Research To "Reveal the Unseen World of Cookies"

An anonymous reader writes "The Guardian newspaper has teamed up with Mozilla to research the monitoring of online behavior through cookies and other web trackers. After downloading the Collusion add-on for Firefox, you can generate a visual representation of all the cookies that have been downloaded which are linked to the sites you have visited. This shows quite an interesting picture. The Guardian staff then want the data from Collusion to be uploaded to their site, after which they say 'we can build up a picture of this unseen world. When we've found the biggest players, we'll start tracking them back — finding out what data are they monitoring, and why.'"

Great Idea

[thesaintar]

I hope implementing it in the right way (with publicly accessible statistical and analysis methods) will shed some light into how we're being tracked. Is there an equivalent of Collusion for Chrome?

Re:Great Idea

[WrongSizeGlass]

Is there an equivalent of Collusion for Chrome?

I believe it's called Google Ads ;-)

Re:Great Idea

[Theophany]

When we've found the biggest players, we'll start tracking them back — finding out what data are they monitoring, and why.

I can answer this entire thing in 2 seconds. Porn, so they can sell it to you. In that order.

Re:Great Idea

Who goes on the internet to BUY porn?!

Re:Great Idea

You mean those ads which are displayed on all browsers and are in no way tied or targeted to Chrome?

Either you're a troll or that was a bad joke.

It's interesting to me how someone joking around is considered a 'troll' to you. You are what is wrong with /. these days. 'Troll' is the new 'I disagree with you'.

Did he REALLY evoke an emotional response from you by saying what he said? Did it truly upset you to the point where you were incensed and bitter over his words? If so, then maybe he is, indeed, a troll. Otherwise, shut up.

Re:Great Idea

[CaptainLugnuts]

When we've found the biggest players, we'll start tracking them back — finding out what data are they monitoring, and why.

And then we'll sell the info back to them!

Re:Great Idea

[Calos]

It's interesting to me how someone joking around is considered a 'troll' to you.
That's flat out dishonest of you. I said either a troll or a bad joke. In other words, I found the joke so bad I couldn't be sure if they were really trying to make a joke or actually trolling, or both.

You are what is wrong with /. these days. 'Troll' is the new 'I disagree with you'.
Wrong. I'm not saying they might be trolling because I disagree. I said it because the entire premise of the joke is factually without basis. There can be no disagreement about that. That's precisely what made it humorless, or at least to me, and combined with the fact that articles about Google are often ripe for trolls, it's also what pushed it into grey area of might-be-trolling.

Did he REALLY evoke an emotional response from you by saying what he said? Did it truly upset you to the point where you were incensed and bitter over his words? If so, then maybe he is, indeed, a troll.
So someone is only a troll if they succeed in eliciting an emotional response? Not simply for trying? The entire basis for someone being called a troll is subjective to each and every individual reader? If you believe that, you have no right to judge anyone's use of the word, as you cannot know their circumstances and perception and how what they read made them feel. Interesting how, according to you, if I was irrationally affected by the comment, I would be completely justified.

Otherwise, shut up.
So, let me get this straight. You ignore the meaning of my post and any parts which don't fit the topic you want to rant about; twist the meaning of what I wrote into a strawman about misusing "troll" as "disagree;" assert that myself and presumably a nebulous faceless group of people are thereby destroying /.; and tell me that if I'm not irrationally upset by something someone says, I shouldn't post. And you think I'm what's wrong with /.?

To the GP: sorry if I came off a bit callous, as these ACs and mods seem to think. I'll put a smiley at the end next time so I don't seem so serious.

Re:Great Idea

[Higgins_Boson]

*snip*

You ramble on and on with your inane and worthless counter arguments. Trolls have had the same definition online for AGES now, and you've gone out and created your own definition of what a troll is for the context of this story and discussion. If you do not understand those basic things then, by all means, shut up as I have previously requested of you

You also didn't merely "seem" serious. You obviously WERE serious. So trying to lie your way out of your stupidity is just making you look worse. Also, you DID disagree with him. You disagreed with his basis for his joke about Chrome. You got all huffy and puffy and started to blow things down, but you sadly can only blow certain things down well. His joke not being such a thing.

Grow a damned sense of humor and stop labeling everything as troll. Learn what trolls do, how they operate and WHY they operate. If levity is something you can't handle, then just fucking move on and keep your trap shut.

