Interview With Mozilla's Ryan Merkley: Tracking the Trackers

colinneagle writes "Among the eye-opening statements in his recent TED talk, Mozilla CEO Gary Kovacs said, 'Privacy is not an option, and it shouldn't be the price we accept for just getting on the Internet. Our voices matter and our actions matter even more.' After you download and install Collusion in Firefox, you can 'see who is tracking you across the Web and following you through the digital woods,' Kovacs stated. 'Going forward, all of our voices need to be heard. Because what we don't know can actually hurt us. Because the memory of the Internet is forever. We are being watched. It's now time for us to watch the watchers.' I've been using Collusion for some time now and it is jaw-dropping to watch all the sites that still stalk us across the web even with DNT and privacy add-ons. The Collusion page states: 'The Ford Foundation is supporting Mozilla to develop the Collusion add-on so it will enable users to not only see who is tracking them across the Web, but also to turn that tracking off when they want to.'"

What a surprise

advertisers not adhering to do not track settings... whoda thunk?

P.S. First Post!

Re:What a surprise

And they'll only adhere once the settings are legally enforceable.

The trick to actually being the first post is to not spend any time being cute about it. FAIL.

Re:What a surprise

[gmanterry]

And they'll only adhere once the settings are legally enforceable.

The trick to actually being the first post is to not spend any time being cute about it. FAIL.

I wouldn't bee too sure of that. Look at that farce they named "Do Not Call". The teleslimeballs aren't afraid and the government doesn't even react to complaints. Government mandates about privacy are a farce.

Download/Demo here

[saibot834]

Collusion Download/Demo. Looks like a pretty nifty tool. And completely without flash!

Re:Download/Demo here

[Inda]

You don't need that to see how we're being tracked (although I do have it installed).

I'd been looking at having laser eye surgery for some time. Money was the only thing stopping me from doing real research.

There was an advert for an Optical Express laser clinic, with a competition for free treatment, so I clicked. It's probably the only time I've ever clicked, and this was at work with no Ad-block installed.

I went through the process of consultation, price negotiation and all that stuff. I was happy with everything offered, and went ahead with the surgery (two weeks ago, best thing I've ever done).

Top of Slashdot today? Adverts for laser eye surgery at Optical Express. In fact, every blinking website I visit at work is trying to show me adverts for Optical Express. This has been going on for nearly two months!

I'm sure it must happen to everyone, everywhere.

Re:Download/Demo here

[Sviams]

And here you are, posting an advert for Optical Express...oh the irony :)

Re:Download/Demo here

Those ads have always been there - maybe you can only see them after you had the surgery!

Re:Download/Demo here

[R_Dorothy]

Yep, I've noticed that ad networks are very good at trying to sell me something I've already bought.

Re:Download/Demo here

Silence cyclops troll.

Re:Download/Demo here

There are ads on the Internet?

Re:Download/Demo here

[bitt3n]

you wonder why Optical Express gave you such a good deal on laser surgery, and next you're going to start seeing advertisements on your walls, in your shower, in the blue sky, whenever you close your eyes....

Re:Download/Demo here

Logout of everything and delete the fucking cookies at least if you can't use an adblocker.

Re:Download/Demo here

Yeah, I ordered a pair of New Balance shoes off their website since most stores don't have the 13 4E size I wear and now I see ads for New Balance all day every day,

Re:Download/Demo here

Ads? On /.,? I thought everyone who looks at /. was familiar with AdBlock and NoScript?

Re:Download/Demo here

[cffrost]

There was an advert for an Optical Express laser clinic, with a competition for free treatment, so I clicked. It's probably the only time I've ever clicked, and this was at work with no Ad-block installed.

Here, you've admitted to two newbie mistakes that culminate in your tale of woe.

Top of Slashdot today? Adverts for laser eye surgery at Optical Express.

These ads (and the attack/tracking vector they signify) will persist until you properly secure your browser.

In fact, every blinking website I visit at work is trying to show me adverts for Optical Express.

