Slashdot Mirror
Google and Facebook Top Biggest Web Tracker List
itwbennett writes "A new report from Evidon, whose browser plug in Ghostery tracks Web trackers, makes it plain that 'if you want to worry about somebody tracking you across the Web, worry about Google,' writes blogger Dan Tynan. Google and Facebook, and their various services, occupy all of the top 5 slots on the Evidon Global Tracker Report's list of the most prolific trackers. 'And if you have any tracking anxiety left over, apply it to social networks like Facebook, G+, and Twitter,' adds Tynan."
Check out the Collusion plugin from Mozilla if you want to see for yourself who is tracking you and the relationships between them. Has a nice graphical overview.
http://www.mozilla.org/en-US/collusion/
I suggest this Firefox extension. Works quite well for me.
Scientia est Potentia
My Ghostery list of blocked trackers occasionally goes near the bottom of the page. I won't surf without it anymore, but it scares the crap out of me.
There is no need to worry. I'm sure Google has fantastic data security and privacy practices so your data is safe.
I mean, it's not as if a "rogue engineer" at Google would be able to write software that captures people's private data and then offer it up for datamining while Google managers and other people responsible for the project claim to be completely unaware of it (even though they read the specs and code). ...oh wait. You mean that's exactly what happened? Well I feel better now.
Google derives 96% of its revenue from advertising. All those shiny "free" Google services you love to play with are the result of their ability to monetize information they gather about you. Without tracking, there is no Google. Just keep that in mind.
This is why I stay logged out of my Google account whenever possible and only access Facebook when I absolutely have to. Privacy is dead. Google talks a good talk with "Don't be evil", but actions speak louder than words. And Facebook might be the biggest enemy of privacy on the web right now.
My Ghostery list of blocked trackers occasionally goes near the bottom of the page. I won't surf without it anymore, but it scares the crap out of me.
slashdot apparently uses google analytics and scorecard research.
Does anyone have a list of reasonable whitelist entries for ghostery?
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
For Firefox I use the Request Policy add-on to block 3rd-party requests. This helps prevent cross-site request forgery (CSRF) as well.
Every time I have to whitelist a cookie to get a website to work what other third party cookies are always sitting there in the block list. I'll give you two guesses.
Well... except for porn sites. They have about 10 - 15 blocked third party cookies, but none of them are Google/Facebook........
Seems to me that Google's motto should be retired. Google's been using it as a shield against criticism but clearly they've been what you might consider "evil" for a while now. They've amassed more personal info than anyone else on the planet and their whole business depends on sale or rent of access to people's personal information.
All of the Google's products have also become massive data collection sinks.From Android to Chrome, these products are just massive pipes to Google's databases.
As a Linux developer and user, I used to be a fan of Google simply because they were MS' enemy and supported Linux but Google today has more potential to do evil than Microsoft ever was.
As Google, a public company, experiences more and more revenue pressures from shareholders, they will be pushed to do more bold and reckless moves that deal with people's private info (just remember the Google Buzz fiasco).
I've been using less and less of Google's services and have blocked most of their domains on the DNS level. Google truly scares me now.
Google's products might be free but there's a price to pay: your information and its potential to be abused.
That's why I drew this
Disclaimer: I didn't really know. I just thought of the design and thought it would look neat
XKCD:Xeric Knowledge Comically Dispen
Reprising the comment I posted over on TFA:
--
He had me until he praised the Wall Street Journal series. While the goal of informing non-technical people about tracking on the web is a good one, the series has been full of inaccuracies, omissions and sensationalism. WSJ seems to actively avoid telling people how easy it is to avoid/minimize tracking and AFAIK has never broached the obvious conflict of interest issue raised by their reporting.
Like most Slashdot readers am no fan of tracking and targeted advertising and I run the usual suite of blockers you would expect (Ghostery, AdBlock Plus, NoScript, FlashBlock, Better Privacy, etc etc. But intellectual rigor is even more important to me. It has been missing from the WSJ reporting.
