Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Facebook Google Microsoft Privacy IT

A New Browser Extension Blocks Any Websites that Use Google, Facebook, Microsoft, or Amazon (theverge.com) 111

The Economic Security Project is trying to make a point about big tech monopolies by releasing a browser plugin that will block any sites that reach out to IP addresses owned by Google, Facebook, Microsoft, or Amazon. From a report: The extension is called Big Tech Detective, and after using the internet with it for a day (or, more accurately, trying and failing to use), I'd say it drives home the point that it's almost impossible to avoid these companies on the modern web, even if you try. Currently, the app has to be side-loaded onto Chrome, and the Economic Security Project expects that will remain the case. It's also available to side-load onto Firefox. By default, it just keeps track of how many requests are sent, and to which companies. If you configure the extension to actually block websites, you'll see a big red popup if the website you're visiting sends a request to any of the four. That popup will also include a list of all the requests so you can get an idea of what's being asked for.
This discussion has been archived. No new comments can be posted.

A New Browser Extension Blocks Any Websites that Use Google, Facebook, Microsoft, or Amazon

Comments Filter:
  • by flyingfsck ( 986395 ) on Wednesday February 24, 2021 @07:06AM (#61095156)
    I imagine that immediately after installing this utility the user will phone his ISP and complain that his internet stopped working.
    • Or at the least people will be wondering where their packages are because they can no longer pull up tracking.

    • by davide marney ( 231845 ) on Wednesday February 24, 2021 @07:59AM (#61095236) Journal

      When in "locked" mode this extension won't display a page that contains a detected request. Instead it displays a big fat warning. Initially this seems pretty useless, but you can use it as a dead man's trigger to test your ad blocker in real time: lock down all of this extension's "big tech" domains (except the one you use for office work), while also leaving your ad blocker on. If you get stopped anywhere on the web, it'll be because your ad blocker fell down on the job.

      • www.gnu.org will certainly work ..
      • That falsely implies that

        * ad == big tech, ... in reality, there are more ad companies
        * this blocker blocks all hosts from big tech, ... I can assure you that is almost impossible.

        In both cases, it's the vast majority, yes, but not 100%.

        • * ad == big tech, ... in reality, there are more ad companies

          Those independent advertisers that you are imagining (as in, imaginary) are owned by Google. All of them. Its the first thing Google did after IPO: buy up every independent advertiser

          • by tlhIngan ( 30335 )

            Those independent advertisers that you are imagining (as in, imaginary) are owned by Google. All of them. Its the first thing Google did after IPO: buy up every independent advertiser

            No, Google owns 99% of the "legitimate" ad market.

            There are plenty of websites that have ads that are not Google sponsored.

            Think sites like The Pirate Bay, file lockers and other sites. No traditional ad network would sponsor them, but there are enough alternative ones that host fake download buttons and other stuff.

            So no worri

    • by BeerFartMoron ( 624900 ) on Wednesday February 24, 2021 @09:56AM (#61095488)

      I imagine that immediately after installing this utility the user will phone his ISP and complain that his internet stopped working.

      Naw, they'll never be able to Google their ISP's phone number.

  • There's nothing to stop these companies from setting up multitudes of shell companies which will get their spam directly from these companies to pipe to you.

    • There's nothing to stop these companies from setting up multitudes of shell companies which will get their spam directly from these companies to pipe to you.

      You probably think adblocking doesn't work too.

      • About Time. However it can be improved by allowing the packets to be sent, only using a few random XOR bit transformations in the payload packets. Now if only the EU and their data laws looked at the packets - and imposed a tax.
      • Adblocking is a form of wack-a-mole.

      • Ad blocking without pretty smart parse tree processing already doesn't work.

      • Actuallyy ad blocking doesn't work... in the same sense that anti-virus doesn't work.

        It only works against those malware writers, and I'm including ads here, that don't check against the blocker first. Which is usually the abandoned stuff.

