Forgot your password?
typodupeerror
Privacy Firefox Mozilla Your Rights Online

Interview With Mozilla's Ryan Merkley: Tracking the Trackers 165

Posted by samzenpus
from the listen-but-don't-track dept.
colinneagle writes "Among the eye-opening statements in his recent TED talk, Mozilla CEO Gary Kovacs said, 'Privacy is not an option, and it shouldn't be the price we accept for just getting on the Internet. Our voices matter and our actions matter even more.' After you download and install Collusion in Firefox, you can 'see who is tracking you across the Web and following you through the digital woods,' Kovacs stated. 'Going forward, all of our voices need to be heard. Because what we don't know can actually hurt us. Because the memory of the Internet is forever. We are being watched. It's now time for us to watch the watchers.' I've been using Collusion for some time now and it is jaw-dropping to watch all the sites that still stalk us across the web even with DNT and privacy add-ons. The Collusion page states: 'The Ford Foundation is supporting Mozilla to develop the Collusion add-on so it will enable users to not only see who is tracking them across the Web, but also to turn that tracking off when they want to.'"
This discussion has been archived. No new comments can be posted.

Interview With Mozilla's Ryan Merkley: Tracking the Trackers

Comments Filter:
  • Download/Demo here (Score:5, Informative)

    by saibot834 (1061528) on Friday June 22, 2012 @04:47AM (#40409243) Homepage

    Collusion Download/Demo [mozilla.org]. Looks like a pretty nifty tool. And completely without flash!

    • by Inda (580031) <slash.20.inda@spamgourmet.com> on Friday June 22, 2012 @05:13AM (#40409333) Journal
      You don't need that to see how we're being tracked (although I do have it installed).

      I'd been looking at having laser eye surgery for some time. Money was the only thing stopping me from doing real research.

      There was an advert for an Optical Express laser clinic, with a competition for free treatment, so I clicked. It's probably the only time I've ever clicked, and this was at work with no Ad-block installed.

      I went through the process of consultation, price negotiation and all that stuff. I was happy with everything offered, and went ahead with the surgery (two weeks ago, best thing I've ever done).

      Top of Slashdot today? Adverts for laser eye surgery at Optical Express. In fact, every blinking website I visit at work is trying to show me adverts for Optical Express. This has been going on for nearly two months!

      I'm sure it must happen to everyone, everywhere.
      • by Sviams (708968) on Friday June 22, 2012 @05:18AM (#40409361)
        And here you are, posting an advert for Optical Express...oh the irony :)
      • by Anonymous Coward on Friday June 22, 2012 @05:22AM (#40409381)

        Those ads have always been there - maybe you can only see them after you had the surgery!

      • by R_Dorothy (1096635) on Friday June 22, 2012 @06:08AM (#40409567)
        Yep, I've noticed that ad networks are very good at trying to sell me something I've already bought.
      • by bitt3n (941736) on Friday June 22, 2012 @06:52AM (#40409761)
        you wonder why Optical Express gave you such a good deal on laser surgery, and next you're going to start seeing advertisements on your walls, in your shower, in the blue sky, whenever you close your eyes....
      • by Anonymous Coward

        Yeah, I ordered a pair of New Balance shoes off their website since most stores don't have the 13 4E size I wear and now I see ads for New Balance all day every day,

      • by cffrost (885375) on Friday June 22, 2012 @02:46PM (#40415689) Homepage

        There was an advert for an Optical Express laser clinic, with a competition for free treatment, so I clicked. It's probably the only time I've ever clicked, and this was at work with no Ad-block installed.

        Here, you've admitted to two newbie mistakes that culminate in your tale of woe.

        Top of Slashdot today? Adverts for laser eye surgery at Optical Express.

        These ads (and the attack/tracking vector they signify) will persist until you properly secure your browser.

        In fact, every blinking website I visit at work is trying to show me adverts for Optical Express.

        In Firefox, open about:config [about] and set browser.blink_allowed to False . If the blinking continues, return to Optical Express and demand a refund.

        I'm sure it must happen to everyone, everywhere.

        I assure you, that is not the case.

  • by pegasustonans (589396) on Friday June 22, 2012 @04:52AM (#40409255)

    The Mozilla Foundation reportedly receives ~$300 million annually from Google.

    Google is certainly an interested party when it comes to tracking user behavior.

    Is this really a good move for Mozilla strategically?

