Help EFF Test a New Tool To Stop Creepy Online Tracking 219
An anonymous reader writes "EFF is launching a new extension for Firefox and Chrome called Privacy Badger. Privacy Badger automatically detects and blocks spying ads around the Web, and the invisible trackers that feed information to them. You can try it out today."
Ghostery (Score:4, Insightful)
Ghostery does a great job of this already... However, the problem with these types of tools is they frequently break some type of (needed) functionality on the site.
7 caught on Slashdot right now.
Comment removed (Score:5, Informative)
Re: (Score:2)
As of very recently though, Ghostery takes a step further by providing surrogate scripts that replace the function needed by these websites, only without the tracking. It's really nice because you very rarely need to pause it or add exceptions now.
Re:Ghostery (Score:5, Informative)
From WP: [wikipedia.org]
"Evidon, the company owning Ghostery, plays a dual role in the online advertising industry. Ghostery blocks sites from gathering personal information. But it does have an opt-in feature named GhostRank that can be checked to "support" them. GhostRank takes note of ads encountered and blocked, and sends that information, though anonymously, back to advertisers so they can better formulate their ads to avoid being blocked.[4]"
Re: (Score:2)
Use 'DoNotTrackMe' addon. [mozilla.org] The company that makes it is run by Moxie Marlinspike and has no connection to the ad industry.
Re:Ghostery (Score:4, Insightful)
However, the problem with these types of tools is they frequently break some type of (needed) functionality on the site.
I imagine if any plugin gets /really/ popular, the tracking bugs will get modified so they work again,
OR publishers/advertisers may start modifying their content to include tests to ensure the health of the
tracking bug, before allowing the visitor to view content.
Maybe you just get half a sheet of text, or the first 1.3 windowfuls, then the site will pick up on the tracking bug being broken, and stop rendering content -- while displaying an error about the need to disable such and such plugin to use the site, or waiting until "countermeasure against tracker bug blocking" succeeds.
Re: (Score:3)
theres enuf sites that we can go else where.
Search engine optimization (Score:5, Informative)
Maybe you just get half a sheet of text, or the first 1.3 windowfuls, then the site will pick up on the tracking bug being broken
If a web server is configured to deliver only the abstract to viewers behind user agents that include tracking countermeasures, then it will deliver only the abstract to search engines. They tend to retrieve pages with no JavaScript, no Referer, and no cookies.
Re: (Score:2)
then it will deliver only the abstract to search engines. They tend to retrieve pages with no JavaScript, no Referer, and no cookies.
The IP address ranges that search engines crawl from are well known, and they can easily backdoor their countermeasures for search engines alone.
Also, if I recall correctly; Google actually runs javascript.
I'm sure any countermeasure will be designed so the major search engines can index their content
That's called cloaking (Score:3)
they can easily backdoor their countermeasures for search engines alone.
That's called cloaking, and search engines severely penalize cloakers as they become aware of them.
Re: (Score:3)
That's called cloaking, and search engines severely penalize cloakers as they become aware of them.
I see 'cloaking' like things all the time; where the real page comes up with a paywall if you try to access, and it is essentially never really penalized when done by the legitimate websites, so you're observation doesn't quite match reality.
Also it's technically not cloaking if the page content when viewed by a user (without alterations by 3rd party software such as bug blockers or Greasemonkey scripts)
Re: (Score:3)
Is there any good way to filter sites that offer teasers and paywall additional pages so you don't need to wade through them? Because google top ranks those pages a lot, and it's made it a very inefficient way to find information. It's always high profile sites that used to be big players in the print domain, and I know they're paying google for the exposure. I'd switch to a different search engine if they were uncompromising with those types of teaser-paywall websites. They're just noise, as far as I'm
Re: (Score:2)
Because google top ranks those pages a lot, and it's made it a very inefficient way to find information.
I agree; personally I think Google should have a database of paywalled domains and hide those pages by default Offering a link to 'show paywalled' sites., but otherwise hiding those results (unless they pay to be listed in the little text ads / sponsored search result panel above the normal results).
Re: (Score:3)
That makes it really easy to determine which web sites I should never visit because the sites purveyors are hostile to my best interests.
I wish sites that are using creepy tracking bugs would act in a manner that made them unusable. It would make life so much easier.
Re: (Score:3)
Slashdot uses creepy tracking bugs.
How come you're commenting here if you never visit this site?