        In other words: Blacklists don't work. Use a whitelist. Like a well-configured firewall.

        • by Anonymous Coward

          You're a moron. Ad-blocking *does* work. I have literally *never* seen a single ad since installing uBlock Origin.

  • Big Tech Detective (Score:1, Insightful)

    by tokul ( 682258 )

    Or Loony Detective.

    If you want to improve privacy, block requests to sites that violate user privacy. Blocking everything related to "Big Tech" only puts you very close to other nuts with their space lasers and events that did not happen.

    • by Anonymous Coward on Wednesday February 24, 2021 @07:40AM (#61095198)

      The concentration of the modern IT infrastructure in the hands of only a few companies is a significant risk in may ways. You don't even have to block a lot of companies: Just block Cloudflare and the internet stops working for you. And Cloudflare terminates TLS on their servers. Do you know this excerpt from an interview with Cloudflare CEO Matthew Prince?

      We ran it as a hobby and didn't think much about it until, in 2008, the Department of Homeland Security called and said, "Do you have any idea how valuable the data you have is?" That started us thinking about how we could effectively deploy the data from Project Honey Pot, as well as other sources, in order to protect websites online. That turned into the initial impetus for CloudFlare.

      That's right, Cloudflare was basically a suggestion by the Department of Homeland Security, and now it's a Man-in-the-Middle between a large percentage of all web sites and their users.

      • by Anonymous Coward
        Well, that is why Cloudflare continue to provide services to various right-extremists, terrorists, etc. despite multiple calls to block them.
      • Cloudflare isn't they only game in town, not by a long shot. It's one of the few you can use for free though. Once you are booted off there you have to start spending real money or give up.

    • by Anubis IV ( 1279820 ) on Wednesday February 24, 2021 @08:45AM (#61095310)

      If you’re having a conversation with a friend and they stop you in the middle of a sentence to insist, “Just a sec, Bob has got to hear this!”, you might find it odd that Bob, whom you find odious, is now a participant in the conversation, but maybe your friend had a good reason for including Bob, so you let it slide.

      If you’re walking up to your friend to start a conversation with them, and before you can even say a word they stop you and insist, “Just a sec, Bob has got to hear this!”, you’ll find it rather odd that odious Bob is being invited to the conversation before your friend even knows what it’s about, and you may even choose not to have that conversation.

      If you’re walking up to your friend to start a conversation with them, and before you can even say a word they stop you and insist, “Just a sec, Bob and his best friends, Charlie, David, and Ernest, have got to hear this!”, you’ll walk away without saying a word if you’re a reasonable person.

      Why would we expect differently when it comes to the conversations we have with websites? That’s not conspiratorial: it’s rational.

      • Why would we expect differently when it comes to the conversations we have with websites?

        Because it's a false comparison, and Bob isn't listening to your conversation in the slightest. In fact all Bob is doing is seeing you to standing next to each other while you two literally shout out your conversation at each other to you in public. The best part is you're both talking in some strange language no one can hear so the only way that Bob is going to find out what you were talking to is if your friend goes and tells him that afterwards. And the reality is Bob doesn't go and tell this stranger yo

        • In fact all Bob is doing is seeing you to standing next to each other while you two literally shout out your conversation at each other to you in public. The best part is you're both talking in some strange language no one can hear

          All analogies break down at some point, and you've taken my analogy well past that point. Sure, the analogy breaks down as we get into technical implementation details, but at the conceptual level at which it was written and intended, the analogy still holds.

          The fact is, whenever a site does something like embedding third-party content or including scripts that make calls to third-parties, Bob and his buddies are being invited to the conversation in some capacity. Are they going to be privy to everything sa

    • It's about the most sensible *default*.

      How many N@zis would it have taken, for you to close the borders to all Germans *by default*?
      Apparently, for you the answer is "ALL of them".

      Hey, some Google hosts may still not be evil! Let's keep the head in the sand, and stick to the comfortable denial, calling everyone a nutjob who threatens to break it, like any good blackeyer!

