New Cache Side Channel Attack Can De-Anonymize Targeted Online Users

July 15, 2022

A group of academics from the New Jersey Institute of Technology (NJIT) has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor.

“An attacker who has complete or partial control over a website can learn whether a specific target (i.e., a unique individual) is browsing the website,” the researchers said. “The attacker knows this target only through a public identifier, such as an email address or a Twitter handle.”

The cache-based targeted de-anonymization attack is a cross-site leak that involves the adversary leveraging a service such as Google Drive, Dropbox, or YouTube to privately share a resource (e.g., image, video, or a YouTube playlist) with the target, followed by embedding the shared resource into the attack website.

This can be achieved by, say, privately sharing the resource with the target using the victim’s email address or the appropriate username associated with the service and then inserting the leaky resource using an HTML tag.</p> <p>In the next step, the attacker tricks the victim into visiting the malicious website and clicking on the aforementioned content, causing the shared resource to be loaded as a <a rel="nofollow noopener" target="_blank" href="https://en.wikipedia.org/wiki/Pop-up_ad#Pop-under_ads">pop-under</a> window (as opposed to a pop-up) or a browser tab — a method that’s been used by advertisers to sneakily load ads.</p> <p>This exploit page, as it’s rendered by the target’s browser, is used to determine if the visitor can access the shared resource, successful access indicating that the visitor is indeed the intended target.</p> <p>The attack, in a nutshell, aims to unmask the users of a website under the attacker’s control by connecting the list of accounts tied to those individuals with their social media accounts or email addresses through a piece of shared content.</p> <p>In a hypothetical scenario, a bad actor could share a video hosted on Google Drive with a target’s email address, and follow it up by inserting this video in the lure website. Thus when visitors land on the portal, a successful loading of the video could be used as a yardstick to infer if their victim is one among them.</p> <p>The attacks, which are practical to exploit across desktop and mobile systems with multiple CPU microarchitectures and different web browsers, are made possible by means of a <a rel="nofollow noopener" target="_blank" href="https://www.usenix.org/conference/usenixsecurity19/presentation/shusterman">cache-based side channel</a> that’s used to glean if the shared resource has been loaded and therefore distinguish between targeted and non-targeted users.</p> <p>Put differently, the idea is to observe the subtle timing differences that arise when the shared resource is being accessed by the two sets of users, which, in turn, occurs due to differences in the time it takes to return an appropriate response from the web server depending on the user’s authorization status.</p> <p>The attacks also take into account a second set of differences on the client-side that happens when the web browser renders the relevant content or error page based on the response received.</p> <p>“There are two main causes for differences in the observed side channel leakages between targeted and non-targeted users – a server-side timing difference and a client-side rendering difference,” the researchers said.</p> <p>While most popular platforms such as those from Google, Facebook, Instagram, LinkedIn, Twitter, and TikTok were found susceptible, one notable service that’s immune to the attack is Apple iCloud.</p> <p>It’s worth pointing out the de-anonymization method banks on the prerequisite that the targeted user is already logged in to the service. As mitigations, the researchers have released a browser extension called Leakuidator+ that’s available for <a rel="nofollow noopener" target="_blank" href="https://chrome.google.com/webstore/detail/leakuidator%2B/hhfpajcjkikoocmmhcimllpinjnbedll">Chrome</a>, <a rel="nofollow noopener" target="_blank" href="https://addons.mozilla.org/en-US/firefox/addon/leakuidatorplus/">Firefox</a>, and Tor browsers.