In Firefox, open about:config and set browser.blink_allowed to False . If the blinking continues, return to Optical Express and demand a refund.

I'm sure it must happen to everyone, everywhere.

I assure you, that is not the case.

Re:Download/Demo here

Just be glad you're not being shown adverts for porn.

Re:Download/Demo here

How does it cost you to research??? (sarcastically) There is a thing called the internet, on it you can use a "search engine"!!!! Before that there were phone books, you can ask the "doctor" for references to see what other patients had to say about there surgery! If your going to peddle a company you need to do much better then this!!!!!

How long until Google notices?

[pegasustonans]

The Mozilla Foundation reportedly receives ~$300 million annually from Google.

Google is certainly an interested party when it comes to tracking user behavior.

Is this really a good move for Mozilla strategically?

Re:How long until Google notices?

Is this really a good move for Mozilla strategically?

Yes because the general public do value privacy, and being on the side of public opinion is priceless.

Re:How long until Google notices?

Their dependency on Google is why Firefox doesn't ship with something like AdBlock+ or NoScript. Instead, they want you to tell Google "please don't track me" -- but how liberally Google interprets it is up to them. It's not like you can tell how much data Google collects on you even if you have "don't track" checked.

Re:How long until Google notices?

Of course it is. Just because they're funded, doesn't mean they're controlled. And I don't think transparency is bad for Google's main business model. People more or less know what Google gets when it is used for searching. I predict they'll jump on board with this one and provide something similar in Chrome. It's the right kind of tool to win over the masses.

Re:How long until Google notices?

[Jahta]

The Mozilla Foundation reportedly receives ~$300 million annually from Google.

Google is certainly an interested party when it comes to tracking user behavior.

Is this really a good move for Mozilla strategically?

The key issue here is informed consent. The "Collusion add-on so it will enable users to not only see who is tracking them across the Web, but also to turn that tracking off when they want to."

I've no problem allowing cookies and scripts from sites I trust and who are providing me with a service I want. The problem is the number of "drive-by" cookies and scripts you can get hit with.

When I started using NoScript I was amazed at amount of content I was being silently served from third-party sites without my knowledge or consent.

Re:How long until Google notices?

[RivenAleem]

And if Google withdraw their funding over this Collusion addon, how do you think that will look?

As far as I know, Google have been very upfrontabout what they have on me and what they use that information for. Collusion doesn't change anything for Google, especially if they respect the DNT option. I think Google would be quite alright with this, as what it really does is reveal how much OTHER people are tracking about you, and not telling you about it. Especially if OTHER people are ignoring DNT.

Like it is said, if you have nothing to hide from Collusion, then you have nothing to fear.

Re:How long until Google notices?

[bloodhawk]

Every other browser, even internet explorer, is headed towards greater user privacy options so mozilla can either go with the heard or stand out as the weak link. They don't really have much of an option here so they may as well look towards being at the front of the pack.

Re:How long until Google notices?

Of course it is. Just because they're funded, doesn't mean they're controlled.

Oh, the naivety...

Re:How long until Google notices?

[Martin+S.]

The problem is the number of "drive-by" cookies and scripts you can get hit with.

Re:How long until Google notices?

[Barefoot+Monkey]

A nice trick is to set your browser to keep cookies only for the session, clear your cookies and then grab an extension like Cookie Monster or something similar to manage exceptions for the sites where you explicitly want permanent cookies.

Re:How long until Google notices?

[Hatta]

As far as I know

Which is only what Google tells you. You don't think they're tracking you by IP address too? You don't think they're using browser fingerprinting? Google's cookie is one tiny part of the problem.

Re:How long until Google notices?

[BenoitRen]

Why do you need an extension for managing cookie policy exceptions? There is already a manager in Mozilla web browsers to manage those.

Re:How long until Google notices?

[Barefoot+Monkey]

Those sort of extensions just provide a convenient way of interacting with Mozilla's mechanism. You get a statusbar icon which changes depending on if the site you're viewing has no cookies, blocked cookies, persistent cookies or session cookies. You can click on the icon to change the default action for that site or domain. It's so much simpler than opening the options and adding exceptions manually.