      At some point you have to admit you're a conspiracy theorist, seeing "notjobs" everywhere.
      And we passed that point, mate.

      You can still add

  • To paint a better picture, the extension should try to load the website but blocking the microsoft/google/facebook/amazon acesses.
    I bet many will still work

    • by Anonymous Coward

      Many more won't. Those are the big cloud providers. You can't even load the first HTML of many sites without contacting their servers. This is highly likely even if your hosting provider is a small shop: They probably rent servers from the big ones.

    • Doubtful as many rely on javascript libraries hosted by google and amazon.
    • That is what I wanted to say. I, by & large, do that by using NoScript to block most things; I allow what I want and most sites still work well enough. If a site depends on javascript from all over - I just go elsewhere. If something is hosted at AWS (but not Amazon) I am relaxed, I do not like sites that us things like google fonts as google will look & remember.

    • "To paint a better picture, the extension should try to load the website but blocking the microsoft/google/facebook/amazon acesses.
      I bet many will still work"

      That's what Ghostery is for.

    • Much better: Redirect it to localhost, with a local server caching the files and replying with empty files if possible. That way nothing hangs. I do that for in-app ads.

  • by davide marney ( 231845 ) on Wednesday February 24, 2021 @07:47AM (#61095208) Journal

    Amazon: 18 requests
    Google: 59
    Other: 43

    • Yes, Slashdot is one of the literal worst.

      Just leave it sit and the ublock hit counter just keeps rising.

      • Wasting your phone's battery with background workers all the way, by the way. Even when you ope another app. It may have changed since Daylight, but I verified it myself before that

      • by ebvwfbw ( 864834 )

        Oh man, Ublock is like gold.
        I didn't realize it until I tried to watch a youtube video without it. Man, that sucks! Most of the internet sucks without it.
        Reminds me... I need to donate to that project again.

  • Doesn’t hurt to see what is being requested and by who.
  • a browser plugin that will block any sites that reach out to IP addresses owned by Google, Facebook, Microsoft, or Amazon

    So what happens when you run a whois query against the Economic Security Project website economicsecurityproject.org

    • It would have taken you less time to run the query than post about it...

      • by tepples ( 727027 )

        Not if grandparent is on mobile and someone else can run the query before grandparent can get back to a desk.

        The domain name ECONOMICSECURITYPROJECT.ORG is registered to "Contact Privacy Inc. Customer 124925184" through Google Domains

        • Let's say: not if the grandparent is on an Apple device. My Android phone appears to have no trouble running whois. I have a decent shell environment installed from the play store. I can run YouTube-dl too...

          Even with that, icann has a web based whois tool.

  • Use Pihole (Score:5, Informative)

    by Ritz_Just_Ritz ( 883997 ) on Wednesday February 24, 2021 @08:08AM (#61095242)

    It does a reasonable job of filtering the crap and blocking trackers without you having to do anything to the myriad devices in your home that want to talk to the interwebz.

    https://docs.pi-hole.net/ [pi-hole.net]

    You can install it on an inexpensive Raspberry Pi and tuck it next to your router. It probably took me a grand total of 20-30 minutes to put the Raspberry Pi 4 together and configure the software. It's interesting to see what gets blocked and which devices are chatty about phoning home. On average, mine blocks about half of all DNS queries and rarely seems to get in the way.

    Best,

    • by MeNeXT ( 200840 )

      Until your browser implements DoH and bypasses your settings. The only valid reason for DoH because the only way to hide from your ISP is a VPN.

    • And if you don't have a Raspberry Pi, you can easily run pi-hole via Docker on any PC you have laying around.

