Slashdot Mirror

One compound word: Junkbuster. Blocks cookies like a charm, and it's not near as hard to use as they make it sound.

I also noticed when checking out the articles that CNet uses doubleclick so you may want to browse the articles with cookies off.

Or use the Internet Junkbuster and selectively filter who you send cookies to. As a general rule, I don't visit sites that require me to accept a cookie unless 1) I really need something there, or 2) it's in my own best interests to accept the cookie. DoubleClick's cookies fall into neither of those two categories.


---

otherwise, you can either set your cookie file to read-only so no changes are saved between sessions or write a batch file to delete or copy a default cookie file each time you start the browser.

you can also go to the doubleclick site and opt out of their system. they'll set a cookie that lets them know not to track you anymore. ironic isn't it?

other forms of disruption would be sharing your doubleclick cookie with hundreds of other people, rendering their data useless.

What I'd like to see is an ISP that promotes itself by offering an ad blocking service (using something such as the Junkbuster proxy as these ads are very irritating to those on slow connections, however I never block ads myself as I understand how many sites would not be able to operate without the income these generate, but if I was on a modem then I'd see things differently particularly if I was paying call charges.

I'd also like to see a feature where Mozilla could automatically download a blocklist from a user specified central server periodically. This would be for blocking ad images and perhaps cookies and not websites. This feature would havew to be switched on by the user and they could select the server they trust to maintain the blocklist (or companies and organisations could maintain their own).
--

If you want to filter banner ads out a simple way to do it with most browsers is to use the Internet Junkbuster filtering proxy, or if you're using a fairly recent release of Mozilla you can use their image manager (Edit | Advanced | Cookies and Images or Tasks | Privacy | Image Manager) which lets you specify hosts that you'd rather not display images (such as ads.doubleclick.net), or you can only allow images that appear from the site you're viewing or you can selectively allow images by means of an interactive dialog (a similar management system applies for cookies). Hopefully the image manager will be included with the next release of Netscape 6 as it's a useful ad blocking feature.
--

• wafer NOTICE=Do not send copyrighted information other than the specifically requested document and it's components. Note especially, license conditions (copyright or otherwise) on cookies or other information not normally visible and not specifically requested are not agreed to
• wafer COPYRIGHT=Personal information contained herein is exclusively for use in the requested transaction. All other rights are reserved. Any other use is forbidden without written consent.
• wafer CONDITIONS=NOTICE: By responding to this request, you agree that the requester is not bound by any terms and conditions other than that which they expressly greed to.

chandler quoth
[...]because they have already started collecting my IP, adding cookies, targeting ads, etc - all of which I voided my privacy rights for because of some agreement I never saw!

[prediction] In a little while, there'll be a new law/addendum to UCITA that makes these step-on-agreements valid. [/prediction]

Junkbuster already does this. It calls them wafers. You can configure it in all kinds of cool ways.

• Edit > Preferences > Advanced > [ ] Automatically load images
• JunkBuster
• Lynx or its ports at fdisk.com

Where are these ads again?

I have decided to thoroughly support adblocking. I believe (but I can't prove) that if you can't support your site without ads, you have lower quality stuff. Take PBS... no matter how people complain about their fundraising campaigns, it's still here. And it's the only radio station on the dial (monopoly alert) that plays classical music. (WNED FM, 94.5 MHz, Buffalo NY) So I say that a non-commercial web can exist, it will just be sans news... like a library.

For those of you saying, "Story? What story?" it can also be reached minus frames and ads, and/or while using a proxy like Internet Junkbuster. But disable JavaScript before you read the story here.

Are you a sysadmin? Have you considered setting up a Junkbuster proxy alongside your Squid caching proxy and recommending it to your users? You can save a lot of bandwidth by letting your users opt out of banner ads. Most of them don't like 'em any more than you do.

(If you use Debian on your server systems, Junkbuster is available in both slink (the current stable release) and potato (the current beta release) as the package "junkbuster".

If you use a Macintosh for your home system, as I do, I recommend to you the iCab Web browser, which almost exactly duplicates the image-filtering abilities of Junkbuster -- right there in your browser configuration.)