</p> <p>To counter the timing and rendering side channels, website owners are recommended to design web servers to return their responses in constant time, irrespective of whether the user is provisioned to access the shared resource, and make their error pages as similar as possible to the content pages to minimize the attacker-observable differences.</p> <p>“As an example, if an authorized user was going to be shown a video, the error page for the non-targeted user should also be made to show a video,” the researchers said, adding websites should also be made to require user interaction before rendering content.</p> <p>“Knowing the precise identity of the person who is currently visiting a website can be the starting point for a range of nefarious targeted activities that can be executed by the operator of that website.”</p> <p>The findings arrive weeks after researchers from the University of Hamburg, Germany, <a rel="nofollow noopener" target="_blank" href="https://arxiv.org/abs/2206.03745">demonstrated</a> that mobile devices leak identifying information such as passwords and past holiday locations via Wi-Fi probe requests.</p> <p>In a related development, MIT researchers last month <a rel="nofollow noopener" target="_blank" href="https://news.mit.edu/2022/side-channel-attacks-detection-0609">revealed</a> the root cause behind a <a rel="nofollow noopener" target="_blank" href="https://thehackernews.com/2021/03/new-browser-attack-allows-tracking.html">website fingerprinting attack</a> as not due to signals generated by cache contention (aka a cache-based side channel) but rather due to <a rel="nofollow noopener" target="_blank" href="https://en.wikipedia.org/wiki/Interrupt">system interrupts</a>, while showing that interrupt-based side channels can be used to <a rel="nofollow noopener" target="_blank" href="https://github.com/jackcook/bigger-fish">mount</a> a powerful website fingerprinting attack.</p> <p></p> </div> <div class="post-bottom-meta post-bottom-tags post-tags-modern"><div class="post-bottom-meta-title"><span class="tie-icon-tags" aria-hidden="true"></span> Tags</div><span class="tagcloud"><a href="https://www.planetjon.net/tag/attacks/" rel="tag">attacks</a> <a href="https://www.planetjon.net/tag/browser/" rel="tag">browser</a> <a href="https://www.planetjon.net/tag/email/" rel="tag">email</a> <a href="https://www.planetjon.net/tag/exploit/" rel="tag">exploit</a> <a href="https://www.planetjon.net/tag/google/" rel="tag">Google</a> <a href="https://www.planetjon.net/tag/malicious/" rel="tag">malicious</a> <a href="https://www.planetjon.net/tag/researchers/" rel="tag">researchers</a> <a href="https://www.planetjon.net/tag/targeted/" rel="tag">targeted</a> <a href="https://www.planetjon.net/tag/web/" rel="tag">web</a> <a href="https://www.planetjon.net/tag/websites/" rel="tag">websites</a></span></div> </div> <div id="post-extra-info"> <div class="theiaStickySidebar"> <div id="single-post-meta" class="post-meta clearfix"><span class="date meta-item tie-icon">July 15, 2022</span></div> </div> </div> <div class="clearfix"></div> <script id="tie-schema-json" type="application/ld+json">{"@context":"http:\/\/schema.org","@type":"Article","dateCreated":"2022-07-15T15:22:00+00:00","datePublished":"2022-07-15T15:22:00+00:00","dateModified":"2022-07-15T15:22:00+00:00","headline":"New Cache Side Channel Attack Can De-Anonymize Targeted Online Users","name":"New Cache Side Channel Attack Can De-Anonymize Targeted Online Users","keywords":"attacks,browser,email,exploit,Google,malicious,researchers,targeted,web,websites","url":"https:\/\/www.planetjon.net\/news\/cybersecurity\/new-cache-side-channel-attack-can-de-anonymize-targeted-online-users\/","description":"A group of academics from the New Jersey Institute of Technology (NJIT) has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor. \"An at","copyrightYear":"2022","articleSection":"Cybersecurity","articleBody":"\nA group of academics from the New Jersey Institute of Technology (NJIT) has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor.\n\"An attacker who has complete or partial control over a website can learn whether a specific target (i.e., a unique individual) is browsing the website,\" the researchers said. \"The attacker knows this target only through a public identifier, such as an email address or a Twitter handle.\"\nThe cache-based targeted de-anonymization attack is a cross-site leak that involves the adversary leveraging a service such as Google Drive, Dropbox, or YouTube to privately share a resource (e.g., image, video, or a YouTube playlist) with the target, followed by embedding the shared resource into the attack website.\nThis can be achieved by, say, privately sharing the resource with the target using the victim's email address or the appropriate username associated with the service and then inserting the leaky resource using an HTML tag.\n\nIn the next step, the attacker tricks the victim into visiting the malicious website and clicking on the aforementioned content, causing the shared resource to be loaded as a pop-under window (as opposed to a pop-up) or a browser tab \u2014 a method that's been used by advertisers to sneakily load ads.\nThis exploit page, as it's rendered by the target's browser, is used to determine if the visitor can access the shared resource, successful access indicating that the visitor is indeed the intended target.\nThe attack, in a nutshell, aims to unmask the users of a website under the attacker's control by connecting the list of accounts tied to those individuals with their social media accounts or email addresses through a piece of shared content.\nIn a hypothetical scenario, a bad actor could share a video hosted on Google Drive with a target's email address, and follow it up by inserting this video in the lure website. Thus when visitors land on the portal, a successful loading of the video could be used as a yardstick to infer if their victim is one among them.\n\nThe attacks, which are practical to exploit across desktop and mobile systems with multiple CPU microarchitectures and different web browsers, are made possible by means of a cache-based side channel that's used to glean if the shared resource has been loaded and therefore distinguish between targeted and non-targeted users.\nPut differently, the idea is to observe the subtle timing differences that arise when the shared resource is being accessed by the two sets of users, which, in turn, occurs due to differences in the time it takes to return an appropriate response from the web server depending on the user's authorization status.\nThe attacks also take into account a second set of differences on the client-side that happens when the web browser renders the relevant content or error page based on the response received.\n\"There are two main causes for differences in the observed side channel leakages between targeted and non-targeted users \u2013 a server-side timing difference and a client-side rendering difference,\" the researchers said.\n\nWhile most popular platforms such as those from Google, Facebook, Instagram, LinkedIn, Twitter, and TikTok were found susceptible, one notable service that's immune to the attack is Apple iCloud.\nIt's worth pointing out the de-anonymization method banks on the prerequisite that the targeted user is already logged in to the service. As mitigations, the researchers have released a browser extension called Leakuidator+ that's available for Chrome, Firefox, and Tor browsers.\nTo counter the timing and rendering side channels, website owners are recommended to design web servers to return their responses in constant time, irrespective of whether the user is provisioned to access the shared resource, and make their error pages as similar as possible to the content pages to minimize the attacker-observable differences.\n\n\"As an example, if an authorized user was going to be shown a video, the error page for the non-targeted user should also be made to show a video,\" the researchers said, adding websites should also be made to require user interaction before rendering content.\n\"Knowing the precise identity of the person who is currently visiting a website can be the starting point for a range of nefarious targeted activities that can be executed by the operator of that website.