      1) Install Docker/Docker Desktop on a PC that you keep on 24/7.
      2) Follow the Quick Start guide [github.com] pi-hole maintains at their GitHub page for the Docker image, which basically boils down to saving their example docker-compose.yml file to disk, modifying it to suit your needs (documentation for doing so is on the page I linked), then running docker-compose up -d from the directory where you saved the dock

    • I put in a trial copy of littlesnitch a while ago, and it found enough interesting things to keep it.

      zoom, for example, tries to talk to several naked IP addresses when you launch, and more every several minutes. Blocking them does not stop it from working.

      Oh, and if you have the connection monitor out, you'll see that opening zoom apparently tells half of china to try to attack your ssh port . . .

      The Brave browser, supposedly privacy centric, also makes many contacts to naked IP addresses.

      • by jjbenz ( 581536 )
        That sounds like a pretty cool product. Do you know if anyone makes a similar program for windows or linux?
        • by hawk ( 1151 )

          I haven't the foggiest.

          I haven't used Linux (except in passing and on pi) since FreeBSD supported the hardware I was using in the late 90s, and have never used windows except on someone else's machine.

          And I haven't used FreeBSD except to access old files since Spotlight roped me into using Mac for my unix . . .

  • Plenty of developers us Google hosted APIs for things like JQuery. I'm sure a lot of sites out there would just stop working if you completely blocked Google. Maybe that's what some users of this extension want, but I'm pretty sure a lot of users will be amazed at how many things stop working and don't understand why it's not working.

    • Wait, why not just store jQuery on your own server?

      • by tepples ( 727027 )

        Moreover, with Firefox starting to separate cache per site [slashdot.org], the "user is likely to have recently loaded this version of jQuery from Google's CDN" excuse no longer holds merit.

      • I think the idea is to cut down on page load times because the user would more likely already have it cached if a bunch of sites are all pointing to the same JQuery URL. I see this to be on the level of extremely marginal gains as it would really only apply the first time a user browsed your site. Also, it would cut down on the amount of bandwidth you needed as you could offload some traffic to Google for free. Again very marginal gains as the user would only request on their first request, and it would

    • by mark-t ( 151149 )

      The biggest problem with blocking a company in the interests of blocking other sites that might utilize that company is that it would typically also block you from doing business with that company when you might actually want to.

      In other words, it is pushing an agenda that one should not be patronizing those companies without actually offering any justification for doing so that is visible to the end user.

  • One premise of this tools is fatally flawed. In their FAQ, they say that one reason a site might be locked is because they are using Amazon Web Services (AWS). That doesn't mean Amazon is getting any of the user's data. Consider AWS like a data center. A company may own a website which runs on AWS, but only that company is in control of what that website does, not AWS. Amazon provides the tools to create virtual servers, but has absolutely no control over what that company does with the server, other than w
    • by Junta ( 36770 )

      Well, you have privacy and control.

      AWS gives Amazon the ability to kill a lot of web content if they so willed. In my mind this control is the larger practical concern about AWS specifically. One company having that power over so much content is worrisome, whether they want to stop hosting something on purpose, or suffers some sort of business or technical problem that causes so much to go down.

      On privacy, in reality, they further do have the ability to crack into workload running on their infrastructure.

      • For website operators who seek to leave AWS behind, how does one go about finding a workable replacement for EC2 (VM hosting), S3 (static file hosting), SES (email sending with a history of maintaining productive relationship with the big webmail providers), and CloudFront (caching reverse proxy)? That is, how does one find a list of providers of each service and evaluate the quality of each provider's service?

        • It's all replaceable, either by one vendor, multiple vendors, or roll your own. Not necessarily "easy" but doable. That's the business value of cloud services. It's a turn-key solution to get started and operate in a dynamically generated environment. It's inconvenient to do it all yourself, and therefore people are happy to pay a provider that does it for them.
          • by tepples ( 727027 )

            That is, how does one find a list of providers

            It's all replaceable, either by one vendor, multiple vendors

            I'm aware of that. How does one find a list of such vendors?

