Tracking the Web Trackers 97
itwbennett writes "Do you know what data the 1300+ tracking companies have on you? Privacy blogger Dan Tynan didn't until he had had enough of being stalked by grandpa-friendly Jitterbug phone ads. Tracking company BlueKai and its partners had compiled 471 separate pieces of data on him. Some surprisingly accurate, some not (hence the Jitterbug ad). But what's worse is that opting out of tracking is surprisingly hard. On the Network Advertising Initiative Opt Out Page you can ask the 98 member companies listed there to stop tracking you and on Evidon's Global Opt Out page you can give some 200 more the boot — but that's only about 300 companies out of 1300. And even if they all comply with your opt-out request, it doesn't mean that they'll stop collecting data on you, only that they'll stop serving you targeted ads."
Give Us A List (Score:3, Informative)
Give us a list of all companies and their affili-shit domains and I'll block them. I'll even add them to my 'Hosts' file just to make apk happy.
Re:Give Us A List (Score:5, Informative)
It doesn't always work that way. Sometimes, these companies use their own sites, but other times, it's a no-name domain and sometimes a random IP. It's almost a kin to a botnet herder where they all report to a root domain where they get their instructions.
And other times these are from publicly available records; no direct connection to your web browser. If you buy a car, apply for a credit card or even register a new phone number, expect to get spammed shortly. The only way to not get included in a dossier of some sort is to not exist. But even that's no guarantee.
Re: (Score:1)
Which is why I use RequestPolicy. It blocks all third-party browser requests by default. It's a mild PITA because practically every site seems to use a separate domain for static content nowadays, and you need to configure this in RequestPolicy, but once you've done that it's effortless.
Of course, there's not much I can do about my credit history, but I'm fairly confident these companies know jack-shit about my browsing habits.
Re:Give Us A List (Score:4, Informative)
Re: (Score:3)
Yeah, if you read the article, you'd see Ghostery is run by and advertising company.
" About Evidon
Evidon reveals the invisible web.
Its technology gives brands, publishers, networks and other businesses around the world unique insight into the digital ecosystem—including unparalleled intelligence on the marketing technologies that underpin the commercial web —and the power to control their impact on business.
Evidon's technology includes Ghostery®, the industry-leading browser tool that repor
Re: (Score:2)
They sound smart. Give users an effective blocking tool, sell companies advice on how not to get blocked.
Re: (Score:2)
I tend to use noscript default to allow, requestpolicy and ghostery, privacy is one issue, but another issue is security, how do any of these sites know what sort of security holes the code they're linking to has? What's more, it's completely transparent to the end user unless they're blocking all that crap.
Opt out does no good (Score:2)
If you use a different browser or delete your cookies, your back in. Best just use a HOSTS file and say screw it
to sites that ask you to receive ads. I am starting to see thank you for not using Adware banners but blocking most of the ads.
HOSTS files don't protect vs. IP addressed adbanners (rare) &/or IP address utilizing malwares (rare too, most used domain/host names because they're "RECYCLABLE/REUSEABLE"), so here, you must couple HOSTS files w/ firewall rules tables (either in software firewalls OR router firewall rules table lists)
Knew you'd show up, as this is your area of expertise.
I was very disappointed I was able to log into evidon.com or adroll.com.
Can't find APK just yet but just might use a 1+ meg HOSTS file and do it backwards;
remove the sites I wish to visit as the HOSTS file blocks them.
Re: (Score:2)
Hey APK,
Protip:
It's not the truth or value (or lack of) in your post that gets it modded into oblivion, it's the fucking insane length. In addition to TL;DR (which goes without saying for a post of such length), how about irritating readers by requiring them to scroll through 20+ screenfuls just to get to the next post.
If you want to publish a short story like this, please do everyone a favor and blog it somewhere, then provide a brief summary and link to your blog. Readers intrigued by your summary will
Re: (Score:2)
Are you sure you are replying to a real person and not a script?
This being said, if a script has a blog I would definitely be intrigued by it!
Re: (Score:2)
Good point! :-)
Re: (Score:2)
NOW - As to myself on that very note??
Yes - I have been, a dozen times or more in actual respected WRITTEN PUBLICATIONS in the art & science of computing (would you like a partial list?)...
I enjoy a good read. Please enlighten me with some of your published works.
Re: (Score:2)
Dear Mr Coward, I read through your entire post but saw no mention of MyCleanPC anywhere. Surely this is the ultimate in PC threat prevention and cure?
So why aren't you protecting yourself? (Score:3)
You could be using Tor, or surfing through a proxy, denying cookies, etc.
Why make it easy for them?
