Google Is A Serial Tracker (softpedia.com) 110
An anonymous reader writes: Two Princeton academics conducted a massive research into how websites track users using various techniques. The results of the study, which they claim to be the biggest to date, shows that Google, through multiple domains, is tracking users on around 80 percent of all Top 1 Million domains. Researchers say that Google-owned domains account for the top 5 most popular trackers and 12 of the top 20 tracker domains. Additionally, besides tracking scripts, HTML5 canvas fingerprinting and WebRTC local IP discover, researchers discovered a new user fingerprinting technique that uses the AudioContext API. Third-party trackers use it to send low-frequency sounds to a user's PC and measure how the PC processes the data, creating an unique fingerprint based on the user's hardware and software capabilities. A demo page for this technique is available. Of course, this sort of thing is nothing new and occurs all across the web and beyond. MIT and Oxford published a study this week that revealed that Twitter location tags on only a few tweets can reveal details about the account's owner, such as his/her real world address, hobbies and medical history. Another recently released study by Stanford shows that phone call metadata can also be used to infer personal details about a phone owner.
Joke's on them! (Score:5, Funny)
I don't even have a computer!
Sent from my iPhone 6.
Re: Joke's on them! (Score:4, Funny)
Jokes on you! I don't even have a phone.
Sent from my pager.
Re: Joke's on them! (Score:1, Funny)
Jokes on you! I don't even own any digital electronics!
Sent from my abacus.
Re: (Score:1)
I am not even here, but AI posts ...
Re: (Score:1)
Jokes on you! I'm not even alive!
Sent from my grave.
Re: (Score:1)
iPhone is a computer. :P
Re: (Score:3, Funny)
Joke's on you! I don't even have a sense of humour!
Re: Joke's on them! (Score:1)
No shit Sherlock. That's the joke.
Re: (Score:2)
Computer yes, personal computer no. An Android tablet is a personal computer, as the person who owns it can control what computing is done on it by installing an app for making apps, such as AIDE. An iPhone or iPad is controlled by Apple unless paired to a Mac running Xcode.
The joke is that many non-technical users misuse "computer" to mean "personal computer". But many users who know just enough to be dangerous can't tell certain differences that bear on their continued freedom to compute.
Re:Joke's on them! (Score:5, Funny)
it get worse... (Score:5, Insightful)
If you do your damned best to block Google's tracking - not loading their scripts and so on - the Web is broken. So many sites use Google scripts for required functions that things just don't work any more. "The open Web" is now "The Google Web".
There might be hope though. Some people have packaged up the Google scripts (sanitized?) so that your browser can load them locally, and you can still block Google IP ranges without breaking every fucking site on the web.
Letting one company become THIS pervasive? Not so good for fault tolerance, privacy, and decentralization of control.
Re:it get worse... (Score:5, Informative)
You want this [mozilla.org].
Re: (Score:2, Interesting)
Decentraleyes is a start but it doesn't keep local copies of everything.
It also doesn't play well with other stalker-blockers because it intercepts the access to the actual website. So if adblock stopped the browser from even trying to go to the website then decentraleyes doesn't get a chance to do its thing. But if you completely unblock the website than anything decentraleyes misses ends up going to the real website.
Re: (Score:1)
ISPs can do way much better tracking especially if that ISP is Google.
You didn't think Google was building out fiber networks with reasonable charges because it was good, did you?
Re: (Score:2)
Let's call it a joint venture. But I agree NSA will simple join up with Google instead of developing everything in parallel. Eric Schmidt certainly doesn't mind.
Re: (Score:3)
Given that 3 or 4 articles before this one is another article about Google's self-driving cars, I have to ask: has it occurred to anyone besides me that Google might want to use those cars to track you in the real world, as well as online?
yes, i used to see women's intimate ads (Score:4, Interesting)
Re:yes, i used to see women's intimate ads (Score:5, Funny)
half naked women on my slashdot page
I'm failing to see a problem with this
Re:yes, i used to see women's intimate ads (Score:4, Insightful)
Re: (Score:2)
"Your wife would like this" :)
That's a nice attempt to excuse the poor tracking but the fact is it simply does not work well.