Advertisers do not have any right to your bandwidth or your private information. However, you need not rely on the FTC or any other branch of government to protect you, your children, or your institution's resources. And if you're only willing to stand up for your rights if government will help you -- then what rights do you really have?

Although they don't recommend using it for such purposes, Junkbuster can also be used for blocking.

--

What about all the TCP/IP packets generated from mass advertising? It slows down the 'net for everyone, not just for those people who are the targets of the marketing.
I propose that either (1) the marketing companies who make banner ads pay an internet "use" fee to help provide revenue to maintain and upgrade internet infrastructure to help keep network speeds from degrading, or (2) users ought to be able to block banner ads, as is possible with software available through third parties like Junkbuster or simply your /etc/hosts file. And CMIIAW, blocking ads is impossible while using the software provided by the free ISPs.

As long as their server only counts ad impressions or ad click-throughs for billing purposes, I'm not adding to their advertisement bottom line.

Yes, IJB works great. I use Stefan Waldherr's slightly hacked version from http://www.waldherr.org/junkbuster/. (It displays a "Junkbuster" image as well as the empty image or a broken link.) Also check out his filter files on the update page.
--

...which is why I use JunkBuster.

As long as their server only counts ad impressions or ad click-throughs for billing purposes, I'm not adding to their advertisement bottom line.

I post on this forum because it is freely available to the world. I understand the philosophical unease someone might have with formerly "free" comments being gathered and edited for a non-free publication, for someone else's benefit.

People post comments, to make their ideas heard, but their choice of forum is also a comment, if that makes sense. Some people want ideas to be exchanged freely. I know I feel that way, and so I don't willingly donate my free time to creating content that someone else plans to package and sell.

I suspect I'm not alone in feeling this way. (Though I stop short of condemning this book. My feelings are mixed on this subject.)

ObOT: I am, however, livid about Slashdot's new affiliation w/ DoubleClick. I encourage all readers to grab a fresh copy of Junkbuster and terminate Slashdot's ad revenue w/ extreme prejudice.

-Isaac

In the UK, one of the conditions of having a Sky-Digital set top box is that you must connect it to a telephone line.

Quite what information is transmitted back-to-base over this link is unclear, although it's a safe bet they're tracking their slave^W customers' viewing habits.

Cookies are broken. They've outlived their usefulness, and are hopelessly open for abuse.

I have two suggestions:

• For single-session state tracking, cookies serve a purpose -- in fact this is largely what they were designed for. To this end, allowing cookies -- for the duration of a single browser session and possibly less -- may be a legitimate use.
• For authentication and account-state tracking, stronger, more user-controlled, and less spoofable means are required. One technology already exists -- public key encryption and challenge-response based authentication.

The first suggestion would allow cookies to be used to track navigation and state through a single session at a site. The functionality is already available in a browser such as Netscape Navigator if you link your cookie file to /dev/null (Linux/Unix) or to a directory (Windows). Cookies are accepted but not permanently stored on your system. The upside is that cookie-dependant features of sites work. The downside is that state such as user ID and passwords have to be re-entered for each browser session.

PKE/CRA would work based on public/private key pairs, as with PGP. A user could generate as many or few of these key pairs, and optionally share them (both public and private) with other users, as desired. On entering a site requiring registration, the user could choose the key (the session identity) to send the site. If a private, secret identity is chosen, the session is personal. If a generally known key (say, cypherpunks) is sent, the session is authenticated, but not private. The remainder of the session is transacted over secure links (SSL), and cookie or other state-tracking could be used to register and/or log activity.

The strength of this scheme is allowing a user to specify both the degree of authentication, and identity authenticated used when browsing sites. If desired, keys could be generated and destroyed on a regular basis, reducing the utility of any tracking of keys. Control over whether to authenticate, who to authenticate to, and who to authenticate as, is left to the user.

Existing browser technology has been driven very strongly by server-side interestes -- user tracking, profiling, and e-commerce vendor desires. The interests of the user have not been represented, and are only partially filled by such patches as IDcide and Junkbuster (I'm another satisfied JB user). We've got the source, and with it the ability to reclaim the power.

What part of "Gestalt" don't you understand?

