1

How do websites such as nytimes.com limit the number of accesses to their website from mobiles/smart phones? My understanding is that they would only see the mobile gateway IP so they can't use IP addresses. If they use cookies, can't the mobile user just delete them?

Arlo
  • 13
  • 2
  • 2
    "If they use cookies, can't the mobile user just delete them?" Yes, most newspaper pay walls are essentially on the honor system. Anyone with a little technical know-how can bypass them easily. – ceejayoz Nov 05 '12 at 20:23

2 Answers2

2

There're probably just checking the user-agent (sent on every request by the browser). While it's possible to change it (and pretending to be a desktop), most people don't really do it.

Most proxy servers (very often used by mobile providers) are in fact not anonymous and they expose the real IP address of user via X-Forwarded-For HTTP header. While this information can be forged as well, they might have whitelisted known proxy servers and chose to trust them. They could actually use cookies as well, but since clearing the browsing history is really easy nowadays it's not really an option anymore.

FINESEC
  • 1,371
  • 7
  • 8
  • Is that going to be unique? You would be very annoyed if you got blocked every time someone with the same browser and OS as you used the website. – Arlo Nov 05 '12 at 20:45
  • Well, they might use the client ip address to distinguish users and user-agent to detect whether client connects from a mobile device. – FINESEC Nov 05 '12 at 20:49
  • The problem is that you don't get a useful IP address for mobile devices typically and the user agent isn't unique to you. https://www.eff.org/deeplinks/2010/01/tracking-by-user-agent has some useful stats on this. – Arlo Nov 05 '12 at 20:52
  • 1
    Most proxy servers (very often used by mobile providers) are in fact not anonymous and they expose the real IP address of user via X-Forwarded-For HTTP header. While this information can be forged as well, they might have whitelisted known proxy servers and chose to trust them. They could actually use cookies as well, but since clearing the browsing history is really easy nowadays it's not really an option anymore. – FINESEC Nov 05 '12 at 21:04
  • OK, added that comment to the answer. – FINESEC Nov 06 '12 at 13:29
0

As ceejayoz said, they just use a cookie and hope no one clears them - and it actually works, if you don't use private browsing (which wasn't possible on mobile OSes for quite a long time) it's pretty annoying to constantly clear the cookies (leaving the browser, opening settings, etc) especially when you're on a bus/subway and only have a few minutes of free time before you arrive at work.

Community
  • 1