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Is this really a good move for Mozilla strategically?

      Yes because the general public do value privacy, and being on the side of public opinion is priceless.

      • by plover (150551) *

        Is this really a good move for Mozilla strategically?

        Yes because the general public do value privacy, and being on the side of public opinion is priceless.

        Actually, the general public puts a very low value on privacy. If you ask do you value your privacy?", they'll say "yes, of course." But if you ask them "do you want to save 5% by signing up for our club card?", they'll practically push each other out of the way to save $0.50.

        Marketers today put the benefit on the billboard, but put the terms of consent to tracking in the fine print. It would be interesting to see what would happen if the marketing came with the same kinds of warnings and side effects we se

    • by Anonymous Coward on Friday June 22, 2012 @05:17AM (#40409355)

      Of course it is. Just because they're funded, doesn't mean they're controlled. And I don't think transparency is bad for Google's main business model. People more or less know what Google gets when it is used for searching. I predict they'll jump on board with this one and provide something similar in Chrome. It's the right kind of tool to win over the masses.

    • by Jahta (1141213) on Friday June 22, 2012 @05:20AM (#40409369)

      The Mozilla Foundation reportedly receives ~$300 million annually from Google.

      Google is certainly an interested party when it comes to tracking user behavior.

      Is this really a good move for Mozilla strategically?

      The key issue here is informed consent. The "Collusion add-on so it will enable users to not only see who is tracking them across the Web, but also to turn that tracking off when they want to."

      I've no problem allowing cookies and scripts from sites I trust and who are providing me with a service I want. The problem is the number of "drive-by" cookies and scripts you can get hit with.

      When I started using NoScript I was amazed at amount of content I was being silently served from third-party sites without my knowledge or consent.

    • by RivenAleem (1590553) on Friday June 22, 2012 @05:30AM (#40409425)

      And if Google withdraw their funding over this Collusion addon, how do you think that will look?

      As far as I know, Google have been very upfront [google.com]about what they have on me and what they use that information for. Collusion doesn't change anything for Google, especially if they respect the DNT option. I think Google would be quite alright with this, as what it really does is reveal how much OTHER people are tracking about you, and not telling you about it. Especially if OTHER people are ignoring DNT.

      Like it is said, if you have nothing to hide from Collusion, then you have nothing to fear.

      • Re: (Score:3, Interesting)

        by Hatta (162192)

        As far as I know

        Which is only what Google tells you. You don't think they're tracking you by IP address too? You don't think they're using browser fingerprinting? Google's cookie is one tiny part of the problem.

        • by swillden (191260) <shawn-ds@willden.org> on Friday June 22, 2012 @09:51AM (#40411523) Homepage Journal

          As far as I know

          Which is only what Google tells you. You don't think they're tracking you by IP address too? You don't think they're using browser fingerprinting? Google's cookie is one tiny part of the problem.

          Google logs all IP addresses initially but after nine months zeros the bottom octet to anonymize them. Cookies are kept for 18 months, and many have noted that the cookies can be used to recover the full IP address going back 18 months, assuming you're always connecting from the same IP, but if you've opted out then there are no cookies stored to provide that linkage (I'm not sure if the opt-out cookie is itself anonymous, or if it's stripped before logging, or what, but it's something like that).

          I don't know if browser information is anonymized; I'm sure at least enough is kept to identify the browser version.

          Although you almost certainly won't believe me (since I work for Google), I'll tell you that Google tries very hard to honor tracking opt outs. If someone discovered a way that Google could recover individualized tracking about a user who had opted out, that would be considered a bug and it would get fixed. If it couldn't be fixed, controls would be put in place to ensure that the data is not used for tracking in any systematic way, and that individual employees can't access it without specific permissions, and the use of those who actually have a demonstrated need to use it would be audited.

          The tinfoil hat crowd will simply dismiss this post, but the truth is that Google really doesn't want to track you if you don't want to be tracked. Google wants to convince you that you do want to be tracked, of course, that Google's services (including targeted advertising!) are actually sufficiently valuable to you that you want Google to have the data. But if you don't agree, Google provides the tools to allow you to opt out, and honors your choice.

          This isn't to say that bad things will never happen, or that mistakes will never be made. Google is composed of people, and people screw up. Hence things like the Wifi packet capture, and Safari privacy workaround. But violations of the principles of user privacy are treated as errors to be corrected.