Does anyone remember, back in the day, when browsers shipped configured so that all cookies set had to be explicitly authorized to be set? Remember how the first thing everyone did was change their configuration to auto-accept? Remember how browsers eventually changed to just have that setting by default?
A site cannot track you across third-party sites. Not unless you let them. It's just that users have deferred that responsibility to their browser's configuration, and are now complaining that they've been granting authorization to let these sites track them. The result is articles like this, and heavy-handed legislation like the EUs recent cookie-ban. All because users are too lazy and ignorant to take the responsibility on themselves. Hell, with modern browsers and addon/extension models, you don't even need to use the coarse-grained approach that old-school browsers used. Just a plugin that let's you whitelist cookies.
But it sounds like even that's too much effort for the average user. Just complain, and rely on the courts.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
127.0.0.1 googleapis.com
You get the picture.
If any page embeds content from some other domain then it is violating your privacy in the name of "web analytics".
When I was in the direct mail business our most jealously guarded IP was our Customer List. For the life if me I have no idea why website operators now freely give their Customer Lists to the Web Analytics firms.
The political candidates are the worst. Just use Safari's Activities Window to get a load if all the one pixel transparent GIFs and one byte Javascripts served up by the Analytics Firms.
Just use Analog. Its far more accurate and Analog keeps your private information private:
http://analog.cx/
I have used Analog damn near every single day for fifteen years. It has a bit of a learning curve so I'm working on a tutorial:
Web Server Log File Analysis with Analog
http://www.dulcineatech.com/tips/webmaster/log-file-analysis/
Don't Say I Never Did Nothin' Fer Ya. -- Mike Crawford
Next you will be telling me the sky is blue, and water is wet. Thanks for the report Sherlock!
this is called "remarketing", and i hate it, too. you can get exactly what you're describing by opting out of "interest-based advertising."
- anonymous google coward
This is why no one who cares about privacy runs google or facebook tracking stuff they spew all over the web. Seriously, why did anyone EVER run google-analytics scripts? That's always bothered me - why would someone volunteer to run that?
Noscript, RequestPolicy, Ghostery, UserAgentSwticher, and maybe 2 or 3 others. That's what you have to do.
I agree with you.
Just thought I'd share my ultimate brownie recipe with you. Take a saucepan and start melting real butter (125g) and chocolate (185g) and melt on a low heat. Then add 50g flour, 40g Cocoa and 275g sugar. Stir into mixture and then add three eggs. Pour into a greased or papred tin and place in oven for about 25 minutes and they're delicious. They're not to dense or light and they are rich but not overpowering.
You can also mix in chocolate chunks or nuts to make it even nicer.
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
... the headline "Google tops web tracking list" would be too anti-Google to post on slashdot?
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I understand the inclusion of the usual suspects (F and G), but Twitter? I always assumed they were the least evil birds in the flock. According to the report, Twiiter button ranks as No. 6 in the trackers' top 20, behind the No. 4 Google+, sandwiched between Facebook Social (No. 3) and Connect (No. 5). Apparently G+ is already more popular than Twitter, at least as far as the geek market is concerned.
Ixquick (basically an aggregator) doesn't track for store any user data, and they offer encrypted searches via https.
https://ixquick.com/
Been using it for a couple of years now, haven't looked back.
I use NoScript myself (and Ghostery), but most people can't deal with how you have to selectively allow javascript domains to get new sites to work under NoScript.
Ghostery accomplishes most of what you want (don't track me, don't steal my info) effortlessly while breaking almost nothing. So you can install it for anyone and not worry too much they'll come complaining to you.
Also, the Ghostery list on any page is freaking scary (Slashdot has only two items). And I'd say 99% of sites are using Google Analytics (including Slashdot).
because of privacy concerns. It wasn't the consolidation of all my Google accounts in March that did it. Rather it was installing the Ghostery plug-in and realizing just how many sites use Google analytics. I already knew Google had about 12 years of my search history, and 8 years of my email, and I was pretty okay with that. But seeing that Google could also keep a record of virtually every site I visit was just a step too far. So now the only Google service I use with any regularity is youtube with no login. Excising Google from my online life felt like a bad breakup, but I don't miss it at all now.