Re: (Score:2)
Tis true, looking at requestpolicy now it has not loaded content from:
"scorecardsearch.com"
"doubleclick.net"
"gstatic.com"
Not visiting sites that associate with creepy sites is indeed too limiting when there are such simple solutions
Re: (Score:2)
Cuz I have javascript off here, and all the creepy tracking sites blocked in HOSTS. I'm not too concerned about their cookies. I am pissed at the way they stall so many sites. So into HOSTS they went.
Conversely I don't mind having slashdot's login cookie, which makes my life easier at no cost to me.
Re: (Score:2)
I'm wearing protection.
Re: (Score:2)
These sites are not going to like the way that users are going to work around this; by visiting other sites.
There is so little unique content being generated now, that will just go to other sites with more progressive privacy policies, or disable the app grudgingly if we're feeling lazy or can't find the content elsewhere, and hold it against them for all eternity.
Re: (Score:2)
A radio station I listen to recently rebranded. Their "improved" web site does not deliver content without the WebTrends tracking code being allowed through NoScript/Ghostery. I seems to do do some magic callback foo to achieve this. This behaviour seems to rapidly expanding on the site; I found a page today that required NetCensus tracking as well. Curiously I get more content if I block JS altogether (although not fully functional). http://doublej.net.au/ [doublej.net.au]
Re: (Score:2)
I wonder if it's be practical to screw the tracking up with false data?
I'm thinking a browser plugin which has a list of tracking server addresses - and a few times each day will swap a randomly picked subset of the cookies for those sites with those of another randomly picked user of the plugin.
Re: (Score:2)
I think it would be better to just expire them quickly, like say, daily or every browser session, or after every tab close.
Another fun one would be to maintain a list of ad cookies etc...and toss them in a public pool. Whenever you need one, your browser consults the pool and gets one, uses it for a bit, then goes and switches to another one. Do some distributed database poisoning.
Re: (Score:2)
Most ISPs don't promise/guarantee a static IP, but frequently that is effectively the case. ... they can guess that the user is the same one.
Combined with browser and version, screen res, OS version, and regional settings
If they have people there smarter than me (and I guess they do) they'll be using that info to link potentially different cookies as suspect same cookies.
Re: (Score:2)
And people said carrier grade NAT was a bad thing...
Re: (Score:2)
> If they have people there smarter than me (and I guess they do) they'll be using that info to link potentially
> different cookies as suspect same cookies.
Actually if they have people smarter than me, then they realize its just random noise and the real customers are paying for volume of data with no way to judge its real quality anyway, so a little poison is just as good as clean grain?
I mean sure they could climb for the higher hanging fruit, but...when they get paid as much even if they pick it up
Re: (Score:2)
Re: (Score:2)
This behaviour seems to rapidly expanding
Yes, I have noticed sites I have gone to for years will now not deliver content unless all of their scumbagginess is allowed through...
Bill Hicks quotes on advertising are apropos here. [thinkexist.com]
Re: (Score:2)
A radio station I listen to recently rebranded. Their "improved" web site does not deliver content without the WebTrends tracking code being allowed through
That's bizarre. None of the other ABC properties requires trackers to function. Nor even do the sibling digital radio sites, Triple J and Triple J Unearthed. It's weird that Double J is so completely locked down. ABC is not a commercial company, they're government funded non-commercial.
I wonder if Double J is some kind of commercial partnership? Perhaps the ABC has outsourced it? It wouldn't be the first time they've done stupid things like that, but I thought they'd been burned enough to learn their lesson
Re: (Score:2)
I also listen via my ISP's mirror of the Double J stream. Unfortunately that stream does not carry useful metadata (song titles etc.) that VLC can pick up so when I occasionally want those I need the web site. I will not lose sleep over the loss of the site though.
Re: (Score:2)
Correction, it's now spread to every ABC site.
Re: (Score:3)
I imagine if any plugin gets /really/ popular, the tracking bugs will get modified so they work again
Maybe, but even an incredibly popular Firefox plugin is still only there for a small percentage of an average page's visitors.
Re: (Score:2)
Ghostery does a great job of this already... However, the problem with these types of tools is they frequently break some type of (needed) functionality on the site.
7 caught on Slashdot right now.
The sites are designed that way intentionally. "What if they disable cookies? I know, make cookies required to stay logged in!" etc...
Self-Destructing Cookies (Score:3)
About the only thing I've run into that it breaks is Disqus logins. But I use a separate browser - which also deletes everything on close - for that.