Re: (Score:1, Insightful)
You obviously haven't used tor, it's slow as molasses
Re: (Score:1)
Because that kind of passive measures are not very effective.
Also, the enemy has so much money which they are paying to some top programmers in the world, that they are just immensely more powerful technically.
What we need is a new kind of company who will work for the people's protection. I for one would gladly pay a subscription fee to have that information poisoned. The real problem is not that there is no protection; the real problem is that noone cares. Most people want to be tracked. If they didn'
Re: (Score:1)
Because browsing through Tor does jack and shit?
Re: (Score:2)
you actually think using Tor prevents them from tracking you? Your IP address is only *one* of the multiple things they track.
Re: (Score:2)
I do something even better than using Tor for browsing internet: I use a stolen MacBook, and I make sure to get a new one every week. On the plus side I get to listen to different music all the time, without this approach I would have never guessed Justin Bieber has so many different songs.
Re: (Score:1)
It's over. Privacy war lost. (Score:3, Interesting)
Enough to drive an honest man to fraud.
Use Ghostery! (Score:5, Informative)
Ghostery (Firefox plugin) allows you to block these trackers, it works great and you can also see when sites are loading the tracking code.
Re: (Score:1)
Posting anonymously because I just modded you up. :)
But I have to agree. I use Ghostery.
Re:Use Ghostery! (Score:5, Informative)
Ghostery (Firefox plugin) allows you to block these trackers, it works great and you can also see when sites are loading the tracking code.
https://www.ghostery.com/ [ghostery.com]
Re:Use Ghostery! (Score:5, Interesting)
Re: (Score:3)
One possibility might be to set up a server that 1) receives tracking cookies from people, and 2) returns a random tracking cookie from its collection whenever asked by anyone. Think of it like a cookie swap exchange, where your brows
Re: (Score:3)
I'm gonna name my kid Spartacus.
I wonder how many of these cookies would be vulnerable to an SQL injection attack? Has anyone tried replacing all strings in all their tracking cookies with "drop tables;"?
Re: (Score:2)
Maybe, but even the act of sending the cookie back, even if it seems to have bad data in it, can give information about you -- what sites you visit, how long you spend there, etc.
Now, maybe a script that made random HTTP requests with random cookie data. It still would be tricky, and blocking the stalkers (especially facebook) seems much safer.
Re: (Score:1)
Right... (Score:3)
Simple way to not be tracked (Score:1)
Re: (Score:1)
There are also flash cookies and also fingerprinting. I noticed that some use javascript to create a 'fingerprint' eg: http://mpsnare.iesnare.com/snare.js
Re: (Score:2)
So, does NoScript work then? It disables flash unless you whitelist the domain it is coming from.
Data (Score:5, Interesting)
Does anyone know how he got the data they had on him? I'm looking at the opt out pages he listed and I don't see data recovery functions.
Re: (Score:1)
Only Opt out of Being Reminded (Score:5, Informative)
And even if they all comply with your opt-out request, it doesn't mean that they'll stop collecting data on you, only that they'll stop serving you targeted ads."
That line is the most important part of the story. The phrase "opt out" has been redefined by the marketers. You can not opt out of being tracked, you can only opt out of being reminded that you are being tracked. That is more than useless because it defuses the people most likely to be unhappy about these trackers with a false sense of safety.
Your only way to avoid being tracked is not to ever talk to the trackers in the first place. For the less technically inclined, the Ghostery plugin for firefox is pretty much set it and forget it. If you can handle looking underneath the hood of the internet, check out Request Policy [requestpolicy.com] which gives you extremely fine grained control over what stuff a webpage can pull in from other webservers. I default block all cross-site includes from other domains and white-list them on an individual basis and it really isn't too inconvenient. Besides the privacy benefits, it makes web pages load super fast when they don't have to pull in crap from 15 other servers.
Re: (Score:2)
First steps I do after creating a new Firefox profile:
why are you letting them? (Score:1)
1.) Install Ghostery. 2) Install AdBlock Plus. 3) Only accept cookies from sites you trust, and for best results clean those out regularly.
You can go the extra mile with NoScript, Tor, and so on, but even just doing Ghostery and turning off third-party cookies will knock out much of the problem.
Hosts file on the router... (Score:3, Interesting)
Went to his blog site - was covered with ads (Score:1)
So many ads on this guys site, that I couldn't read the whole thing, that ads were distracting me
Tail your proxy (Score:5, Informative)
I had a few users at work that were spending too much time on facebook, etc. and management asked me to block it except during breaks. So I fire up an old box and put squid on it and tell AD to force them to proxy through it.