          From an information-theoretic standpoint, the best way to be sure that Google never screws up with your privacy is to ensure it is impossible for Google to know anything about you, so opt out of tracking and avoid Google services, or even just block Google at your router. IMO, given its track record, trusting Google to behave responsibly isn't at all unreasonable, and I think Google offers good value in trade for your information (assuming that Google behaves responsibly). But it's your choice, and Google wants it to be possible for you to make that choice.

          • by Hatta (162192)

            Google logs all IP addresses initially but after nine months zeros the bottom octet to anonymize them

            That's not much privacy. If I watch your browsing habits for 9 months, I bet I could put together a signature that would let me identify your browing from a group of 256 random individuals.

            • by swillden (191260)

              Google logs all IP addresses initially but after nine months zeros the bottom octet to anonymize them

              That's not much privacy. If I watch your browsing habits for 9 months, I bet I could put together a signature that would let me identify your browing from a group of 256 random individuals.

              If that were the only privacy protection measure, sure.

          • by Anonymous Coward

            The tinfoil hat crowd will simply dismiss this post, but the truth is that Google really doesn't want to track you if you don't want to be tracked.

            Maybe it is just dog food you are eating, but you should go read your privacy policy sometime. All of your data, whether it be browsing history, location data, email, docs, pictures... Everything, can be shared with 3rd parties. For example:

            We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

            Thanks for providing us with those instructions Google, and since these 3rd parties follow the same privacy policy, they can go ahead and ship it on to their buddies for "processing" too. These terms are written in such a way that it allows them to get away with anyth

          • by lpq (583377)

            If someone discovered a way that Google could recover individualized tracking about a user who had opted out, that would be considered a bug ...

            One of the founders wrote a book on how to do it despite the low-level obfuscating techniques that are being used. They are the equivalent of "adding bits" to crypto-keys. It may take more data to statistically correlate identities, but given enough data, Bayesian induction is almost certainly powerful enough to get the job done. 18 months of data is a long time

            • by swillden (191260)

              From previous experience my browser fingerprint from one fingerprint-info site, told me that my browser finger print was unique out of over 300K visitors to date. That's fairly specific.

              If that's the same site I saw... I visited it twice and it told me my fingerprint was unique the second time, too. I think it's bogus.

              • by lpq (583377)

                Did you upgrade a plugin? That would make it different? Or was one of your plugins auto-upgraded as many users have it set for?

                I went back immediately and was told I was 1 of 2 with my fingerprint...so I'm not so sure how bogus it was or if it was the same site.

        • by cffrost (885375)

          Can someone please explain to me in what way Hatta's comment constitutes trolling? Is expressing concern about the practices of the world's largest advertising conglomerate a new form of trolling I was previously unaware of, or is questioning our corporate betters now grounds for being silenced?

          • Because some people either haven't read or don't understand chapters 13, 14, 15 and 20 in one of Google's founder's books, "Artificial Intelligence: A Modern Approach". (13:Uncertainty, 14:Probabilistic Reasoning, 15:Probabilistic Reasoning over Time, 20:Statistical Learning Methods).

      • by cusco (717999)
        I just find it extremely intriguing that the Ford Foundation is involved in this, since they've been a money conduit for the CIA since at least the early 1960s (Project Mockingbird funding flowed to journalists through Ford Foundation and later Lyla Wallace Fund).
    • by bloodhawk (813939)
      Every other browser, even internet explorer, is headed towards greater user privacy options so mozilla can either go with the heard or stand out as the weak link. They don't really have much of an option here so they may as well look towards being at the front of the pack.
  • New friends (Score:3, Insightful)

    by Anonymous Coward on Friday June 22, 2012 @04:58AM (#40409273)

    "Among the eye-opening statements in his recent TED talk, Mozilla CEO Gary Kovacs said, 'Privacy is not an option, and it shouldn't be the price we accept for just getting on the Internet.

    Evidently, Gary has never met Mark Zuckerberg.

  • by Anonymous Coward on Friday June 22, 2012 @05:02AM (#40409283)

    I'm just a random Tor exit node, up one day, down the next, replaced by another random exit node.