Re: (Score:2)
I'm using Self-Destructing Cookies, too, but I haven't found any way to make it delete when you move off the page. The settings just seem to allow deleting them when you close the browser, or the tab. It would be nice, though. Can you tell me how you did it?
Re: (Score:2)
Addons > Options > Self Destructing Cookies
First option - grace period. Degault is to delete cookies 10 seconds after a tab is closed.
Maybe you can set the option to notify you of cookie destruction (next option down) to test it?
Re: (Score:2)
Oops, ignore my other reply, I think I see what you mean. You mean simply moving to another tab but leaving the other one open.
Yeah, there's no way to delete cookies on unfocus. Perhaps contact the add-on author and request the feature?
Re: (Score:2)
Oh, I actually thought you meant moving off the page to another page, in the same tab (e.g., click a link on /., slashdot cookie deletes after X seconds).
Re: (Score:2)
You can white-list sites in Self-Destructing Cookies so their cookies remain untouched.
This site's cookies are destroyed:
1. After you close its tab.
2. After you close the browser.
3 Never.
Re: (Score:2)
My system caught 8! [phthththth!]
But they're all Green, no worries.
Re: (Score:2)
Hmmm .. down to five ads, and three of them are red (and blocked)! Interesting.
What's the difference (Score:4, Insightful)
Re: (Score:3)
How's this different or better than adblock / ghostery / flashblock / noscript / do not accept third party cookies ?
Maybe it can replace 2+ of them? That would be nice. Installing 4-5 tools for one task is a pain
Also, NoScript specifically breaks 3 out of 4 websites until you figure out which half-a-dozen domains must execute JavaScript for each damn website. I remember how chase.com had a most fraudulent looking domain in order to let me login to my checking account.
Re:What's the difference (Score:5, Insightful)
Also, NoScript specifically breaks 3 out of 4 websites until you figure out which half-a-dozen domains must execute JavaScript for each damn website.
I think you mean website developers are so reliant on JS these days, that they think they can't write a site without such heavy use of it that sneezing at it will break their site.
Re: (Score:2)
I think you mean website developers are so reliant on JS these days, that they think they can't write a site without such heavy use of it that sneezing at it will break their site.
Javascript does some good stuff. When I'm building something, I make sure that the good stuff it does is on the same domain as the website on which I want it done, though. Your mileage will vary.
Re:What's the difference (Score:4, Informative)
That's the best policy. The problem isn't sites using JS, it's sites sucking in random bits of JS from 5 otrhert domains that each suck in yet more bits from 3 or 4 additional domains.
Generally whjen I see that, I decide they're trying to convince me to just allow all witrhout seeing everything I'm allowing. That, in turn, tells me that that's is the last thing I should do so I leave the page and never go back.
Re: (Score:2)
That, in turn, tells me that that's is the last thing I should do so I leave the page and never go back.
The problem with this is that more and more sites are, as you say, sucking in bits from other domains who in turn suck in bits from other domains. I have been using these sorts of tools for a while now and I can say that I'm seeing more of this type of behavior. It really is reprehensible and cowardly on the part of developers or, pardon my french, whoever the fucking idiot is who has to script/link/script/link the crap out of their site like that.
I've started using FF with privacy tools for most sites
Re: (Score:2)
If they keep that up, some bad guy or another will manage to get some bad JS into a LOT of big sites all at once.
Re: (Score:2)
All good in practice, but those site typically use javascript libraries (eg jquery) and they pull in the lib from the original site rather than host it themselves (does this help bandwidth, ie with caching of it?)
i guess you can simply whitelist these library links, but there seems to be so many of them nowadays.
Re:What's the difference (Score:4, Informative)
It's not that websites shouldn't rely on JavaScript to function, it's that they shouldn't rely on *third-party* JavaScripts from jQuery, a thousand fucking ad servers, a plugin from here and there, Google tracking... that's why what should be a basic website takes forever to load: it's having to make requests to 50 different servers to load a single page.
JavaScript-dependent websites *can* be done properly. Most are not.
Re:What's the difference (Score:4, Insightful)
Also, hosting relatively large scripts like jQuery on their own, static path helps a lot for caching. You have one copy of the script for dozens of sites, instead of dozens of copies of the same file.
Re:One example: Slashdot's owner, Dice Holdings (Score:5, Insightful)
Get the fuck out with your stupid techie misogyny.
