前端HTML两万字图文大总结,快来看看你会多少!【️熬夜整理&建议收藏️】
  54. Wandering around the world king teaches you to use elementui to make complex tables and process report data (merge header, merge table body rows and columns)
  55. 路由刷新数据丢失 - vuex数据读取的问题
  56. Front end HTML 20000 word graphic summary, come and see how much you can【 Stay up late to sort out & suggestions]
  57. Route refresh data loss - vuex data reading problem
  58. Systemctl系统启动Nginx服务脚本
  59. Systemctl system startup nginx service script
  60. sleepless