2025-07-03, 15:00–15:20 (Europe/Paris), Amphitheater 122
Most of you made your own website at least once or twice. You wrote HTML or used a framework that generated static content for you. And you were pretty proud to have something as lightweight as possible.
It turns out we are the weirdos.
Over years of developing lookyloo, we have encountered a lot of interesting (and sometimes terrible) techniques used to show you a webpage, and harvest your data. These techniques include what happens before you see anything (DNS, geolocalisation, time in the day), when you start seeing the page (GDPR popup, Captcha, mouse movement), and after it is fully rendered. (If it ever does...)
The talk will cover the three categories of websites we encounter:
- Phishing and scams: make a quick crime buck.
- Tracking on legitimate websites: build a user profile over time without getting sued to oblivion
- WAT: probably AI generated and trying to sell you the memecoin of the day
We will go through a few remarkable examples captures on Lookyloo, explain what weird or crazy thing happened from the instant the URL starts to load all the way to when the page is rendered. We'll also look at the data gathered along the way, and search in the existing dataset for similar captures.
Formerly member of CIRCL, I moved to France but didn't go that far in spirit as I'm still part of the developers and maintainers for a whole bunch of tools there. Some say it is too many, we disagree.