I then did a tail -f on the /var/log/squid3/access.log file and howdy boy do some sites have a lot of crap called when you load a page. Even our small town local newspaper site would call up about 30 different domains on each page load. Some of them would put a java script in to refresh each minute to see how long one stayed on the page.
Now I see why I run no-script and ABP on my boxes.
I started blocking a lot of them but real work called and I'm guessing that I only got about a third of them.
The unfortunate thing is almost all the stuff on the web these days has a no-cache flag so running a proxy for web-cache/bandwidth reduction is almost useless. I only get about 2% cache hits.
Re: (Score:2)
Hmm... any chance to make the proxy ignore the no-cache flag with pages where you know they serve no purpose other than increasing their hits? It's not like I have to play nice if they don't.
Re: (Score:2)
Yes, you can override the no-cache headers in Squid. Use a refresh pattern and ignore or override the headers the server sends to defeat the cache:
http://www.squid-cache.org/Doc/config/refresh_pattern/ [squid-cache.org]
Re: (Score:2)
Now I see why I run no-script and ABP on my boxes.
I know better than to wish javascript were never invented, but when I have to deal with sites that don't work with javascript because they shit on themselves and sites that don't work without javascript because the web developers are incompetent in the space of about five seconds, I want to imminentize the eschaton.
Re: (Score:2)
It's a shame Ghostery doesn't work at the proxy/router level because they have done all this hard work for you. You could probably use their list as a good place to start though.
Minimum kit for browsing (Score:2)
2. Add NotScripts
3. Add FlashBlock
4. Add HTTPS Everywhere
5. Add Ghostery
6. Add AdBlock (cos why not)
That's your minimum kit to browse the web these days.
Ghostery's plan [venturebeat.com] is to sell all of your information to advertising companies. This isn't a bad thing necessarily, but you should probably know that before you install it.
Opting out just confirms your data (Score:4, Insightful)
It's not like we didn't notice yet that all sending an "opt-out" EMail accomplishes is to increase the value of your mail address because now it is confirmed to be one you actually use.
The only way to stop trackers is to mislead them with false information and block as many tracking as you possibly can. Relying on those that benefit from tracking to comply with your requests is naive at best.
I wish there was a button marked... (Score:2)
"I already bought this shit. GTFO!"
Nothing more annoying than searching for a product, BUYING said product, and then for weeks/months later being shown ads for said product that I no longer have an interest in... BECAUSE I'VE ALREADY GOT ONE, YOU SEE?!?!" /French accent
Holy Crap (Score:3, Interesting)
Does it really matter? (Score:3)
I don't see what is actually the problem. Isn't that better to have somehow targeted ads?
As for breaching my privacy: I'm just a record in billions of records for those companies. I'm pretty sure they don't give a shit about me as an individual, they care about categories and segments and groups. So what if they know which website I look at and how frequently. We are not talking about companies using my facebook pictures or my wishlist on Amazon, it's just ads.
Re: (Score:2)
Re:Does it really matter? (Score:4, Insightful)
Showing ads is fine when I am actually looking for something; no need to stalk me all the time. If I'm not looking for something I am not going to buy anything either. Oh and make it text ads only because I block everything else and I can't click on blocked ads, can I? Thanks!
Is this a letter for Santa Claus?
It's wonderful that you agree to see ads when you are looking for something; this is how Google makes money. But who pays for all the other websites that you visit for free? They are hosted somewhere on a server that has been purchased by someone, that has its power and cooling paid by someone, and is online because someone is paying the ISP. If you don't want paywalls everywhere, then so far the ads are the only viable solution to help those people pay for this infrastructure.
Or maybe you are one of those people who think that because you pay $35 a month for your internet access you should get all content for free. That reminds me of a girl I knew in college who was making and selling pirate copies of movies but according to her it was legal because she was paying for the blank DVDs and for her internet connection.
There is a serious flaw in the internet business model, everyone knows it. Ads are awful and even targeted ads have a very low conversion rate. Yet for most people there is so far no other way to make money. So why don't you stop whining like an entitled brat and instead start thinking about realistic solutions to this problem? If you find a good one you could make millions.
Those opt-out pages don't work. (Score:3)
On the Network Advertising Initiative Opt Out Page you can ask the 98 member companies listed there to stop tracking you and on Evidon's Global Opt Out page you can give some 200 more the boot
No, no you can't. I just tried the Network Advertising Initiative opt out page. It doesn't work. Out of 96 sites, 0 worked. I also tried Evidon. Looks like about only 80% of them can be shut off from that page. And now I have a horrible suspicion that all I've done is confirmed my existence to spammers.
You do all that work of opting out (Score:1)