Welcome to the modern world.
If you are paranoid about being tracked, logged, spied on, then don't go on the net, or make phone calls, or have a mobile, or any accounts, or credit cards, or anything.
Big brother and all his friends are watching.
I agree 100% with everything you posted. Privacy is only important to me in the context of the government. And Google ranks among the highest according to the EFF on government transparency - so I call that a good thing.
Why do so many people seem to get upset over targeted ads, is the thing I muse over constantly. I think the root of the problem is the ego. People get upset and disturbed at the thought that a company and/or it's collection of algorithms and research, might know more about their psychology than they know themselves - whereas I resigned myself to that fact a long time ago.
Once you realize you're just another sweaty sapiens on this planet and not really all that special compared to everyone else, you ARE NOT unique, and you CAN EASILY be profiled... then you can stop worrying about this kind of crap.
Over AdBlock & DNS Servers ALONE 4 Security, Speed, Reliability, & Anonymity (to an extent vs. DNSBL's + DNS request logs):
1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program). A truly "multi-platform" UNIVERSAL solution for added speed, security, reliability, & even anonymity to an extent (vs. DNS request logs + DNSBL's you feel are unjust hosts get you past/around).
2.) Adblock blocks ads? Well, not anymore & certainly not as well by default, apparently, lol - see below:
Adblock Plus To Offer 'Acceptable Ads' Option
http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option )
AND, in only browsers & their subprogram families (ala email like Thunderbird for FireFox/Mozilla products (use same gecko & xulrunner engines)), but not all, or, all independent email clients, like Outlook, Outlook Express, OR Window "LIVE" mail (for example(s)) - there's many more like EUDORA & others I've used over time that AdBlock just DOES NOT COVER... period.
Disclaimer: Opera now also has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc..
3.) Adblock doesn't protect email programs external to FF (non-mozilla/gecko engine based) family based wares, So AdBlock doesn't protect email programs like Outlook, Outlook Express, Windows "LIVE" mail & others like them (EUDORA etc./et al), Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.
4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 5-7 next below).
5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, OR make you reach them faster since you resolve host-domain names LOCALLY w/ hosts out of cached memory, hosts do ALL of those things (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions (in-addr.arpa) via NSLOOKUP, PINGS (ping -a in Windows), &/or WHOIS though, regularly, so you have the correct IP & it's current)).
* NOW - Some folks MAY think that putting an IP address alone into your browser's address bar will be enough, so why bother with HOSTS, right? WRONG - Putting IP address in your browser won't always work IS WHY. Some IP adresses host several domains & need the site name to give you the right page you're after is why. So for some sites only the HOSTS file option will work!
6.) Hosts files don't eat up CPU cycles (or ELECTRICITY) like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs. HOSTS file are merely a FILTER for the kernel mode/PnP TCP/IP subsystem, which runs FAR FASTER & MORE EFFICIENTLY than any ring 3/rpl3/usermode app can since hosts files run in MORE EFFICIENT & FASTER Ring 0/RPL 0/Kernelmode operations acting merely as a filter for the IP stack (via the "Plug-N-Play" designed IP stack in Windows) vs. SLOWER & LESS EFFICIENT Ring 3/RPL 3/Usermode operations (which webbrowsers run in + their addons like AdBlock slow down even MORESO due to their parsing operations).
and itworld.com has a nice set of 17 diffirent trackers on that page reported by gostery ...
I'm more worried about sharing with OTHER companies I don't care about.
Scary scenario, grocery stores send my data to insurance companies that now raise my insurance rates for all the soda I drink calling my a diabetes threat.
For example there are people in my family I share some information with, there are some I don't. It is what company have I built trust with to share information.
Over AdBlock & DNS Servers ALONE 4 Security, Speed, Reliability, & Anonymity (to an extent vs. DNSBL's + DNS request logs):
1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program). A truly "multi-platform" UNIVERSAL solution for added speed, security, reliability, & even anonymity to an extent (vs. DNS request logs + DNSBL's you feel are unjust hosts get you past/around).
