Telstra tracker not identified by heuristics (or rules)

Question

Telstra tracker not identified by heuristics (or rules)

oneofthedamons opened this issue 3 years ago · 1 comments

Just emailed you a tracker from Telstra (Australia's largest telco) which is not caught by existing heuristics:

<img src="https://tapi.telstra.com/presentation/v1/notification-mngmt/delivery-status-tracker?uuid=2bd5aea0-96d2-4f75-910e-99225420a950" style="display:none"/>

[for privacy actual UUID has been replaced with a randomly generated UUID using https://www.uuidgenerator.net/version4]

Of interest is its use of a UUID. Is this the first anyone has seen of this tracking mode?

If not, I'm wondering if the heuristics could include a combination rule such as [URI path includes the word "tracker"] && [URI parameter is UUID] to identify something as a likely tracker? Or would this generate too many false positives?

Answer 1 · 2021-12-08T11:33:17.000Z

Trackers always come with random-looking, alphanumeric hashes for sure (although not always in UUID format). The current heuristic seems to catch nearly 100% of the trackers I've seen. Your idea would definitely work for other remaining uncaught trackers (CSS based, header logo embedded or ad trackers). Will think about this one