Re:Great Idea

[Higgins_Boson]

Also, I am no longer posting as an anonymous coward. I have no problem telling you like it is.

Re:Great Idea

[tehcyder]

I'm not saying they might be trolling because I disagree. I said it because the entire premise of the joke is factually without basis.

Hate to break the news to you, but jokes don't have to be factually accurate or even vaguely plausible.

You seem to have issues with people criticising Google in a humourous way. I suppose at least you're not an Apple fanboy, but a Google fanboy isn't much better.

Get over it, they're computer companies not our Lord Jesus Christ.

Re:Great Idea

[tehcyder]

Who goes on the internet to BUY porn?!

Well a fair amount of people obviously do or you wouldn't get so much advertising, would you? Advertisers don't do it for the fun of it.

Re:Great Idea

[wiedzmin]

Seems to be broken or for some mysterious reason incompatible with my AdBlock Plus, NoScript and Ghostery addons. Hm...

How to get rid of them

[GameboyRMH]

On Firefox, disable HTML5/DOM storage, install CookieMonster 1.5 and BetterPrivacy.

Re:How to get rid of them

[zarlino]

On Google Chrome, the first thing to do is disallowing third-party cookies:
Settings -> Under the Hood -> Content Settings -> Block third-party cookies and site data

Re:How to get rid of them

[hairyfeet]

One of the things I like about Comodo Dragon is that is the default setting, so no need to try to walk someone through killing third party cookies. With Dragon and ABP everything "just works" .

Re:How to get rid of them

[arth1]

Protect the whole network.

I was thinking of making a squid filter that replaces cookies to known adentity sites with any variable data changed to random data of the same length and composition.

In my opinion, if a server wants to inform other sites about my visit there, fine, do so, but then they need to contact the sites, not trick me into doing it for them.

Pot kettle spy.

[FatLittleMonkey]

we'll start tracking them back — finding out what data are they monitoring, and why.

Well, here's my contribution;

The Guardian page in the link has six trackers:
24/7 Real Media
Audience Science
ForeSee
Maxymiser
Optimizely
Quantcast

I don't know what any of them do, and I blocked them all. Fuck 'em.

Re:Pot kettle spy.

[Lucky75]

I actually see 9:

24/7 Real Media
Audience Science
ForeSee
Google Adsense
Maxymiser
Omniture
Optimizely
Quantcast
Twitter Button

Re:Pot kettle spy.

[fluffythedestroyer]

I was gonna ask if guardian was included in their own stats ?

Re:Pot kettle spy.

[SirFatty]

I fully agree with blocking them... I use ghostery, check something like Time.com (Technologizer specifically). There's about twenty separate trackers there. Unfortunately, disabling some of these will actually break functionality. In this case, there is a Apple II anniversary slide show on technologizer's site and I could not advance through the slides until I enabled the tracking.

Re:Pot kettle spy.

[FatLittleMonkey]

Story of my life. I brag about having 6, and the other guy has 9.

Re:Pot kettle spy.

[bfree]

You missed some more!

googleapis
simplifydigital
guim
llnwd
ophan
ytimg
youtube
quantserve
wunderloop
revsci
cogmatch
imrworldwide

I'll leave it as an exercise for the reader to de-dupe the above list (e.g. quantserve Vs quantcast and ytimg Vs youtube) and decide for themselves which ones are innocuous.

I didn't even bother to let any of them run any javascript to discover what else they might try to sneak in. I'm also willing to bet I missed something.

You have to love the "obfuscation" and attempts to get past blocking, from the simple noscript web-bugs to

document.write('<scr' + 'ipt type="text/javascript"

Re:Pot kettle spy.

Hi,

I'm the Guardian journalist working on this.

Unsurprisingly, if you install Collusion after reading an article on The Guardian, you tend to log cookies that our website sets. So we're noticing quite a few of the trackers we use on guardian.co.uk turn up in the project. :)

We're ok with that - better to be open that our website uses cookies for registration, analytics and advertising (just like most others!), than pretend or hide away the fact. Actually, we did another article on the same day showing how we use them: http://www.guardian.co.uk/technology/2012/apr/13/new-law-cookies-affect-internet-browsing.

The ones in that list above are a mix of third-party advertising cookies, analytics and A/B testing (so I'm learning!).