    Use the Tor Browser Bundle:
    - https://www.torproject.org/ [torproject.org]

    Read the Tor OPSEC article:
    - http://cryptome.org/0005/tor-opsec.htm [cryptome.org]
    - https://www.schneier.com/blog/archives/2012/01/tor_opsec.html [schneier.com]

    "HUGE Security Resource" - enjoy a smart selection of Security
    Blogs and other security related information
    - http://pastebin.com/Cm2ZHuz3 [pastebin.com]

    • I was under the impression that Tor nodes are more permanent affairs. That's why Wikipedia can ban them for repeated vandalism.
      • Re: (Score:2, Informative)

        by Anonymous Coward

        Wikipedia bans offensive exit nodes from *editing*, not *viewing* their site.

        Oh, and use bridges, always:

        https://bridges.torproject.org/ [torproject.org]

        for reasons mentioned in the Tor OPSEC document.

        For sites which ban a lot of Tor exit nodes (like godlikeproductions), Startpage's free web proxy evades 99% of these bans, but you can't post with Startpage's proxy, just read.

        Using Tor, you can also run through a lot of free web proxies to evade bans on Tor exit node IPs.

        Some exit nodes remain for awhile (though your circuit

    • by buchner.johannes (1139593) on Friday June 22, 2012 @05:45AM (#40409485) Homepage Journal

      Tor won't help you if the website puts a cookie in your browser (which this discussion is about). What you need is a selective cookie policy (like Ghostery [ghostery.com]) -- it makes my Collusion graph blank.

  • Neat... (Score:3, Informative)

    by hey_popey (1285712) on Friday June 22, 2012 @05:10AM (#40409315)
    This is nice as a tool to increase users' awareness, but Idon't see the point of using this add-on more than a couple of minutes
    Then you install ghostery if not already done, and you forget about trackers...
  • And therefore Slashdot itself forces two of them upon you.
  • Title says interview with Ryan Merkly, TFS says Gary Kovaks at TED talk. Maybe I'm just new here, but does anyone read anymore?
    • by Anonymous Coward

      You obviously don't.

      The origonal paragraph (extract from an article by Ms Smith) mentions the presentation (done by Gary Kovaks) and there is a video link of this. This is important if you want to get an idea of how Collusion works.

      After this video, there is a Interview with Ryan Merkley: He speaks about his experience with Collusion and how it simply shows what is being tracked.

      • by oodaloop (1229816)
        No, I didn't RTFA. But I should be able to RTFS and understand who is talking. TFS isn't clear at all. The title mentions one person and TFS another, with no reference to the person in the title.
    • Re:Who? (Score:4, Funny)

      by dna_(c)(tm)(r) (618003) on Friday June 22, 2012 @05:43AM (#40409475)

      Title says interview with Ryan Merkly, TFS says Gary Kovaks at TED talk. Maybe I'm just new here, but does anyone read anymore?

      Merkly quotes Kovaks.

      Now I can quote oodaloop quoting samzenpus quoting Merkly quoting Kovaks. You can quote me on that.

  • by k(wi)r(kipedia) (2648849) on Friday June 22, 2012 @05:41AM (#40409459)

    Okay we know that Google, Facebook and other companies have a tracking system in place. But who's really watching? Is it possible that Larry Page or Mark Zuckerberg is reading this post right now and will click his iAmWatchingU app to find out who typed these words? Or is some other sentient entity [slashdot.org] looking over me like the deity of some theistic religion.

    Maybe the greater danger isn't that we are being watched, but that algorithms are now in control of our lives [bbc.co.uk], processing, analyzing, bankrupting us in a way where sometimes the only human intervention is someone clicking OK.

  • Because the memory of the Internet is forever

    ...Or not.

  • by Anonymous Coward

    Provide a feature in Firefox to not request pages not on the current domain.

    All those embeddable scripts are now useless and centralized tracking dies a horrible death. The overheads of doing this server-side would be crippling financially.

    The idea is not to fight a losing battle, but to make it expensive and financially nonviable.

  • by FudRucker (866063) on Friday June 22, 2012 @06:08AM (#40409571)
  • by Anonymous Coward

    It is nice to see things like Collusion and Ghostery (will install when I get home), but I think power users of the internet and those of us that care about privacy and a free internet need to take it a step further. We need to not only stop tracking, but also figure out ways to mass spoof trackers and begin corrupting their data. If, on some mass scale, we can figure out how to report bad data to advertisers, they lose all power.

    Mass advertising is the biggest scam of the last 30 years. These people pro

  • by PopeRatzo (965947) on Friday June 22, 2012 @07:27AM (#40409959) Homepage Journal

    Does anyone know what ever happened to that project for salting the tracking data with false positives? I think it was called "Antiphormlite" and it had gotten up to version 1.3 I think.