Re: (Score:2)
... week later on my lenovo at work i'm seeing ads from the same sites she visited. same with Fredricks of Hollywood. she bought a costume there for halloween and i saw their ads at work with half naked women on my slashdot page.
Why aren't you blocking ads to begin with on a machine you're using at work?
Tracker (Score:4, Insightful)
They misspelled "stalker".
Where is the government? (Score:2, Insightful)
This is where regulators need to step in. Simple legislation is all we need: if you don't own a domain, you can't track people on it, unless it's something like an OAuth login.
Re: (Score:2)
if you don't own a domain, you can't track people on it, unless it's something like an OAuth login.
Loophole: Google could encourage website operators to add "[G+] Sign in with Google" and "[+1] Share on Google" buttons in order to claim that the tracking is to more strongly authenticate users of the OAuth-based OpenID Connect protocol.
Re: (Score:2)
This is where regulators need to step in. Simple legislation is all we need: if you don't own a domain, you can't track people on it, unless it's something like an OAuth login.
They are stepping in. Their intelligence services will be taking full advantage of it.
Shame on you, web masters! (Score:1)
Who makes their own web site dependent on a third party server just to load some static script library files? Almost everybody, that's who. There isn't a system simple enough that blithering idiots like you lot can't subvert and ruin.
Or sign contracts with 20 social media sites (Score:2)
AddThis ostensibly exists to make it convenient for a website's viewers who are also members of social media sites to share URLs of HTML documents with their followers. Unless a particular social media site offers a keyless intent API, such as Twitter's Web Intents [twitter.com], the alternative is for each website publisher to maintain contractual relationships with a dozen or more different sites to get API keys and add their individual button codes, and not every publisher wants to spend time on that.
And there's no escape... (Score:5, Insightful)
I can use OS/X, Linux. With all the fervor over Windows 10, there's still Windows options to reduce or turn off telemetry off (in some versions). Google's been doing this forever, making billions for it, and there's no escaping it. Why won't Microsoft get in on the trend to make a better OS?
No option to self host your own Google software, no way to get them to truly honor your preference not to track you, nothing. I can't even pay them to do so. And if my employer or school uses their applications, I have to trust them that they don't track those users, but if some of the current lawsuits against them turn out to be true, that trust was misplaced.
Look, if you want to make software services, just do so. But Google can't let go of ads or advertising revenue and are dragging other software companies with them. Frustrating. But, go ahead, keep using Chrome and making fun of MS or Apple for having their own browsers and cheer as their market share goes down.
Subpoena basic telemetry in a fishing expedition (Score:2)
With all the fervor over Windows 10, there's still Windows options to reduce or turn off telemetry off (in some versions).
Only Windows 10 Enterprise, which most users are unlikely to have, includes anything resembling an "off" setting. The minimum setting on Home and Pro is "basic", which lets Microsoft see all installed applications, all installed device drivers, and the IMEI of your laptop's aircard if any. It may sound innocuous, but in some cases, the presence of a particular application or driver on a computer may incriminate a user if some big company decides to go on a fishing expedition and subpoena Microsoft for this
Re: (Score:2)
Someone who wants to, say, block all Google-owned hostnames can't block *.blogspot.com.
Serial...? (Score:3)
I think parallel is a much better word....
Re: (Score:2)
It certainly has much wider adoption.
Well duh (Score:1)
They bought doubleclick.net ten years ago when it was probably the most notorious tracking site around, *and* they have Google Analytics which they've been peddling to web sites forever.
Re: (Score:3)
Re:Well duh (Score:5, Insightful)
I just move on in that case. I need their content less than they seem to need me.
Re: (Score:2)
Good to know. If I run into content that I care about enough, I will have a look.
Re: (Score:2)
I have never had an issue with streaming sites while blocking Google Analytics, using Privacy Badger. I also have the GA opt-out cookie set, just in case it slips through anyway.