Actually you can, well since Version 1.2 according to the docs (and it works for me on version 2.0.2). Just add the URL of the server you want to accept to the "cookiefile". You can use masks there, too, and if you don't care about privacy just an asterisk (*) on a line by itself will allow all cookies. If there is no cookiefile specified, all cookies will be denied (this could be how you're setup). If you go to http://www.junkbuster.com/cgi-bin /show-proxy-args and have Junk Buster running, it will list the arguments that server is running with. Check out their site, they have pretty good docs there.

Actually you can, well since Version 1.2 according to the docs (and it works for me on version 2.0.2). Just add the URL of the server you want to accept to the "cookiefile". You can use masks there, too, and if you don't care about privacy just an asterisk (*) on a line by itself will allow all cookies. If there is no cookiefile specified, all cookies will be denied (this could be how you're setup). If you go to http://www.junkbuster.com/cgi-bin /show-proxy-args and have Junk Buster running, it will list the arguments that server is running with. Check out their site, they have pretty good docs there.

There is a simple solution to the banner ad problem (GIF's and cookies)
I use Internet Junkbuster witch is OSS. IJB home I can specify domains that are banned as well as regular expressions to ban anything from a site.
I do not see anything from doubleclick, blockstackers etc. That keeps my privacy as well as speed up my page loading...

Of course there's always Junkbuster. More info available at their site, but the gist is that it's a proxy that filters banner ads and cookies. I use it both on my laptop when i'm roaming, and on the network at home. Evil places like doubleclick can be completely dropped from ever giving or reading cookies from your browser. Of course, making those pesky banner ads disappear is easy too, I haven't seen /. with banner ads since I started using it. :)

Doesn't exactly sound revolutionary to me. In fact, this sounds a lot like what the Junkbuster proxy can do, which runs on Linux and Windows, can also block ads, and is released under the GPL. http://www.junkbuster.com.

Last I saw, the Junkbuster was free software. As I'm pretty sure you know, its sole purpose is to block sites you don't want to see. It can easily be combined with a firewall prohibiting outbound connections to port 80 to force a machine's users (i.e. your kids) to rely on it for web browsing. Sounds like a net filter to me.

No two censors agree on what should be censored,

Here's the thing: I'm pretty sure that any Scientologist will agree that xenu.net should be blocked. I'm pretty sure that much of PFLAG thinks that godhatesfags.com should be blocked. I'm pretty sure that there are a lot of other small groups who agree about blocking/unblocking decisions, and are willing to spend the time to write their own filter.

They can each have their own filter.

I understand that the Scientologists actually have their own special net filter, to keep their flock focused on acceptable thoughts (or whatever). That's fine. They chose to be Scientologists (dumbasses... but I digress).

I use the Junkbuster to block ad.doubleclick.net. That's also fine. I chose not to be tracked or advertised to. I've also imposed that decision on my girlfriend, who chooses to use my box to access the net, and on anybody else who would (hypothetically) want and get an account on my machine.

Both cases are voluntary censorship, and perfectly valid.

For that matter, as far as the software itself goes, I share many goals with the Scientologists. We both want the software to be an effective blocking agent. We just disagree on what to block. For that reason, we can collaborate on building open-source blocking software, and use different blocklists.

An "Open Source mindset" should be able to encompass a group of interested individuals who choose to block their own access to a bunch of sites. The problem comes in when they block other people's access to the sites. Junkbuster can be just as restrictive as any other Censorware program, if you use it that way. It can be very effective in ensuring that your public library will be safe from http://hottits.com (and http://aclu.org). As long as you can choose your own filter, though, there's no problem -- and since (by definition) you can't control what free software is used for, you'll see open-source filter programs developed for voluntary self-censorship, and used (by jerks) to censor others.

--

I don't see banner ads. I use the Internet Junkbuster Proxy. (It's GPL.)

I read somewhere recently that it's not much effort to remove banner ads on the fly without downloading them. I didn't read how to do it...

Here's how to do it...
Go to http://www.junkbuster.com/, download Junkbuster, set it up, and start blacklisting ad sites (it doesn't come with a list of such sites, but you can either download one or make your own list of them. it's not hard). If a site is on the blacklist, Junkbuster will refuse to allow the URL to be loaded, returning a simple error message to the browser instead.