    I see it talked about on teh google but there doesn't seem to be any place it can be downloaded.

    I love the idea of fouling tracking data. It's not enough to "track the trackers". I want to make sure they go away unless they reform themselves.

    This is one of those areas where the "free market" is not going to come up with a solution. People say, "I want privacy" and the Free Market says, "Fuck you, pay me."

    It's going to take vandalism on a massive scale to fix this one.

    • by cusco (717999)
      On that same idea, when the supermarket asks for your 'loyalty card' just use the phone number (321) 123-4567. Works pretty much everywhere, and if it doesn't get a new card with that number. There are probably a couple hundred of us around the US using that same number.

      The other advantage of using that number is the look on the dumber cashiers' faces, since they think that's your real phone number.
    • by Kergan (780543)

      I'd wager this will happen instead eventually:

      People say, "I want privacy" and Government tells Free Market, "Fuck you, stop tracking."

      • by PopeRatzo (965947)

        I'd wager this will happen instead eventually:

        People say, "I want privacy" and Government tells Free Market, "Fuck you, stop tracking."

        I wish I had your optimism.

        Because I fear what would happen then is the "Free Market" would say, "Fuck you, Government. We own you, thanks to Citizens' United."

        And that would be the end of that. There was actually a time, you know, when the air in most major US cities was incredibly foul. The Great Lakes were literally dying and rivers were catching fire. The Government

  • I use Ghostery, an excellent tracker-phage for Firefox and Chrome. I installed Collusion and was a bit miffed it wasn't working, until I realized why: Ghostery works, period. It seems to me that Ghostery's list of web trackers already provides what Collusion is trying to create, so what is the point?
  • by Anonymous Coward on Friday June 22, 2012 @10:36AM (#40412193)

    Seems like a lot of people are praising Ghostery, which leads me to believe that you haven't heard the backstory.

    Evidon, which makes Ghostery, is an advertising company. They were originally named Better Advertising, Inc., but changed their name for obvious PR reasons. Despite the name change, let's be clear on one thing: their goal still is building better advertising, not protecting consumer privacy. Evidon bought Ghostery, an independent privacy tool that had a good reputation. They took a tool that was originally for watching the trackers online, something people saw as a legitimate privacy tool, and users were understandably concerned. The company said they were just using Ghostery for research. Turns out they had relationships with a bunch of ad companies and were compiling data from which sites you visited when you were using Ghostery, what trackers were on those sites, what ads they were, etc., and building a database to monetize.

    When confronted about it, they made their tracking opt-in and called it GhostRank, which is how it exists today. They took an open-source type tool, bought it, turned it from something that’s actually protecting people from the ad industry, to something where the users are actually providing data to the advertisers to make it easier to track them. This is a fundamental conflict of interest.

    To sum up: Ghostery makes its money from selling supposedly de-indentified user data about sites visited and ads encountered to marketers and advertisers. You get less privacy, they get more money. That's an inverse relationship. Better Advertising/Evidon continually plays up the story that people should just download Ghostery to help them hide from advertisers. Their motivation to promote it, however, isn't for better privacy; it's because they hope that you'll opt in to GhostRank and send you a bunch of information. They named their company Better Advertising for a reason: their incentive is better advertising, not better privacy.

  • I'm disappointed with Mozilla's approach to privacy (or lack of it). Currently the biggest danger for privacy is not tracking (your bank also tracks your transactions) but collecting all the available threads of information to build a fairly complete profile of the user. Yet Mozilla is pretty much ignoring the problem to the point it is difficult to differentiate Firefox from Google Chrome (a browser specifically designed for collecting information).

    The only thing I ask for is a good identity manager (Mu

  • Just because two websites use the same service doesn't not mean that data is shared between those two customers, eg. Google Analytics,
  • The more I listen to various mozilla reps, the more I am convinced that they are extremely distanced from reality, and firefox's reduction in market share is direct consequence of this ignorance.

    The problems he's talking about has been long solved by "there is an add-on for that" in firefox. Use ghostery. It has a good list of pretty much all meaningful tracking services and offers to block them for you on per-site basis or globally, along with a nice list of all trackers currently tracking you and if they'

Genius is ten percent inspiration and fifty percent capital gains.

Working...