I would be concerned about doing it from any phone without knowing EXACTLY what they're doing. I don't know what info they're potentially grabbing from the phone in order to identify it and if they're able to identify anything about the phone then they're probably able to then speak with partner companies that do tracking for marketing to identify the individual owner of the phone.
I'd say if it's through emulating Android or something then yeah go nuts but I wouldn't do it on any owned hardware without knowing first what's going on and what data they can grab.
What I'd probably do is go into a Linux container or a Whonix VM and make HTTP requests with falsified user agents or something like that; mind you I'm not an expert, but I feel like that'd at least be the start of a secure way to do it
Probably fine as long as it's not on a real phone. Whether that's even useful activity or not I don't know though, hard to say how that data will look on their side and how easy it will be to discard from the rest of the data.
Anything that wastes even a tiny bit of their time is probably good though.
I feel like something from Tor would be a bit too easy to discard, but I think with a right blend of randomized user agents connecting from common VPNs would be harder to filter out. Would be rad were there a generous gray-hat with a botnet, but I only know stuff from the defense side
Time to systematically "scan" from several VPNs and Tor exit nodes?
I would be concerned about doing it from any phone without knowing EXACTLY what they're doing. I don't know what info they're potentially grabbing from the phone in order to identify it and if they're able to identify anything about the phone then they're probably able to then speak with partner companies that do tracking for marketing to identify the individual owner of the phone.
I'd say if it's through emulating Android or something then yeah go nuts but I wouldn't do it on any owned hardware without knowing first what's going on and what data they can grab.
What I'd probably do is go into a Linux container or a Whonix VM and make HTTP requests with falsified user agents or something like that; mind you I'm not an expert, but I feel like that'd at least be the start of a secure way to do it
Probably fine as long as it's not on a real phone. Whether that's even useful activity or not I don't know though, hard to say how that data will look on their side and how easy it will be to discard from the rest of the data.
Anything that wastes even a tiny bit of their time is probably good though.
I feel like something from Tor would be a bit too easy to discard, but I think with a right blend of randomized user agents connecting from common VPNs would be harder to filter out. Would be rad were there a generous gray-hat with a botnet, but I only know stuff from the defense side
Hopefully we can attract these types down the line. I'd love to see more grey/blackhat discussion around the site.