\"\nThe findings arrive weeks after researchers from the University of Hamburg, Germany, demonstrated that mobile devices leak identifying information such as passwords and past holiday locations via Wi-Fi probe requests.\nIn a related development, MIT researchers last month revealed the root cause behind a website fingerprinting attack as not due to signals generated by cache contention (aka a cache-based side channel) but rather due to system interrupts, while showing that interrupt-based side channels can be used to mount a powerful website fingerprinting attack.\n\n\n\n","publisher":{"@id":"#Publisher","@type":"Organization","name":"PlanetJon Network","logo":{"@type":"ImageObject","url":"https:\/\/www.planetjon.net\/skin-child\/assets\/images\/logo@2x.png"}},"sourceOrganization":{"@id":"#Publisher"},"copyrightHolder":{"@id":"#Publisher"},"mainEntityOfPage":{"@type":"WebPage","@id":"https:\/\/www.planetjon.net\/news\/cybersecurity\/new-cache-side-channel-attack-can-de-anonymize-targeted-online-users\/"},"author":{"@type":"Person","name":"Editor","url":"https:\/\/www.planetjon.net\/author\/c81e728d9d4c2f636f067f89cc14862c\/"}}</script> <div id="share-buttons-bottom" class="share-buttons share-buttons-bottom"> <div class="share-links "> <a href="https://www.facebook.com/sharer.php?u=https://www.planetjon.net/news/cybersecurity/new-cache-side-channel-attack-can-de-anonymize-targeted-online-users/" rel="external noopener nofollow" title="Facebook" target="_blank" class="facebook-share-btn large-share-button" data-raw="https://www.facebook.com/sharer.php?u={post_link}"> <span class="share-btn-icon tie-icon-facebook"></span> <span class="social-text">Facebook</span> </a> <a href="https://twitter.com/intent/tweet?text=New%20Cache%20Side%20Channel%20Attack%20Can%20De-Anonymize%20Targeted%20Online%20Users&url=https://www.planetjon.net/news/cybersecurity/new-cache-side-channel-attack-can-de-anonymize-targeted-online-users/" rel="external noopener nofollow" title="Twitter" target="_blank" class="twitter-share-btn large-share-button" data-raw="https://twitter.com/intent/tweet?text={post_title}&url={post_link}"> <span class="share-btn-icon tie-icon-twitter"></span> <span class="social-text">Twitter</span> </a> <a href="https://reddit.com/submit?url=https://www.planetjon.net/news/cybersecurity/new-cache-side-channel-attack-can-de-anonymize-targeted-online-users/&title=New%20Cache%20Side%20Channel%20Attack%20Can%20De-Anonymize%20Targeted%20Online%20Users" rel="external noopener nofollow" title="Reddit" target="_blank" class="reddit-share-btn " data-raw="https://reddit.com/submit?url={post_link}&title={post_title}"> <span class="share-btn-icon tie-icon-reddit"></span> <span class="screen-reader-text">Reddit</span> </a> <a href="mailto:?subject=New%20Cache%20Side%20Channel%20Attack%20Can%20De-Anonymize%20Targeted%20Online%20Users&body=https://www.planetjon.net/news/cybersecurity/new-cache-side-channel-attack-can-de-anonymize-targeted-online-users/" rel="external noopener nofollow" title="Share via Email" target="_blank" class="email-share-btn " data-raw="mailto:?subject={post_title}&body={post_link}"> <span class="share-btn-icon tie-icon-envelope"></span> <span class="screen-reader-text">Share via Email</span> </a> <a href="#" rel="external noopener nofollow" title="Print" target="_blank" class="print-share-btn " data-raw="#"> <span class="share-btn-icon tie-icon-print"></span> <span class="screen-reader-text">Print</span> </a> </div> </div> </article> <div class="post-components"> <div id="related-posts" class="container-wrapper has-extra-post"> <div class="mag-box-title the-global-title"> <h3>Related Articles</h3> </div> <div class="related-posts-list"> <div class="related-item"> <h3 class="post-title"><a href="https://www.planetjon.net/news/cybersecurity/critical-security-bugs-uncovered-in-voipmonitor-monitoring-software/">Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software</a></h3> <div class="post-meta clearfix"><span class="date meta-item tie-icon">March 2, 2022</span></div> </div> <div class="related-item"> <h3 class="post-title"><a