Re:How long until Google notices?

[swillden]

As far as I know

Which is only what Google tells you. You don't think they're tracking you by IP address too? You don't think they're using browser fingerprinting? Google's cookie is one tiny part of the problem.

Google logs all IP addresses initially but after nine months zeros the bottom octet to anonymize them. Cookies are kept for 18 months, and many have noted that the cookies can be used to recover the full IP address going back 18 months, assuming you're always connecting from the same IP, but if you've opted out then there are no cookies stored to provide that linkage (I'm not sure if the opt-out cookie is itself anonymous, or if it's stripped before logging, or what, but it's something like that).

I don't know if browser information is anonymized; I'm sure at least enough is kept to identify the browser version.

Although you almost certainly won't believe me (since I work for Google), I'll tell you that Google tries very hard to honor tracking opt outs. If someone discovered a way that Google could recover individualized tracking about a user who had opted out, that would be considered a bug and it would get fixed. If it couldn't be fixed, controls would be put in place to ensure that the data is not used for tracking in any systematic way, and that individual employees can't access it without specific permissions, and the use of those who actually have a demonstrated need to use it would be audited.

The tinfoil hat crowd will simply dismiss this post, but the truth is that Google really doesn't want to track you if you don't want to be tracked. Google wants to convince you that you do want to be tracked, of course, that Google's services (including targeted advertising!) are actually sufficiently valuable to you that you want Google to have the data. But if you don't agree, Google provides the tools to allow you to opt out, and honors your choice.

This isn't to say that bad things will never happen, or that mistakes will never be made. Google is composed of people, and people screw up. Hence things like the Wifi packet capture, and Safari privacy workaround. But violations of the principles of user privacy are treated as errors to be corrected.

From an information-theoretic standpoint, the best way to be sure that Google never screws up with your privacy is to ensure it is impossible for Google to know anything about you, so opt out of tracking and avoid Google services, or even just block Google at your router. IMO, given its track record, trusting Google to behave responsibly isn't at all unreasonable, and I think Google offers good value in trade for your information (assuming that Google behaves responsibly). But it's your choice, and Google wants it to be possible for you to make that choice.

Re:How long until Google notices?

[cusco]

I just find it extremely intriguing that the Ford Foundation is involved in this, since they've been a money conduit for the CIA since at least the early 1960s (Project Mockingbird funding flowed to journalists through Ford Foundation and later Lyla Wallace Fund).

Re:How long until Google notices?

[Hatta]

Google logs all IP addresses initially but after nine months zeros the bottom octet to anonymize them

That's not much privacy. If I watch your browsing habits for 9 months, I bet I could put together a signature that would let me identify your browing from a group of 256 random individuals.

Re:How long until Google notices?

The tinfoil hat crowd will simply dismiss this post, but the truth is that Google really doesn't want to track you if you don't want to be tracked.

Maybe it is just dog food you are eating, but you should go read your privacy policy sometime. All of your data, whether it be browsing history, location data, email, docs, pictures... Everything, can be shared with 3rd parties. For example:

We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

Thanks for providing us with those instructions Google, and since these 3rd parties follow the same privacy policy, they can go ahead and ship it on to their buddies for "processing" too. These terms are written in such a way that it allows them to get away with anything legally, but they give you a nice warm feeling inside, like they really care.

You must be seriously disillusioned if you believe the WiFi packet capture was a mistake. Google has mostly good engineers, and I would assume that making the mistake of storing up to 1500 bytes per packet, vs 15 or so (mac address + SSID) is not something that would get past QA when you are storing data at that scale. It was absolutely deliberate. I write packet analysis software for a living and know that mistakes like those just don't happen.

Say what you will about me wearing a tinfoil hat, but I'm coming to logical conclusions based on facts and their written policies, not reading into PR like you are.

Re:How long until Google notices?