When it comes to the data we're going to try and get from the Collusion info - we can't really infer much about what behaviours have been tracked from the exported data. However, it gives us a nice long JSON string that associates certain cookies as being set when visiting certain sites. At the moment we're using that to find out how many instances of each type of tracker we're seeing across multiple sites.

We're then going to take the most prolific ones and find out more about what they do, who owns them, how they work, etc. However, we're going to be using old-fashioned journalism to do that - research and phone calls.

However, I was thinking of putting up open documents like this: https://docs.google.com/document/d/1lCp8H9i-MJwyORj_MOZflH6BCt9j6HIbQkyS2536knM/edit
so you could see where I'd got to and put me right if I was going off track (as it were). Good idea? Bad idea?

Joanna.

Re:Pot kettle spy.

Urgh. Sorry. Forgot to log in. o_O

Re:Pot kettle spy.

[bfree]

However, I was thinking of putting up open documents like this: docs.google.com/blah so you could see where I'd got to and put me right if I was going off track (as it were). Good idea? Bad idea?

Putting this stuff on google is like asking the NSA to host wikileaks ... bad idea.

Re:Pot kettle spy.

[pjt33]

That's not an attempt to get past blocking. It's a necessity to get the HTML parser.

Re:Pot kettle spy.

[pjt33]

To get past the HTML parser.

Re:Pot kettle spy.

[Ihmhi]

Go out and buy a couple cases of boosters and then you won't have to deal with the guy who brags about how many decks he has in his backpack./p

Re:Pot kettle spy.

[joannageary]

Yeah... errr... *blush*

Re:Pot kettle spy.

[joannageary]

What would be the best place to put it bfree? I'm very happy to take suggestions for alternative ways of opening up my note-taking.

Re:Pot kettle spy.

[joannageary]

I need one place that gets updated as I write my notes - the journalist notepad, but open so everyone can see it. I guess I could reiterate a new pastebin (with a new url) every time I had something new to write or wanted to reformat, but it feels quite a cumbersome way to do it...

Re:Pot kettle spy.

[bfree]

You seem to have access to a website you could already publish it on no?

Failing that for whatever reason you could put it in a wiki on branchable? No I'm not affiliated to them in any way but they were the first "good" answer which jumped to my mind.

More obscure but perhaps extra appropriate for the topic at hand, you could publish it on a "hidden service" on tor?

Re:Pot kettle spy.

[SpaceLifeForm]

You will all see different cookies because they are coming from various machines on the net. Upstream intermediates are inserting them on the fly.

Re:Pot kettle spy.

[Maow]

Hi Joanna,

A typo from the linked-to page:

8. This will open a new tab with a long strong of text. This is the data that you will need to copy and paste into the box below.

Should be:

8. This will open a new tab with a long string of text. ...

Good luck with the project, it's an interesting one.

Re:Pot kettle spy.

It's not called the Grauniad for nothing.

Re:Pot kettle spy.

[tehcyder]

Guy below has 12, so Mr "I've got 9" ain't all that either. Hope that cheers you up!

Re:Pot kettle spy.

[FatLittleMonkey]

Eh? If Ms Geary puts it anywhere public online, google can see it anyway. (As can the actual NSA.) So unless you're saying that Google will censor her work, your comment makes no sense.

Re:Pot kettle spy.

[_0xd0ad]

Nope.

document.write("<script type='text/javascript'>");

works just fine. You're thinking of the closing tag:

document.write("</scr"+"ipt>");

is a necessity to get past the HTML parser.

Re:Pot kettle spy.

[Janek+Kozicki]

How did you block them?

I was thinking about adding null direction to 127.0.0.1 in /etc/hosts file, but perhaps there is a better way?

Re:Pot kettle spy.

[FatLittleMonkey]

Firefox + Ghostery

+ABP +NoScript +WOT +no-third-party-cookies...

I didn't think I was especially paranoid (I have a google account, don't use on-disk or in-mail encryption, etc) until I realised that this isn't how most people think.

Cookieculler

[MLCT]

Bit of a shoutout for the firefox extension cookieculler.

I have never found anything that matches cookieculler for features: it doesn't just purely delete cookies, it operates with a white-list based system (the way everything on the web should work). Cookieculler deletes all cookies each time you close the browser, except the ones you have whitelist "protected", that keep login information etc. as you choose.

Along with noscript, cookieculler is the main reason I stay on firefox.

Re:Cookieculler

[Lucky75]

I've found "Ghostery" to be pretty damn good. Blocks them rather than allowing+ deleting them.