href="https://www.planetjon.net/news/cybersecurity/cybercriminals-using-new-asmcrypt-malware-loader-flying-under-the-radar/">Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar</a></h3> <div class="post-meta clearfix"><span class="date meta-item tie-icon">September 29, 2023</span></div> </div> <div class="related-item"> <h3 class="post-title"><a href="https://www.planetjon.net/news/cybersecurity/understanding-how-hackers-recon/">Understanding How Hackers Recon</a></h3> <div class="post-meta clearfix"><span class="date meta-item tie-icon">March 7, 2022</span></div> </div> <div class="related-item"> <h3 class="post-title"><a href="https://www.planetjon.net/news/cybersecurity/medusa-ransomware-on-the-rise-from-data-leaks-to-multi-extortion/">Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion</a></h3> <div class="post-meta clearfix"><span class="date meta-item tie-icon">January 12, 2024</span></div> </div> </div> </div> </div> </div> <div id="check-also-box" class="container-wrapper check-also-right"> <div class="widget-title the-global-title"> <div class="the-subtitle">Check Also</div> <a href="#" id="check-also-close" class="remove"> <span class="screen-reader-text">Close</span> </a> </div> <div class="widget posts-list-big-first has-first-big-post"> <ul class="posts-list-items"> <li class="widget-single-post-item widget-post-list"> <div class="post-widget-body no-small-thumbs"> <a class="post-title the-subtitle" href="https://www.planetjon.net/news/cybersecurity/yoda-tool-found-47000-malicious-wordpress-plugins-installed-in-over-24000-sites/">YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites</a> <div class="post-meta"> <span class="date meta-item tie-icon">June 2, 2022</span> </div> </div> </li> </ul> </div> </div> <aside class="sidebar tie-col-md-4 tie-col-xs-12 normal-side is-sticky" aria-label="Primary Sidebar"> <div class="theiaStickySidebar"> <div id="posts-list-widget-2" class="container-wrapper widget posts-list"><div class="widget-title the-global-title"><div class="the-subtitle">Recent Articles<span class="widget-title-icon tie-icon"></span></div></div><div class="widget-posts-list-wrapper"><div class="widget-posts-list-container" ><ul class="posts-list-items widget-posts-wrapper"> <li class="widget-single-post-item widget-post-list"> <div class="post-widget-body no-small-thumbs"> <a class="post-title the-subtitle" href="https://www.planetjon.net/news/cybersecurity/offlrouter-malware-evades-detection-in-ukraine-for-almost-a-decade/">OfflRouter Malware Evades Detection in Ukraine for Almost a Decade</a> <div class="post-meta"> <span class="date meta-item tie-icon">11 hours ago</span> </div> </div> </li> <li class="widget-single-post-item widget-post-list"> <div class="post-widget-body no-small-thumbs"> <a class="post-title the-subtitle" href="https://www.planetjon.net/news/cybersecurity/fin7-cybercrime-group-targeting-u-s-auto-industry-with-carbanak-backdoor/">FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor</a> <div class="post-meta"> <span class="date meta-item tie-icon">12 hours ago</span> </div> </div> </li> <li class="widget-single-post-item widget-post-list"> <div class="post-widget-body no-small-thumbs"> <a class="post-title the-subtitle" href="https://www.planetjon.net/news/cybersecurity/recover-from-ransomware-in-5-minutes-we-will-teach-you-how/">Recover from Ransomware in 5 Minutes—We will Teach You How!</a> <div class="post-meta"> <span class="date meta-item tie-icon">15 hours ago</span> </div> </div> </li> <li class="widget-single-post-item widget-post-list"> <div class="post-widget-body no-small-thumbs"> <a class="post-title the-subtitle" href="https://www.planetjon.net/news/cybersecurity/hackers-exploit-openmetadata-flaws-to-mine-crypto-on-kubernetes/">Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes</a> <div class="post-meta"> <span class="date meta-item tie-icon">20 hours ago</span> </div> </div> </li> <li class="widget-single-post-item widget-post-list"> <div class="post-widget-body no-small-thumbs"> <a class="post-title the-subtitle" href="https://www.planetjon.net/news/cybersecurity/russian-apt-deploys-new-kapeka-backdoor-in-eastern-european-attacks/">Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks</a> <div class="post-meta"> <span class="date