[cffrost]

Can someone please explain to me in what way Hatta's comment constitutes trolling? Is expressing concern about the practices of the world's largest advertising conglomerate a new form of trolling I was previously unaware of, or is questioning our corporate betters now grounds for being silenced?

Re:How long until Google notices?

[swillden]

Google logs all IP addresses initially but after nine months zeros the bottom octet to anonymize them

That's not much privacy. If I watch your browsing habits for 9 months, I bet I could put together a signature that would let me identify your browing from a group of 256 random individuals.

If that were the only privacy protection measure, sure.

Re:How long until Google notices?

[plover]

Is this really a good move for Mozilla strategically?

Yes because the general public do value privacy, and being on the side of public opinion is priceless.

Actually, the general public puts a very low value on privacy. If you ask do you value your privacy?", they'll say "yes, of course." But if you ask them "do you want to save 5% by signing up for our club card?", they'll practically push each other out of the way to save $0.50.

Marketers today put the benefit on the billboard, but put the terms of consent to tracking in the fine print. It would be interesting to see what would happen if the marketing came with the same kinds of warnings and side effects we see on drug ads. My guess is it would have almost no impact on the number of people who sign up to save a dollar.

Re:How long until Google notices?

[lpq]

If someone discovered a way that Google could recover individualized tracking about a user who had opted out, that would be considered a bug ...

One of the founders wrote a book on how to do it despite the low-level obfuscating techniques that are being used. They are the equivalent of "adding bits" to crypto-keys. It may take more data to statistically correlate identities, but given enough data, Bayesian induction is almost certainly powerful enough to get the job done. 18 months of data is a long time.

I would be alot more comfortable if they zapped the bottom 16 bits (since knowing my subnet already gets you knowing my geographic area within some small area. Second requirement: strip all browser ID except what browser+version; -- NO plugins/extensions. From previous experience my browser fingerprint from one fingerprint-info site, told me that my browser finger print was unique out of over 300K visitors to date. That's fairly specific. (Last time I use the lpq-brand browser! ;-)). Seriously -- fingerprints can be pretty specific.

But THIRD (and most important) requirement -- don't keep automatically collected user-information > 3 months. 18-months is more than enough for Bayesian logic to yield results.

 

Re:How long until Google notices?

[swillden]

From previous experience my browser fingerprint from one fingerprint-info site, told me that my browser finger print was unique out of over 300K visitors to date. That's fairly specific.

If that's the same site I saw... I visited it twice and it told me my fingerprint was unique the second time, too. I think it's bogus.

Re:How long until Google notices?

[lpq]

Did you upgrade a plugin? That would make it different? Or was one of your plugins auto-upgraded as many users have it set for?

I went back immediately and was told I was 1 of 2 with my fingerprint...so I'm not so sure how bogus it was or if it was the same site.

New friends

"Among the eye-opening statements in his recent TED talk, Mozilla CEO Gary Kovacs said, 'Privacy is not an option, and it shouldn't be the price we accept for just getting on the Internet.

Evidently, Gary has never met Mark Zuckerberg.

Go Ahead, Track Tor Exit Nodes!

I'm just a random Tor exit node, up one day, down the next, replaced by another random exit node.

Use the Tor Browser Bundle:
- https://www.torproject.org/

Read the Tor OPSEC article:
- http://cryptome.org/0005/tor-opsec.htm
- https://www.schneier.com/blog/archives/2012/01/tor_opsec.html

"HUGE Security Resource" - enjoy a smart selection of Security
Blogs and other security related information
- http://pastebin.com/Cm2ZHuz3

Re:Go Ahead, Track Tor Exit Nodes!

[k(wi)r(kipedia)]

I was under the impression that Tor nodes are more permanent affairs. That's why Wikipedia can ban them for repeated vandalism.

Re:Go Ahead, Track Tor Exit Nodes!

Wikipedia bans offensive exit nodes from *editing*, not *viewing* their site.

Oh, and use bridges, always:

https://bridges.torproject.org/

for reasons mentioned in the Tor OPSEC document.

