I suspect that will just add another few bits of user-specific information to key advertisements to: [√] Believes $TRACKER won't notice attempt at obfuscation.
I've thought about this as well. One idea I've has is releasing a data bamb, in a sense that a huge amount of information is injected along with your interaction. An example of this would be you open your browser and put in a search term for cat food, and a server you are running picks up your activity (opening a browser), then plugs in 100s of search terms for random, unrelated things while logged into your account. Or at minimum send get requests from your in address for you.This essentially adds noise, which one can be done in different ways.
Shouldn't one of the main properties of data poisoning be that it should go undetected? otherwise the collector agency (FB, whatever) can just develop an algorithm to flag that new data.
Actually, sorting out what your point is might be a good starting, erm, point. What's your threat model, what do you hope to protect / avoid / guarantee?
I’m afraid this is one of those cases where the Pandora’s box has already been opened. At a massive scale you could allow a data breach of bad data, like experian pretends to lose data but the data are fake. I sometimes wonder if that’s what the opm breach was all about, but that’s giving way too much credit.