      • Whether or not Amazon has the ability to pull the plug on a "bad" tenant (or a tenant Amazon believes is bad, which is a debatable point) is not really relevant here. I think the point of this extension is to show the end user which "Big Tech" company is getting their data (specifically, user activity tracking). Just because a site is running on AWS, doesn't mean Amazon is getting tracking data from a user visiting that site. In fact, Amazon does not and will not. If the premise of the extension is to sh
      • by leptons ( 891340 )
        Amazon makes far more money from their AWS hosting services than they do from selling products on their storefront. AWS is not going down for any meaningful period of time, that business is simply too profitable. Yes, there have been hiccups as any web hosting service has, but AWS has an uptime record that most web hosts only dream of.
        • by Junta ( 36770 )

          The point is it is a singular entity and fortunes can change.

          "Yahoo just spent 3.6 billion dollars on GeoCities, there's no way GeoCities will be a bad choice for posting your personal website"

          "MySpace is making a lot of money, there's no way they are going anywhere"

          Who knows what changes may occur to unexpectedly disrupt the state of affairs with Amazon.

    • And, pray tell, what does Amazon's execution of Parler mean for your argument?

      AWS was apparently quite aware of content, employees did not like it, and they booted it off - THEY clearly care about the content and THEY clearly are in fact in control. Yes, they play the Big Tech game of adjusting their "Terms of Service" in real time and then censoring based on the momentary meaning of those "terms", which I might add are not up for negotiation, nor are they equally applied - they're effectively implemented u

      • My post was not in defense of AWS. In fact, it was simply to point out a flaw in their premise. The content on that plugin's site says that the plugin was intended to show which big tech companies were tracking user activity. AWS did not track user activity on Parler. AWS decided to pressure Parler to apply moderation controls, which they couldn't do such a short period of time, and then booted Parler off. This was in reaction to AWS employees putting pressure on management to do something about what th
  • Oh, the irony!!!! (Score:5, Interesting)

    by Synonymous Cowered ( 6159202 ) on Wednesday February 24, 2021 @08:53AM (#61095334)

    So it looks like they're a bit up in arms about relying on big tech. So lets look at their website in Chrome Developer Tools. OK, it looks like they managed to make their tiny, tiny website (all 4 or so pages of it) work fine with no outside reference to big tech. But wait, what's this at the bottom?

    "Big Tech Detective made possible by the Economic Security Project"

    OK, let's check out their website at https://www.economicsecuritypr... [economicse...roject.org] in the Chrome Developer Tools in the Source tab:
    connect.facebook.net
    fonts.googleapis.com
    fonts.gstatic.com
    px.ads.linkedin.com
    snap.licdn.com
    www.facebook.com
    www.googletagmanager.com

    Well, I guess they aren't THAT concerned about reliance on the "Big Tech" companies

    • You've reached your final evolutionary form! [knowyourmeme.com]
      Congratulations! No way but down now!

      • If you don't get it AT ALL, maybe don't be a smug asshole. Cause to me, you look like the guy in the well there, and it took me some time to realize you meant it the other way around. When do you start helping?

      • So it's now meme-ish to call out people who say "we should do X" while not themselves doing X? If so, then a meme I happily am.

    • Yeah, I get the same feeling when politicians in NZ complain about Facebook, etc...Yet almost all the Party's are allowing or using the same companies to track [masonbee.nz] their users.
    • by Whibla ( 210729 )

      So it looks like they're a bit up in arms about relying on big tech. So lets look at their website in Chrome Developer Tools. OK, it looks like they managed to make their tiny, tiny website (all 4 or so pages of it) work fine with no outside reference to big tech.

      I'd say that was a slightly twisted take on their beef. If I had to try to summarise their position I'd say they were up in arms about big tech abusing their position in the market, and abusing the relationship they have with the public. You can probably spot the common theme: abuse.

      But wait, what's this at the bottom?