=================================

This is great news, but the fact is, that it can be stopped already. The Internet Junkbuster does a fantastic job of filtering out banner ads, and can be used to filter cookies as well. DoubleClick (and others) can try to track me as much as they like, but since I have the IJB set up to reject all cookies that I haven't explicitly allowed, they're going to have a hard time doing so.

Javascript is useful for lots of stuff. Like check out the link in the middle of this page. You don't even have to click through, yet it will take you to the next page. Think of the ramifications for ad forwarding. Oh wait, that was (d). You're right; javascript is useless.

If you're running Windows (which I wouldn't recommend), then you can run Proxomitron which is a stupidly named yet sublimely wonderful non-caching proxy server (like the Junkbusters one) that you can run on your own client side which will let you strip out all the annoying javascript crap you hate (in addition to filtering out ad banners). You'd actually be able to go to Geocities websites without that stupid branded logo in the corner, that is, if there is anything at Geocities worth seeing. The friend whose computer I set it up on has had only good things to say about it.

Banner ads? Pfft. I use junkbuster. Haven't seen a banner on slashdot or freshmeat in months.

Here are some easy-to-use filtering personal proxies.

Junkbuster
Waldherr's version of Junkbuster with 1x1 transparent GIF support instead of "broken image" icon
Webwasher for Windows. Free from Siemens AG.

These should get you started towards an "all phat no wack" surfing experience!

In netscape, you can disable cookies from other hosts than the page being viewing. This effectively blocks Internet-wide tracking like doubleclick.net.

Sorry to shout, but I fear many people share the same misapprehension. Cookies can be attached to images as well as to web pages. By attaching cookies to banner ads or invisible GIFs served from a common source, servers can pass information about you between themselves. Since the cookie comes from the same source as the image, the "Only accept cookies originating from the same server" option will gladly accept them. You must block or delete cookies if you wish to prevent this tracking. (Also note that even the mighty, mighty Junkbuster won't protect you fully - cookies can still get thru in Javascript and SSL.)

For a detailed explanation see Chapter 9 of Phillip and Alex's Guide to Web Publishing (scroll down about halfway for the relevant section).

However, I have also had some sites not work because of this.

But that doesn't matter, since I block all cookies anyway, except for the ones I need. If you don't do this already, you really should get JunkBuster. Available for Win32 and *nix.

--

You don't have to. Just use a proxy. Allow only the sites where you want cookies to be enabled, and then deny all others. Try JunkBuster.

--

You can run the proxy server on either a UNIX box or a Win32 one, and it has the ability not only to filter out ad banners, but also to block cookies and to change the browser-type header you send. I've been using it for several months, and it's just peachy.

I love the Web. I hate the Web. I love information, interactivity, communication. I hate banner ads, slow loads, and animated gifs. I've conquered most of these with three tools which work under Linux/xBSD and even legacy OSs:

• Junkbuster. It kills junk -- banner ads, sites you don't want to see, cookies. Do it. It's good.
• Squid. Caching proxy server. Stuff you hit often stays cached. Really good for static graphics, not so good for CGIs. Also good. You may also want to look at wwwoffle, an offline/online caching browser.
• gat, the Gif Animation Toggle. Works for Netscape or Opera, Linux or 'Doze. Prevents animated gif looping. You see one cycle of animation, then everything freezes. Very cool.

I feel like my browser is mine again. Or, as the ads say: the Web is once again your friend.

What part of "Gestalt" don't you understand?

• A guerrilla-type grassroots high-speed wireless network, open for everyone, which would work without the intervention of governments, telecom operators and the like

• A bunch of innovative and independent content creators who don't give a f#ck about selling their soul for money

• To educate the masses that there really is more to life than being just a temporary storage for money transferred from their employers to some other company

I should have mentioned the fact that webturbotax checks the user_agent in my post. I ran it through a proxy and claimed to be Netscape for Windows. I had no problems, other than having to enable Java, which I normally leave off because it's so flakey.

I do wish they wouldn't make us jump through hoops. Heck, if they would just write for a specific set of browsers, that would be great.

Maybe I don't know enough, but how hard can it be to make a robust, safe application that uses only the features of a specific browser (like Netscape) that are platform independant? It's a web page after all. I've developed several web applications, and forgone some of the more esoteric visuals to make it portable, because functionality was more critical than beauty.

Sorry, I got a little off topic...