Re:Cookieculler

[emilv]

How is cookieculler different from setting a default policy in Firefox and then using the built-in whitelist in Firefox to give permissions for certain sites?

Re:Cookieculler

[MLCT]

Granted firefox can offer something close, but not quite. Cookieculler offers finer control, because you can whitelist the *cookies* rather than the domain. So I can (and do) choose to protect my /. cookie, but not anything else that /. place in my browser (hypothetical example, as /. don't place any other cookies).

Re:Cookieculler

[mlts]

I like going one step beyond CCleaner. I use sandboxie on my browsing sessions. This provides four benefits:

1: My Web browsing is redirected to another volume. This means that cookies and other stuff are not stored on my main application or data drives, but are separated. This keeps potential malware as separated as one can get from the system without resorting to actualy VMs.

2: When I close the Web browser, all stored stuff is gone, guarenteed. There is no worry about hidden cookies, LSOs, or any other third party application crap that may be stored, but might get missed by cleaning utilities. Any writes to the Registry or files are redirected and then purged at the end of the session.

3: It provides a restricted context, so malware that gets control of the Web browser doesn't get control of the rest of the user account. This is important, because newer malware can do 90% of its nasty stuff without needing root/admin rights (such as reading files and uploading them, running a botnet client as a user, spamming, DDoS-ing, and other stuff.)

4: I can block volumes and directories from access by the sandbox. This keeps malware from reading documents or being able to see drives it shouldn't. Some applications can be restricted with Net access.

I've found in my personal experience that AdBlock, SpywareBlaster (which adds kill bits and adds to browser cookie deny lists), combined with sandboxie and a decent Web browser (Chrome or Firefox) have done a great job at keeping malware at bay. AV programs are nice, but they tend to be pointless with how fast zero-days get developed.

Re:Cookieculler

[plover]

Citation really needed.

Cookies or COOKIES!?!?

Anyone else read the title and thought people were taking a deeper look at why those delicious baked goods are so tantalizing?

Bah ...

[oneiros27]

I read the title, and get all excited ... and then read the summary to find they're not talking about the Girl Scouts, Nabisco, or other things that might involve sugar and chocolate chips.

And now that I got my hopes up, I'm going to go see what's in the vending machine. There's usually animal crackers, at the very least.

Re:Bah ...

[Cinder6]

It depends on if they track the cookies from the Girl Scouts website.

Internet marketing

[Roberticus]

If average folks become aware of how many cookies get set (along with getting a user-friendly way* of turning them off), that could have a huge and entertaining effect on the world of Internet marketing**.

For example, right now, I can assume enough website visitors have JavaScript enabled to make it almost 100% (and not worth writing HTML for the case where they don't). But if I can only reasonably assume, say, 50% of my visitors/email through-clickers/etc. have cookies active, that plays havoc with my reporting.

* "User-friendly" defined as "something my dad can do without asking me for help".
** I spend all day every workday in this world.

Facebook

[Lucky75]

You'd be shocked at how many cookies come from facebook across multiple sites. I use an extension called Ghostery (https://addons.mozilla.org/en-US/firefox/addon/ghostery/) to block most of them.

Re:Facebook

[19thNervousBreakdown]

Spoiler: It's practically every site.

Re:Facebook

[Zocalo]

Yeah, social media sites are particularly obnoxious; you'll often get one cookie for every site that has one of their "Like", "+1" or whatever buttons on a page. Analytics sites are another obvious example where this is going to happen more often that not. "Screw 'em" was my response too, but I went for a deny all by default and whitelist approach rather trying to manage them on a per domain basis.

I've been doing that for a while now as it's much simpler and, once you've gone through the initial setup of your whitelist for frequently visited sites, not as painful as you might think. No addons required. It seems like few sites actually need cookies any more, although on many sites you'll get a better experience with them enabled, particularly so on those that use logins. If it's worth the benefit, I may enable those for the the "Session" option in Firefox, but very few sites get the "Allow" option.

Re:Facebook

[Zocalo]

If you want detail beyond just the road network, then give Bing Maps a try, although if you are on Windows you may want to use IE as it occassionally has issues with other browsers. It varies from country to country, but for the UK they use the full Ordnance Survey maps which are so much better than Google's it's not funny, so YMMV depending on what area of the world you are interested in maps for. Open Street Map is also heavy on the street detail in areas where Google Maps might only show a single road, and no, that doesn't necessarily mean in the middle of nowhere, for instance here's Sarajevo at a similar level of zoom in Google Maps and Open Street Map.