meta-item tie-icon">2 days ago</span> </div> </div> </li> <li class="widget-single-post-item widget-post-list"> <div class="post-widget-body no-small-thumbs"> <a class="post-title the-subtitle" href="https://www.planetjon.net/news/cybersecurity/genai-a-new-headache-for-saas-security-teams/">GenAI: A New Headache for SaaS Security Teams</a> <div class="post-meta"> <span class="date meta-item tie-icon">2 days ago</span> </div> </div> </li> </ul></div></div><div class="clearfix"></div></div> </div> </aside> </div></div> <footer id="footer" class="site-footer dark-skin dark-widgetized-area"> <div id="footer-widgets-container"> <div class="container"> </div> </div> <div id="site-info" class="site-info site-info-layout-2"> <div class="container"> <div class="tie-row"> <div class="tie-col-md-12"> <div class="copyright-text copyright-text-first">© Copyright 2024, All Rights Reserved  |  <span style="color:aqua;" class="tie-icon-globe"></span> <a href="https://www.planetjon.net" target="_blank">PlanetJon</a></div><ul class="social-icons"></ul> </div> </div> </div> </div> </footer> <div id="share-buttons-mobile" class="share-buttons share-buttons-mobile"> <div class="share-links icons-only"> <a href="https://www.facebook.com/sharer.php?u=https://www.planetjon.net/news/cybersecurity/new-cache-side-channel-attack-can-de-anonymize-targeted-online-users/" rel="external noopener nofollow" title="Facebook" target="_blank" class="facebook-share-btn " data-raw="https://www.facebook.com/sharer.php?u={post_link}"> <span class="share-btn-icon tie-icon-facebook"></span> <span class="screen-reader-text">Facebook</span> </a> <a href="https://twitter.com/intent/tweet?text=New%20Cache%20Side%20Channel%20Attack%20Can%20De-Anonymize%20Targeted%20Online%20Users&url=https://www.planetjon.net/news/cybersecurity/new-cache-side-channel-attack-can-de-anonymize-targeted-online-users/" rel="external noopener nofollow" title="Twitter" target="_blank" class="twitter-share-btn " data-raw="https://twitter.com/intent/tweet?text={post_title}&url={post_link}"> <span class="share-btn-icon tie-icon-twitter"></span> <span class="screen-reader-text">Twitter</span> </a> <a href="https://api.whatsapp.com/send?text=New%20Cache%20Side%20Channel%20Attack%20Can%20De-Anonymize%20Targeted%20Online%20Users%20https://www.planetjon.net/news/cybersecurity/new-cache-side-channel-attack-can-de-anonymize-targeted-online-users/" rel="external noopener nofollow" title="WhatsApp" target="_blank" class="whatsapp-share-btn " data-raw="https://api.whatsapp.com/send?text={post_title}%20{post_link}"> <span class="share-btn-icon tie-icon-whatsapp"></span> <span class="screen-reader-text">WhatsApp</span> </a> <a href="https://telegram.me/share/url?url=https://www.planetjon.net/news/cybersecurity/new-cache-side-channel-attack-can-de-anonymize-targeted-online-users/&text=New%20Cache%20Side%20Channel%20Attack%20Can%20De-Anonymize%20Targeted%20Online%20Users" rel="external noopener nofollow" title="Telegram" target="_blank" class="telegram-share-btn " data-raw="https://telegram.me/share/url?url={post_link}&text={post_title}"> <span class="share-btn-icon tie-icon-paper-plane"></span> <span class="screen-reader-text">Telegram</span> </a> </div> </div> <div class="mobile-share-buttons-spacer"></div> <a id="go-to-top" class="go-to-top-button" href="#go-to-tie-body"> <span class="tie-icon-angle-up"></span> <span class="screen-reader-text">Back to top button</span> </a> </div> <aside class=" side-aside normal-side dark-skin dark-widgetized-area slide-sidebar-desktop is-fullwidth appear-from-right" aria-label="Secondary Sidebar" style="visibility: hidden;"> <div data-height="100%" class="side-aside-wrapper has-custom-scroll"> <a href="#" class="close-side-aside remove big-btn light-btn"> <span class="screen-reader-text">Close</span> </a> <div id="mobile-container"> <div id="mobile-menu" class="hide-menu-icons"> </div> <div id="mobile-social-icons" class="social-icons-widget solid-social-icons"> <ul></ul> </div> <div id="mobile-search"> <form role="search" method="get" class="search-form" action="https://www.planetjon.net/"> <label> <span class="screen-reader-text">Search for:</span> <input