Some guy named Chris

Have you checked Junkbuster? It's a bit like a firewalling proxy. I've set it to refuse all cookies except for those emanating from slashdot.org, nytimes.com and a few other sites. It also gets rid of most advertisements.

--Bud

Well. ..thanks to junkbuster , I didn't ;)

First of all, note that there is nothing "groundbreaking" in this discovery. All this happens only if you are unlucky enough to have your email address in the hands of spammers, which is already as bad as it gets.

What can you do to prevent such abuse? Several things: Turn off HTML enabling for your email clients (you may or may not have a choice depending on the client). Restrict (or disallow) cookies in your web browser. Use something like Junk Buster.

Sreeram.

junkbuster filters ads, cookies, etc. You don't need the browser for this, you just tell junkbuster which sites can allow cookies in.

Better yet, use Junkbuster to accept cookies only from sites you choose. And you remove annoying banner ads too - whadda deal.

I tried it once...it had the annoying habit of announcing to the world that you were using Netscrape as your browser, regardless of what you were actually using (IE, Lynx, kfm, etc.) Several websites I frequent didn't work right through it, probably because of this.

Another ad-filtering proxy you might want to investigate is WebWasher. I've used it for a few months now, and it's worked pretty well. AFAIK, it's Win9x-only (maybe NT as well), but if you have only one Win9x box on your network, you can install WebWasher on it and make it available to your entire LAN. It also doesn't mangle the browser information, so websites know that I'm using IE and not Netscrape. It's free (in the "free beer" sense) if you're not using it for business purposes.

The reason I ask is that banner advertising is what pays for an awful lot of the web today... banner advertising is the only alternative to charging for access.

Fortunately, there are other possible sources of website revenue - sponsored links, merchandizing (get those /. tee shirts), affiliate programs, and voluntary contributions (works for NPR and PBS stations) come to mind.

If banner ads go away, then you will lose all of your free web pages.

That will require you to -- guess what -- identify yourself to facilitate payment.

You have to remember that a lot of these web sites out there need to track their users surfing habits. It's called Demographics and Marketing.

It's not like tracking customers was new with the internet. Radio Shack directly asks you for your information at the checkout counter.

If people are really scared about cookies then simply turn them off and use sites that don't require cookies.

The problem is that the agency can track you across multiple sites. If you visit www.site1.com, you can only get a cookie which will be sent back to that server, right? WRONG. While you were at www.site1.com, you viewed a banner from ad.doubleclick.net (for example). The problem is that when you visit www.site2.com, which should not be able to 'see' the cookie from www.site1.com, you took another banner from ad.doubleclick.net. This means that Doubleclick can track you between sites, which is a bad thing. I also saw something (this morning, I think, but I can't remember where) saying that companies are sending HTML mail which downloads an image which sets a cookie. The agency then has your e-mail address associated with a cookie, giving them (potentially at least) a lot more information about you. Not a problem for me, of course, since I use Pine for mail :-)

I have no problem at all with certain sites using cookies. I am currently (since earlier on this week) using Junkbuster, and I have it set to allow cookies from Slashdot, LinuxToday, Amazon, and a couple of stock sites. If anyone else wants to send me a cookie, they can ask me and I'll decide on each individual case. At least I have the choice.

With web pages, the ads are usually restricted to the top 60 pixels of the page and are pretty easy to ignore (and there's always JuskBuster for the really annoying ones).

Oh, but even if I were to view that article, that would mean $zilch,- in the pockets of CNN, courtesy of Junkbuster and a finely tuned blocklist. I haven't viewed it yet, and may never, but generating ad impressions is the least of my worries.

1. AdBuster [Win32/Linux I think] Filters Ads
2. Intermute [Java for Win32] Filters Ads, Sites, Cookies, Javascript
3. JunkBuster [Win32/Unices] Filters Ads, etc

There is also a nice URL to verify that you are runing the proxy correctly, and displays the loaded blocklist and configuration. It works great as a home page.

I've been using this setup for quite a long time and I am very happy with the results. The browsing time is greatly increased and without the clutter.

The original: http://www.junkbuster.com/

The version I use: http://www.waldherr.org/junkbuster/

I prefer the latter because, well, look at the site and you'll see. Regardless, I urge you to install and use it.