How AdSense works.

Let's see what is happening when AdSense script runs in browser. Hope you are familiar with following code:
<script type="text/javascript">
google_ad_client = "pub-7777777777777";
google_ad_slot = "777777777777";
google_ad_width = 468;
google_ad_height = 60;
<script type="text/javascript" src=""></script>
In general show_ads.js does the following tasks:
  1. script collects all available information about browser and OS (see: Browser fingerprint). This information includes: browser window size; display size; monitor color depth; plug-ins list; java version; checks if window has parent window; referrer;
  2. imports another 2 JS files - they are quite complicated to read because of obfuscation, but the main task they serve - make results more unpredictable and hard to mimic.
  3. creates IFRAME, which has main parameters (1) in URL - thus sending valuable espionage information back to Google.
  4. in the loaded IFRAME there are some scripts also, which IMHO are anti-bot watchers - they counts every mouse move over ads and then send this info to Google if ads link is clicked. I presume this helps detecting click-fraud bots.

Well, definitely principal weaknesses exist in the online ads model itself, allowing to perform "perfect" (i.e. undetectable) click-fraud attack, but implementation is quite tricky and expensive and bottlenecks are traffic to MFA sites and payouts.

Actually, advertisment networks may perfectly track users — every time you visit website with ads browser sends a little string - "cookie" to an advertisment server, next page — the same cookie, thus ad networks follow you. But don't think you are genious if you clear cookies (or restrict them in browser) — remember fingerprints while surfing internet.

Browser fingerprint

Do you know that it is VERY VERY difficult to hide your internet activity from "smart" servers? If they do well, web-servers can detect (or at least guess) your return visit, despite you have cleared borwser's cookies and anonymized with proxy. According to Electronic Frontier Foundation browsers have "digital fingerprints", the vast combination of many parameters available to servers over HTTP, javascript, browsers plugins (Flash, Java and etc.), network settings (IP, DNS). As for now EFF has counted 219 (more than 524000) combinations of browser settings — little possibility to have another visitor with the same "fingerprint". You are under a sight!

Test yourself on EFF's Panopticlick. They surprised even me! I didn't expect possibility to detect:

  • system fonts
  • DNS server i use
  • the same Flash cookie in all my browsers

With a little help of sociology, web statistic and CSS web-history exploit servers can guess your gender and age. Hasta la vista, anonymity!

I know nights are for passion

I know nights are for passion,
Birght sunny days are for wars
And heroes killed in action.
Nikolay Gumilyov, 1905
(RU => EN) Denis Kalinin, 2010
Я знаю, что ночи любви нам даны
И яркие, жаркие дни для войны.
Николай Гумилёв, 1905