Re: (Score:1)
I also have the GA opt-out cookie set, just in case it slips through anyway.
I'm sure that won't be tracked!
Re: (Score:2)
Well, obviously you have to trust that Google are actually telling the truth when they say it opts you out of GA. That's why I use uBlock and Privacy Badger, too :-)
And if they're tracking "hey, this guy doesn't want to be tracked by GA", that's OK with me.
And you were all worried... (Score:1)
... about the NSA
Oscobo....No Tracking. Just Search. (Score:2)
Re: (Score:1)
Unfortunately it is become more and more complicated to keep one's information off the internet. Multiple solutions are required:
1. Use a hosts file that blocks ads / tracking cookies / spam, etc.. mvps.hosts.txt [mvps.org]
2. If you use Chrome always browse in Incognito [google.com]
3. If on Windows periodically run Spybot Search and Destroy [safer-networking.org]
4. Avoid Fazebook, LinkedIn, and other data-harvesting sites
5. Use Privacy Badger [google.com]
6. Always deny contacts
7. Stay off the internet as much as possible.
I'm sure others will post more tips.
Re: What about something like Disconnect? (Score:1)
Thank you.
Re: (Score:3)
In response to the fact that this audio fingerprinting -- at least the researcher's implementation of it -- relies on ajax.googleapis.com, I'm thinking that hosting all that shit [google.com] locally and redirecting googleapis.com to 127.0.0.1. I have no idea if it would work, but it seems necessary. : (
Also, I don't trust "smart" blockers like Privacy Badger (or Ghostery, or Disconnect). Instead I use RequestPolicy Continued to block all cross-site requests by default and whitelist things manually.
Re: (Score:1)
simple answer:
1) block all clientside scripting by default (if you don't you're privacy is basically gone, all clientside scripting gets abused to fingerprint you)
2) block all 3th party content by default
3) make sure your browser header are minimal (i.e. don't send useragent, referrer, accept-charset, accept-language, dnt, if-modified-since, if-unmodified-since, if-match, if-none-match, if-range headers)
4) selectively and minimally enable 3th party content and clientside script as needed by using something
What is said vs what is done... (Score:3)
Cereal tracker (Score:2)
We're out of corn flakes and don't forget the milk!
Google is Evil (Score:5, Interesting)
Oh the irony. "Don't be evil". Perhaps Larry & Serge should have paid attention to Friedrich Nietzsche
"He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you."
Google (Score:3)
They went from Don't be evil, to Do only evil in record time. Wonder which one made them more money ? Google makes Microsoft look like amateurs, though to be honest it doesn't take much to make Microsoft look like amateurs.
Google Is A Serial Tracker - really? (Score:1)
Google Is A Serial Tracker
I always thought that it was a concurrent tracker.
Incognito (Score:2)
Re: (Score:2)
Does that prevent the fingerprinting techniques they use? I wouldn't have thought so.
Re: (Score:2)
Re: (Score:2)
So, it doesn't prevent the fingerprinting mentioned?
Re: (Score:1)
incognito only helps you hide your browsing from a snooper on your own pc,
it doesn't do shit to prevent tracking through clientside scripting (which is most tracking)
Re: (Score:2)
Conscious decision (Score:2)
At each ofl these 800 thousand domains, it was a conscious decision by each webmaster to put links to Google on their page.
Re: (Score:1)
Re: (Score:2)
I use requestpolicy [continued] too, but I had ajax.googleapis.com whitelisted because almost every damn site needs it so the test worked on my browser. : (
Re: WTF!? Demo Page Uses Google APIs (Score:4, Insightful)
See the other AC's reply. I ran the demo page on firefox and chrome and the fingerprint is vastly different. You can try it for yourself. It seems like the browser has a significant effect on the results.
Re: (Score:2)
Oh well. It doesn't run on my iBook G4. You think I'm going to play with tracking sites using my primary system?
I ain't clickin' that shit, .....