Re:Facebook

[Jah-Wren+Ryel]

You'd be shocked at how many cookies come from facebook across multiple sites. I use an extension called Ghostery (https://addons.mozilla.org/en-US/firefox/addon/ghostery/) to block most of them.

I use Ghostery plus RequestPolicy which gives you control over every single external request that a web page makes. It is like a noscript for cross-site references of any kind.

Re:Facebook

[stridebird]

+1 for RequestPolicy, although I have to say when I restart my browser, then immediately find my self staring at a FUBAR page, I usually just hit "temporarily allow all requests" and get on with life, tracked as I may be. I do log out of facebook each time and delete facebook.com cookies, but I suspect that facebook still tracks me on other domains they control. I am like a tiny tiny person shaking a tiny tiny fist at the giant.

Re:Facebook

[_0xd0ad]

I use AdBlock Plus to nix the Facebook tracking. At the cost of seeing "Like" buttons everywhere I go (yes, that's a joke), these filters or some similar will do the trick:

||facebook.com^$third-party,domain=~facebook.net|~fbcdn.com|~fbcdn.net
||facebook.net^$third-party,domain=~facebook.com|~fbcdn.com|~fbcdn.net
||fbcdn.com^$third-party,domain=~facebook.com|~facebook.net|~fbcdn.net
||fbcdn.net^$third-party,domain=~facebook.com|~facebook.net|~fbcdn.com

You will occasionally see a button when the image is hosted on the website you're visiting, but the Facebook connect js won't load and the button will be non-functional. When that bothers my sense of aesthetics, I usually write an element-hiding rule to get rid of the button, e.g.

#a(href*=facebook.com/sharer)
#a(href*=plus.google.com/)
#a(href*=twitter.com/intent)
slashdot.org##*.comment_share
slashdot.org##*.comment_share_toggle

Yo Dawg

[Z80xxc!]

Yo dawg... I heard u dislike being tracked, so we put a tracker in your trackers so you could be tracked while we track.

"What Data they are monitoring and why"

[dmomo]

It will be interesting to see not only the results of this analysis, but also how they came any conclusions that they do.

Many cookies are used only to store a unique identifier. They data about a user many websites actually store is housed and maintained on their server, keyed by the unique id. This could include "pages visited", "duration of visit", "browser/system specs/settings" along with any derived demographic data.

It would be hard (though not necessarily impossible) to determine this from a cookie analysis.

Collusion is quite fascinating...

[dryriver]

I found out using its automated "graph-builder" that the 3 - 4 supposedly "safe" sites I visit most often, actually pass my user data on to Google, Facebook, DoubleClick, Mediaplex, Adroll and other services. Its quite educational to watch the graph go from a blank page to a fairly complex network of interconnections as you continue to browse. Its going to be interesting to see what results from this when the Guardian gets all the aggregate data from Collusion. It does seem indeed that there is such a thing as a "secret world of cookies" out on the internet, and I personally support that this "secret world" be uncovered fully, so we get to see what entities are clandestinely mining our supposedly "private" user information as we surf. --- The whole thing also reminds me of the book "Brandwashed", where the author explains at length how commercial establishments collect all sorts of data on us, and exploit it to sell us more products.

Research To "Reveal the Unseen World of Cookies"?

No research needed, the truth about the unseen world of cookies has been known since 1968. They're made in a hollow tree by elves.

Cookie scrambler

[flyingfsck]

I would like to have a FF plug-in that messes up cookie data to make it useless to the trackers. A little bit of revenge...

porn

[Sperbels]

finding out what data are they monitoring, and why

Well, all the porn websites seem to know that I prefer brunettes over blonds.

Re:porn

[joannageary]

But do they also know that you buy your underwear from Marks & Spencers? That's the interesting sort of thing I'm hoping we'll find out - what companies are tracking over such varied sites and what information (if any) they then sell back to their clients.

Cookies not the only way to do this...

[isaac]

Cookies are not the only evidence of tracking. Even Flash LSO, HTML5 local storage, etc.

There's a surprising amount of identifying information in request headers and what's available to javascript. (see http://panopticlick.eff.org/ for a demonstration.) That means, one often needn't accept or store a cookie to be tracked.

