Skip to main content

Of software downloads and unique identifiers

When you visit a website, there is a chance that you are tracked by the operators of the site or by third-parties. Whether that is the case or not depends on the site in question and which site party connections it makes.

Software vendors and download sites may track users that visit the website. They may track the pages that users open or where they came from.

What most Internet users may not know is that they may also embed unique identifiers in software downloads.

A recent article on the Ctrl blog suggests that software vendors embed identifiers to software downloads for various reasons.

software download tracking

Companies use two different means to add unique data to downloads; the first adds data before or after code signature certificates on Windows or in extended file system attributes on Mac, the second adds data to downloaded file names.

The adding happens on-the-fly after users initiate the start of the download process on the site.

Data that is added may include the IP address, web browser, marketing campaign data, or other data.

It is difficult to find out if companies add unique identifiers if the first method is used, and most companies hide the fact that they do. To find out about it, you need to analyze certificates and use Diff-software.

The Ctrl blog analyzed downloads from popular companies and discovered that companies like Google or Yandex add unique identifiers to downloads, and that others, Avast, AVG, Avira, or WinZip add marketing campaign data to the downloads.

The data is only useful if it is picked up again somehow. Companies may retrieve the data during installation and during upgrades.

In a follow-up blog post, Ctrl blog listed ways to limit the tracking in software downloads.

  1. Download from other sources or use legacy / offline installers. You may use reputable software sites to download many popular applications. Doing so ensures that tracking information is not added to software downloads.
  2. Changing program names if the name contains unique information.
  3. Use application firewall to block outgoing traffic. The method works only if the program does not require Internet to function or if you configure the firewall to block outgoing connections to company servers.
  4. Use private browsing mode to limit tracking capabilities.
  5. Enable Do-Not Track. Some companies, Mozilla for instance, honor Do-Not-Track.

I'd like to add that you could use portable software as it is not installed and often provided by third-parties instead of the developing company.

Now You: how do you download software?

 

This article was first seen on ComTek's "TekBits" Technology News

HOME