How to outfox websites trying to get you to pay top dollar

Here are some tips for changing your browser settings and other practices to get better deals and access to content that you normally wouldn't get on the web.

Chrome lets you change the User Agent settings to make websites think that you are using a different operating system.
(Screenshot by Elinor Mills/CNET)

So, Orbitz has spilled the beans, and said that in essence, it up-sells to people based on which browser they use.

The US-based site told The Wall Street Journal (subscription required) that it discovered that Mac users tend to pay as much as 30 per cent more for hotel rooms. (Well, they are paying a premium for the computer, too, so it's not that surprising, although $20 to $30 more is significant.) Leveraging that information, Orbitz decided to experiment with displaying pricier hotels in search results to Mac users than to Windows users. Before you get too miffed, Orbitz said that it isn't showing different rates for the same hotel rooms, and that user history and location, as well as hotel popularity and promotions, play an even bigger part in how the results are displayed. Also, you can just sort results based on price to see unadulterated bargains at the top.

Orbitz isn't the only website using browser and other user or system footprint information to determine what content or services its visitors see. "Sites will use whatever they can glean," said Jeremiah Grossman, chief technology officer at White Hat Security. "The IP address gives location down to the ZIP code. There are geolocation services that can tie an IP address to a particular company, or they can tell if you are using your computer at home. There are also differences based on browser. Chrome users are more tech savvy than IE 6 users, generally speaking." Armed with this type of information, websites adjust ads, offers and content accordingly.

Here are some tips for masking your system and hiding your history in order to trick websites into giving you better deals or access to restricted content:

Spoofing your operating system

If you want sites to think that you use a different operating system than what you actually use, you can modify the User Agent settings in your browser, something that developers need to do on a regular basis to test out sites. To do this in Chrome, click the wrench tool icon in the upper right corner, and then click "Tools" and "Developer Tools". In the black window, check "Override User Agent", and select a browser option for this particular tab. There's similar functionality in Internet Explorer, as well as Safari. And Firefox has a User Agent Switcher add-on that can be used to spoof the platform and version.

However, some sites are still able to determine the true platform, despite what the user agent header string in your browser says, according to Grossman. If you are serious about this task, you might want to use a virtualised environment, such as VMware Fusion, which allows you to run Windows on a Mac. If so, you can have visualised environment for browsing, and use the virtualisation software to surf in a Windows environment on your Mac.

Appearing as a brand new visitor

Some websites are so desperate to get your business that they will quote discounted rates if they think you are a brand new customer.

"It's not widely talked about, because no one knows precisely what they are doing," Grossman said. To fool the site into thinking that they have snared new business, you can delete your cookies and stored data, which includes Flash content. Or, if you don't want to delete all the cookies on your machine, which would affect your log-in and other interactions with all sorts of sites, you can set up multiple browser profiles.

One profile can be specifically used for shopping, and dumping the cookies would only affect that profile. To do this in Chrome, you can click the wrench icon in the browser toolbar, select "Settings" and click "Add new user" in the "Users" section. If you want all your settings to be synced to the new account, you will have to sign in to Chrome with your Google account. Otherwise, you can skip that step, and the settings for the user will be saved only on your computer. Follow this process for IE.

It's a bit harder to create multiple profiles in Firefox. You have to go to "Applications/Utilities" and open the "Terminal" application and type in "/Applications/Firefox.app/Contents/MacOS/firefox-bin -p" and press "Return". When the Profile Manager window appears, you click "Create Profile" and give it a name. Apparently, there is no good way to create multiple browser profiles in Safari, according to this Apple support forum thread.

Modifying your browsing footprints

Along the same lines as the new business discounts, some sites will go out of their way to court rivals' customers with cheaper prices.

"I've had great success on airlines and insurance sites" by making it appear that the browser has visited competitive websites, said Grossman. "I can make it look like I'm a customer of Geico, for instance, when trying to sign up with Esurance."

This technique takes advantage of a CSS (Cascading Style Sheets) history sniffing vulnerability that has been fixed in the current versions of the major browsers, but which can still be secretly exploited by websites when visitors are using older browsers, he said. About one third of the internet population still uses the older browsers, according to Grossman. Basically, JavaScript running on the website can distinguish whether your browser has visited specific other sites based on the colour of the hyperlink. Content is served up based on what colour the hyperlink is. This is all done transparently to the visitor.

"If I want the best deal from Esurance, I'll dump my cookies with the old browser, and then go to Geico's site and then visit Esurance," Grossman said.

Getting access to restricted content

Then there are the times when you are blocked from accessing fee-based content that you really want to see, such as The New York Times or Wall Street Journal articles (such as the one about Orbitz referred to above) that are behind a paywall.

An easy way to get around that is to type the article title into Google Search, and then click the link in the search results. And for people who want to get around geographic content restrictions, such as those that Netflix imposes on downloading movies outside a particular region, there is a different trick. Using a VPN (Virtual Private Network) or encrypted tunnel can make it look like your download request is coming from a server in the US, instead of a home in Australia. In addition to allowing you to bypass content filtering, VPNs — like HotSpot Shield or ProXPN — can prevent Wi-Fi sniffing and man-in-the-middle attacks.

Via CNET



Add Your Comment

Avatar
 

Be the first to comment on this story!


Post comment as


Sponsored Links

Recently Viewed Products