      "Big Tech Detective made possible by the Economic Security Project"

      That would be their "shout-out" to the organisation that, presumably, provided them with the funding they needed to create and host the project. As it says under their FAQ's: "Based on the groundbreaking reporting by Kashmir Hil

  • The geek may be obsessed with the browser, but that is not where the action is these days. Smart phones. Smart TVs. Smart speakers. Etc. You can spend your entire day with Amazon, Apple, Microsoft, Google and the rest and never open a general purpose web browser.
    • LOL. Geeks obsessed with the ... browser?

      The browser is exactly what we geeks associate with clueless kids and Eternal September. Apps are just one step worse (or equally bad).

      A geek loves his command line and scripts and toolkboxes of small nice well-made single-purpose tools. Not some kind of Thermomix AOL abomination. :)

      I'm a graphics-loving "geek" too, but most geeks I've seen here, wonder if colors in Lynx or mutt aren't a step too far ;)

      I rewlly wish there was a shell that fits the geek spirit but is

      • by grub ( 11606 )
        Yeah, the lad seems to think "the internet" is the web. Wish I had mod points for hte Eternal September reference.
      • Command line? Single purpose applications? Real geeks whistle at 2400 baud and do all their communicating that way.
      • You are confusing geeks with nerds.

        The nerds were saying how stupid that new WWW thing is in #hack and #phreak on IRC before there was ever a WWW search engine of any kind.

        The nerds were unpopular in your school because they were smart and awkward.
        The geeks were unpopular in your school because they were dumb and awkward.

        Using tech doesnt mean you are smart. If all you do is use tech, not anything else like develop, hack, bodge, and cobble, then you are a geek. You are ascribing geek behavior to nerd
      • Before the web, banks had their own online banking apps with text console interfaces. I imagine there were lots of other single-purpose apps (or "small nice single-purpose tools") for other uses. Then came the browser, and suddenly you didn't need a separate app for accessing every single piece of information out there. I think that was clearly an improvement.

        The current "app" craze with "smart"phones is a step backwards in that sense. Except there's no technical reason to do that, they only do it to inc

  • I guess they aren't THAT concerned about reliance on the "Big Tech" companies
  • *ba-dum TISS*

    Doesn't Chrome already phone home everything you do?

  • by kalpol ( 714519 ) on Wednesday February 24, 2021 @10:13AM (#61095526)
    Raymond Hill's uMatrix extension was great at this, and really valuable in seeing and blocking the hooks Google has in literally almost everything. And you could unblock whatever you wanted.
    • uMatrix is an extension I find indispensable, but it works off domain names, whereas this one claims to work off IP addresses.

  • I'd say it drives home the point that it's almost impossible to avoid these companies on the modern web, even if you try.

    I'd say it completely misses the mark in that regard if it also doesn't let you patronize those companies even if you want to.

  • "The app needs to be side-loaded in Chrome"

    Just stop right there. If you're browsing in Chrome you are using a Google product.

    Also the list (at least in TFS) doesn't include Apple. If they are not included in a list of "Big Tech" then the list is too opinionated. They are the biggest (by a few definitions) of the tech companies out there right now. What are the criteria? Oracle could still easily be on that list... try to use the internet without Java or any company using an Oracle database somewhere in-hou

  • Is it a plugin for Microsoft Edge, or Google Chrome? lmao

  • by Jerry ( 6400 ) on Wednesday February 24, 2021 @05:00PM (#61097154)
    an appropriate host file, like: https://github.com/Ultimate-Ho... [github.com] for example. It sure speeds up browsing when all your bandwidth isn't stolen by bots trying to access servers unrelated to the site you are reading.
  • Comment removed based on user account deletion
  • so, like ghostery, but with extra exhibitionist masturbation?

  • Comment removed based on user account deletion
  • A Chrome extension to block Google. Am I missing something here?
  • I just put their addresses in /etc/hosts to block them everywhere. Works great no side effects except that ad links return 404 errors. So Google tracking is very limited and not dependent on a browser.

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...