If your "guessing" involves generalization to the point of an ugly absurdity, you should check yourself. You make it sound like you have a particular beef, maybe with a particular woman (or women) and now you believe that all bad web code is caused by women. It's a bad place to be.
If you want to say, "I have encountered some young women who fancy themselves graphic designers..." you would at least be on more reasonable ground, but then you need to ask yourself, "Does the fact that this group of people were women really have any impact on my statement?"
Now knock it off. People get skeeved out by misogyny and it's pretty easy to pick up on, so the next time you're looking for a job you might just walk away wondering, "That didn't seem to go well, it's probably because of that woman who interviewed me. They're all whores you know".
Re: (Score:2)
Sadly, had he said inexperienced wannabe graphic designers, he'd probably be right.
Disrepectful women teach women can't be criticized (Score:2)
Women are far more attracted to men who feel comfortable criticizing them in a sensible manner. Women are sexually attracted to men who have inner strength. They avoid men who seem weak when pushed.
Yesterday I watched a dance competition. I criticized that particular competition as putting pressure
Re: (Score:2)
My experience is that age and gender have little to do with it. Inexperience and wannabe status seem to be the determining factors.
Re: (Score:2)
OK, I think we're done here.
Re:Your response is about your anger, not about wo (Score:5, Insightful)
You mean other than, "Bitches, man, they just don't know how to code, you know? *fistbump*"
Re: (Score:2)
You're too late.
Re:What's the difference (Score:5, Informative)
This monitors the behavior of web sites, not the function. So if there's a non-advertising site that just puts out tracking bugs, it will get blocked. If there's an advertising site that doesn't send tracking cookies, it won't be blocked. There's no blacklist--it's all based on observed behavior.
Re:What's the difference (Score:4, Informative)
And in a related note, both of these fine extension works fine in Pale Moon, but refuse to install in Seamonkey, which is a deciding factor in which one I am going to use in the future. I dont know why it breaks in Seamonkey but if anyone does please chime in. Is it just a matter of a bad compatibility check or is there more to it?
Re: (Score:3)
What's somewhat funny about it (Score:5, Funny)
Install it and it will show you a page where you can link to Twitter, Facebook and Google+ to tell people about how awesome it is.
Is that supposed to be cynical or ... I don't know, I find it kinda funny. Isn't it supposedly blocking pages like that?
Re: (Score:2)
It isn't a problem to link. The problem is *how* you link.
If you provide a link on your page that a user can click on to go to Twitter/Facebook/G+ and the URL embeds a pre-written "I'd like to tell you about XYZ..." then it is going to go through just fine. If the page pulls an image from Twitter/Facebook/G+ servers in order to draw that link, thus creating a tracking event for those services, then it is going to be flagged by the tool, and the image might at some point be scrubbed if the tool decides that
Re: (Score:2)
Because it's free I must not complain about it?
TANSTAAFL. So what's the price for the lunch? Should I bring the lube along?
Re: (Score:2)
I don't know, I find it kinda sad. Aren't users supposed to be smarter than the people manipulating them?
What did you observe that led you to that conclusion? And ... where can I go to make the same observations?
Problem Illustrated (Score:2, Funny)
Does it not illustrate the problem perfectly when you browse to the EFF site pushing an alpha version of a tool to block and the download page has a tracker on it?
Re: (Score:2)
Worse, the site that recommends it has multiple trackers on it that Privacy Badger flagged almost immediately.
Does it block Piwik Analytics? (Score:4, Funny)
Because this is the tracker the EFF has on the download page for "Privacy Badger."
Re:Does it block Piwik Analytics? (Score:4, Informative)
Piwik [wikipedia.org] is a self-hosted web analytics package. In other words, your visit to an EFF page is being tracked by the EFF.
Re: (Score:2)
Re: (Score:3)
when did being interested in user logs and usage info become "tracking" (which is, these days, almost universally considered bad)?
Re: (Score:3, Insightful)
you guys are aware that scraping the logs of the webservers also gives you some overview of the usage of the site? Is reverse dns-lookup also considered tracking?
my point: monitoring your own site to make it better is fair use, giving this data to other entities is not.
I wonder how it deals with cookies (Score:2)
I'll check this out - it's nice to see something from EFF that I can install to match my EFF stickers :). I wonder about cookies, tho. IME some websites won't work if you block their cookies & it's better to just accept cookies then delete them after.