2.) Adblock blocks ads? Well, not anymore & certainly not as well by default, apparently, lol - see below:
Adblock Plus To Offer 'Acceptable Ads' Option
http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option )
AND, in only browsers & their subprogram families (ala email like Thunderbird for FireFox/Mozilla products (use same gecko & xulrunner engines)), but not all, or, all independent email clients, like Outlook, Outlook Express, OR Window "LIVE" mail (for example(s)) - there's many more like EUDORA & others I've used over time that AdBlock just DOES NOT COVER... period.
Disclaimer: Opera now also has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc..
3.) Adblock doesn't protect email programs external to FF (non-mozilla/gecko engine based) family based wares, So AdBlock doesn't protect email programs like Outlook, Outlook Express, Windows "LIVE" mail & others like them (EUDORA etc./et al), Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.
4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 5-7 next below).
5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, OR make you reach them faster since you resolve host-domain names LOCALLY w/ hosts out of cached memory, hosts do ALL of those things (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions (in-addr.arpa) via NSLOOKUP, PINGS (ping -a in Windows), &/or WHOIS though, regularly, so you have the correct IP & it's current)).
* NOW - Some folks MAY think that putting an IP address alone into your browser's address bar will be enough, so why bother with HOSTS, right? WRONG - Putting IP address in your browser won't always work IS WHY. Some IP adresses host several domains & need the site name to give you the right page you're after is why. So for some sites only the HOSTS file option will work!
6.) Hosts files don't eat up CPU cycles (or ELECTRICITY) like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs. HOSTS file are merely a FILTER for the kernel mode/PnP TCP/IP subsystem, which runs FAR FASTER & MORE EFFICIENTLY than any ring 3/rpl3/usermode app can since hosts files run in MORE EFFICIENT & FASTER Ring 0/RPL 0/Kernelmode operations acting merely as a filter for the IP stack (via the "Plug-N-Play" designed IP stack in Windows) vs. SLOWER & LESS EFFICIENT Ring 3/RPL 3/Usermode operations (which webbrowsers run in + their addons like AdBlock slow down even MORESO due to their parsing operations).
So, for every line you put into a custom hosts file it's 2 characters smaller (0.0.0.0 vs. 127.0.0.1), & 0 is even BETTER, by 8 characters per line item entry in custom hosts files:
Thus, & this makes for FASTER parsing + load of the hosts file... since less material to parse exists per line item record.
* Some "Food 4 Thought", Mike... it works & NO LOOPBACK OPERATION is incurred using it either... "bonus"!
(For the rest of what custom hosts files can yield to the end-user in terms of:
---
1.) Better "layered-security"/"defense-in-depth"
2.) More "screen realestate"
3.) Better speed/bandwidth for websurfing (it's YOUR money after all, vs. adbanners sucking up CPU cycles (electricity) & page loading slowups, IF NOT being malscripted themselves @ times)
4.) Better anonymity (to an extent vs. DNSBL's + DNS Request Logs)
---
& more? See here -> http://yro.slashdot.org/comments.pl?sid=2909133&cid=40294767 )
APK
P.S.=> Put it THIS way: Even Microsoft's own personnel in the then HEAD of the "Windows Client Performance Division" who posted here as "Foredecker" had to concede that much to me on 0.0.0.0 vs. 127.0.0.1 (Moreso for the "short-form" of 0.0.0.0, which is 0 only... that works even BETTER, but is no longer an option for the most modern versions of Windows (Vista/7/Srv2008) since 12/09/2008 on MS "Patch Tuesday" when the ability to use 0, which is EVEN FASTER/SMALLER still, was removed in Windows VISTA/7/Server 2008, but can STILL BE USED on Windows 2000/XP/Server 2003) in the link posted next (since it's common-sense & yes, it works better/faster, for the reasons noted above) -> http://slashdot.org/comments.pl?sid=1467692&cid=30384918
... apk