A really comprehensive pro-privacy browser extension would munge request headers and enumeration of fonts, plugins, screen resolutions, etc. to match one of, say, the top 5 most common desktop browser fingerprints - and to change every so often (Changing per request would itself be a trivially detectable signature.)

-Isaac

Methodology Issues

[TaoPhoenix]

You know already who the "Big Players" are - Google, Facebook, Microsoft, your choice of a couple more related ones.

Then it descends into all these little companies. I would expect that some of them are subsidiaries of the big guys etc.

The ideal goal of each of these "thingies" (cookies, flash objects, etc etc) is to nail down who visits down to a unique user if possible.

So just copy the Ghostery block list, maybe the AdBlock block list, your choice of a couple more tools.

If you want a "market share per ad company" report then get one of those.

There's something bothering me with your study design but it's not clear yet.

Re:Methodology Issues

[FatLittleMonkey]

So just copy the Ghostery block list, maybe the AdBlock block list, your choice of a couple more tools.

Guardian does seem to be re-inventing the wheel a bit. Ghostery (Evidon/Better-Adertising/Direct-Advertising-Assoc) already has not just a public list of tracking companies, but a page of info about each one.

Whereas Collision seems more about displaying the connections ("collisions") between known trackers that you personally encounter, not collecting new info for a data dump.

I like the Guardian, and I appreciate the journo sticking her head in the lions den, but it seems to me she&they would achieve more working with Evidon/etc to make Ghostery's/etc list available in a human useful form on the Guardian's website. "See the web within the Web".

For example, using a web-crawler armed with Ghostery's/etc list to link trackers to websites, then show the underlying network in a (Collision-style) interactive 3d display.

She/they might also look at how different sites respond to AdBlock. I've noticed that with ABP in my user-agent header, many sites don't even bother to serve ads. The flip side of the advertising war to force themselves onto users, some sites actually try to respect user-preferences without being dicks about it, or hysterical "OMG u r stealing teh contentz!" (hello Facebook.)

How about the unseen world of javascript?

[digitalaudiorock]

That's the one people should be the most concerned with. When I first started using NoScript, I was stunned at how many supposedly reputable sites were using javascript pulled from ten or twenty different unrelated sites. There's just NO good excuse for that at all.

Re:How about the unseen world of javascript?

[Kittenman]

That's the one people should be the most concerned with. When I first started using NoScript, I was stunned at how many supposedly reputable sites were using javascript pulled from ten or twenty different unrelated sites. There's just NO good excuse for that at all.

Agreed - quite amazing. And how insidious FaceBook is...

Slashdot uses DoubleClick, Google Analytics and

[John+Holmes]

ScoreCard Research Beacon. Without my consent.

Re:I don't see the irony in it

[arth1]

That was my reaction too.
Combined with the technology being used, not installing it was a given.

Re:I don't see the irony in it

[joannageary]

It's really about understanding a bit more so that you can then take action to protect yourself if you want to. But yeah... I get the irony. The reason why I still thought it was worth going ahead with the protect was twofold: the aims of the Collusion team to educate and inform AND that all the information sent to us is anonymous. I would love to say we could identify people by the sites they visit, but in aggregate it seems like everyone likes internet shopping and porn. :)

Sad

[oDDmON+oUT]

It's not compatible with 3.6, which I prefer over the UI of later versions.

Wonder how many data points that will lose them.

Re:Website

[TaoPhoenix]

Sure, why can't you host your notes at something like http://www.guardian.co.uk/JGeary/CookieStudy.html?

Then just keep uploading new iterations of the page.

And I figured out part of what was bothering me. You're asking for "data for research" but your initial article is "shadowed" - it reads like "give us data and we'll figure out what we want to write about".

Write two versions of your story: the Mass Market one "Look, it's 2012, we found all these cookies! They're evil!" and the other with a FAR More rigorous approach. (I'll let you off for not being a PHD academic, but tell us something we don't know - but remember your audience! I'm in the LOWER 50% and I already run Adblock and Ghostery and Collusion (from 2 months ago!) with screen shots of who Ghostery blocks. Chops that you said you want to do some "old time journalism" - then dig into the meat! "Obfuscated flash objects, zombie cookies, Firefox's Do Not Track vs it actually being followed, etc."

Regards,

--Tao

Chocolate chip spectroscopy, anyone?

[Gimbal]

>< n/t