No Thanks... (Score:2)
Unblocking will be abused (Score:2)
If copies of Privacy Badger have already blocked your domain, you can unblock yourself by promising to respect the Do Not Track header in a way that conforms with the user's privacy policy. You can do that by posting a specific compliant DNT policy to the URL https://example.com/.well-know... [example.com], where "example.com" is all of your DNT-compliant domains.
So in other words, To exclude a website from Privacy Badger, all a website needs to do is:
- Copy and paste https://www.eff.org/files/dnt-... [eff.org] to https://mywebsite.com/.well-kn... [mywebsite.com]
Give it a few weeks, let the advert sites copy and paste that file, plugin will be useless.
Re: (Score:2)
I saw that too. Decided to stay with Disconnect + NS + RequestPolicy.
There is only one thing you can take for granted for advertising: they will play dirty. If you offer them an olive branch, they'll beat you with it, then try to sell you a salve to make the pain go away. There's no difference in philosophy to that of the spammers of old (who the EFF used to support), and anyone who doesn't understand that has no business making a privacy tool.
'Donottrackme' extension has no opt-out for sites (Score:2)
https://addons.mozilla.org/en-... [mozilla.org]
Nor is the company that makes it attached to the ad industry, unlike ghostery.
From the site's FAQ... (Score:2)
"I am an online advertising / tracking company. How do I stop Privacy Badger from blocking me?"
Stop being a scumbag advertising/tracking company.
But I repeat myself.
Too many addons (Score:2)
There are too many addons with overlapping functionality.
Disconnect
RequestPolicy
Ghostery
Privacy Badger
and many others...
What is the recommended subset?
NAT and proxies (Score:4, Interesting)
the tracking sites will just go to IP based tracking.
Good luck with IP address-based tracking when you have 10,000 different people behind one IPv4 address. This can happen with carrier-grade NAT [wikipedia.org], with ISP-wide caching proxies like those used by AOL and the ISP formerly known as Qtel [wikipedia.org], or with Tor exits.
Or did you mean the other kind of IP [gnu.org]?
Re:NAT and proxies (Score:5, Funny)
Problem:
1. Man goes to kinkybondagesmut.com on his PC.
2. Seven-year-old daughter goes to ad-funded sillychildishgame.com on iPad.
3. Ad-network consult their profile and determine this IP address is currently in used by an adult male with an interest in pornograhy.
4. Family consults their local moral crusader organisation. Legal action is taken.
Re: (Score:2)
It's not going to take much. There are plenty of crusaders around who would love a really clear test case, one where they can easily say 'Ad-company X showed targetted porn to child Y,' because if they can get a victory there it would render porn sites even more toxic to advertisers and force them further still into the internet's shady underground. I've read the publications of organisations like the AFA and FRC, and they generally believe production and distribution of any pornography is or at least shoul
Re: (Score:2)
The web browser should not be sending the ESN.
Re: (Score:2)
and they'll have one visitor from at&t mobile who is obviously flooding the system and ban that.. oh...
Mushroom mushroom (Score:2)
Re: (Score:2, Insightful)
It isn't that it's hard, people just don't know that some colours might be inconvenient. If you want to solve the problem, create an extension to remap the colors, either only on the webpage or the whole screen, into something visible. Not trivial, but certainly much easier than convincing web-designers that their colour-scheme isn't perfect.
Re: (Score:2)
The position of the slider is a secondary indicator.
Re: (Score:2)
yeah but what about red/blue/black colourblindness?
My mate is colour blind and he worked for the rail industry.. on signalling. You may think "OMG WTF?!" but he can function in the real world, red is always the one at the top, green at the bottom and they're different shades of grey to him.
Anyway what is it in a predominantly geek users that they can't fucking search for tools [hellboundbloggers.com] to assist them with their disability.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Host files have their place - management of small networks, intranets, access to darknets, etc. APK is firmly convinced that his hostfile management system is somehow essential to fast, secure internet access. Again, if darknets are your thing, or DNS is somehow just way too insecure or unreliable for your tastes, or if something about RFC01035 is just wrong, g
Way too easy! (Score:2)
"Anonymous Coward" (Score:2)
But you're still an"Anonymous Coward"? (Score:2)
But you're still an"Anonymous Coward"? (Score:2)
But I've already beaten you long ago. (Score:2)
Re: (Score:2)
With me driving, yes. (Score:2)
Re: (Score:2)
You've posted this same thing like, what, four times?>
+5 Funny?
Re: (Score:2)
What would be really impressive would be the plugin that removes (N + 1) of kookboi's dribblings.
Re: (Score:2)