type="search" class="search-field" placeholder="Search …" value="" name="s" /> </label> <input type="submit" class="search-submit" value="Search" /> </form> </div> </div> <div id="slide-sidebar-widgets"> </div> </div> </aside> </div> </div> <div id="um_upload_single" style="display:none"></div> <div id="um_view_photo" style="display:none"> <a href="javascript:void(0);" data-action="um_remove_modal" class="um-modal-close" aria-label="Close view photo modal"> <i class="um-faicon-times"></i> </a> <div class="um-modal-body photo"> <div class="um-modal-photo"></div> </div> </div> <div id="is-scroller-outer"><div id="is-scroller"></div></div><div id="fb-root"></div><script type="text/javascript" id="tie-scripts-js-extra"> /* <![CDATA[ */ var tie = {"is_rtl":"","ajaxurl":"https:\/\/www.planetjon.net\/pjback\/admin-ajax.php","is_taqyeem_active":"","is_sticky_video":"1","mobile_menu_top":"","mobile_menu_active":"area_2","mobile_menu_parent":"","lightbox_all":"true","lightbox_gallery":"true","lightbox_skin":"dark","lightbox_thumb":"horizontal","lightbox_arrows":"true","is_singular":"1","autoload_posts":"","reading_indicator":"","lazyload":"","select_share":"true","select_share_twitter":"","select_share_facebook":"","select_share_linkedin":"","select_share_email":"","facebook_app_id":"5303202981","twitter_username":"","responsive_tables":"true","ad_blocker_detector":"","sticky_behavior":"default","sticky_desktop":"true","sticky_mobile":"true","sticky_mobile_behavior":"default","ajax_loader":"<div class=\"loader-overlay\"><div class=\"spinner-circle\"><\/div><\/div>","type_to_search":"","lang_no_results":"Nothing Found","sticky_share_mobile":"true","sticky_share_post":""}; /* ]]> */ </script> <script type="text/javascript" src="https://www.planetjon.net/skin/assets/js/scripts.min.js?ver=5.4.10" id="tie-scripts-js"></script> <script type="text/javascript" src="https://www.planetjon.net/pjc/cache/asset-cleanup/js/item/jannah__assets__ilightbox__lightbox-js-vfe836cfad2006fb6a24b4a26e05afa896b5e0aee.js" id="tie-js-ilightbox-js"></script> <script type="text/javascript" src="https://www.planetjon.net/skin/assets/js/desktop.min.js?ver=5.4.10" id="tie-js-desktop-js"></script> <script type="text/javascript" src="https://www.planetjon.net/skin/assets/js/single.min.js?ver=5.4.10" id="tie-js-single-js"></script> <script type="text/javascript"> jQuery.ajax({ type : "GET", url : "https://www.planetjon.net/pjback/admin-ajax.php", data : "postviews_id=3617&action=tie_postviews", cache: !1, success: function( data ){ jQuery("#single-post-meta").find(".meta-views").html( data ); } }); </script> <script type="text/javascript"> jQuery( window ).on( 'load', function() { jQuery('input[name="um_request"]').val(''); }); </script> <a href="https://www.planetjon.net/raw.php"></a> <script src="https://getinsights.io/js/insights.js"></script> <script> insights.init('CHac0rZ2XqnXDzPI'); insights.trackPages(); </script> </body> </html> <script src="/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js" data-cf-settings="e5da7013ccc747bd0574603a-|49" defer></script><script>(function(){if (!document.body) return;var js = "window['__CF$cv$params']={r:'8771404889dee287',t:'MTcxMzU3NTM4OS42OTMwMDA='};_cpo=document.createElement('script');_cpo.nonce='',_cpo.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js',document.getElementsByTagName('head')[0].appendChild(_cpo);";var _0xh = document.createElement('iframe');_0xh.height = 1;_0xh.width = 1;_0xh.style.position = 'absolute';_0xh.style.top = 0;_0xh.style.left = 0;_0xh.style.border = 'none';_0xh.style.visibility = 'hidden';document.body.appendChild(_0xh);function handler() {var _0xi = _0xh.contentDocument || _0xh.contentWindow.document;if (_0xi) {var _0xj = _0xi.createElement('script');_0xj.innerHTML = js;_0xi.getElementsByTagName('head')[0].appendChild(_0xj);}}if (document.readyState !== 'loading') {handler();} else if (window.addEventListener) {document.addEventListener('DOMContentLoaded', handler);} else {var prev = document.onreadystatechange || function () {};document.onreadystatechange = function (e) {prev(e);if (document.readyState !== 'loading') {document.onreadystatechange = prev;handler();}};}})();</script>