For sites which ban a lot of Tor exit nodes (like godlikeproductions), Startpage's free web proxy evades 99% of these bans, but you can't post with Startpage's proxy, just read.

Using Tor, you can also run through a lot of free web proxies to evade bans on Tor exit node IPs.

Some exit nodes remain for awhile (though your circuit is not the same all of the time) others are up one day and down the next.

PS: two hidden services message boards:

http://tinyurl.com/hackbbonion
http://tinyurl.com/onionforum2

Re:Go Ahead, Track Tor Exit Nodes!

[buchner.johannes]

Tor won't help you if the website puts a cookie in your browser (which this discussion is about). What you need is a selective cookie policy (like Ghostery) -- it makes my Collusion graph blank.

Re:Go Ahead, Track Tor Exit Nodes!

I think the point is they just see all the traffic coming from the node, which can't be identified with you. Except since you have to allow javascript to get even minimal functionality on a huge number of websites now, it kind of defeats the purpose. Facebook still tracks me that way, but what are my other options? Ever try using it without javascript? Not even functional. Youtube and google seem to be the worst tracking offenders, though, with facebook and some random porn ad network in third and fourth. Funny part is over time most of the sites doing the tracking have networked together, but the porn network is entirely disconnected. Guess they deal in entirely different data sets. ;)

Re:Go Ahead, Track Tor Exit Nodes!

"Tor won't help you if the website puts a cookie in your browser"

That's what the included Torbutton add-on is for.

Configure it and your Torbrowser correctly and you don't receive any cookies, unless you decide to re-enable them. NoScript is included as well as HTTPS Everywhere. Torbutton also allows you to disable ALL cache, both disk and memory.

Ghostery is proprietary, right? IMO only the stupid trust black box software. Next, someone will say they're using Tor on Windows....

Please learn a little about the TBB prior to drawing conclusions.

Re:Go Ahead, Track Tor Exit Nodes!

"Tor won't help you if the website puts a cookie in your browser (which this discussion is about)."
WTF is this marked insightful? It's obvious the guy has never used Tor, cookies are properly managed and can be disabled with a few clicks. Is there some monetary value in pimping the closed Ghostery plugin?

Re:Go Ahead, Track Tor Exit Nodes!

"I think the point is they just see all the traffic coming from the node, which can't be identified with you. "

The workings of Tor are documented on the official site, there's no need to reinterpret it's function.

"Except since you have to allow javascript to get even minimal functionality on a huge number of websites now, it kind of defeats the purpose."

Most of the websites which require javascript in order to use are mostly stupid anyway, or exploit privacy/security.. just like...

"Facebook still tracks me that way, but what are my other options?"

Bingo! Why are you using Facebook with Tor? Read the Tor OPSEC article before you comment again.

"Ever try using it without javascript? Not even functional."

Neither are most morons who want Tor to provide complete functionality without being pwned. They want Flash, they want Java, they're just stupid.

Re:Go Ahead, Track Tor Exit Nodes!

Ghostery is a small piece of Javascript code and a list of tracking URL patterns to block.

Are you a special kind of stupid?

TOR is just as stupid feel-good pseudo-security, as full-body scanners and the whole TSA theater.

Re:Go Ahead, Track Tor Exit Nodes!

Yeah, good luck using the web with all cookies blocked.
And have fun clicking yes/no on every single fucking damn cookie.

It’s obviously you retard have never used Ghostery.
And posting twice as AC, doesn’t make you look better. (Yeah,we know that the above comment is by you too.)

Re:Go Ahead, Track Tor Exit Nodes!

There's more about Ghostery you evidently aren't aware of http://yro.slashdot.org/comments.pl?sid=2931443&cid=40412193 and you may not like it. I didn't. I don't like 1/2 truths, and people pissing down my neck and telling me it's raining!

Re:Go Ahead, Track Tor Exit Nodes!

Firefox
AdblockerPlus
NoScript
Ghostery

Set Firefox to clear Private Data and Cookies when your browser closes, set the file cache for Flash cookies to minimum (then fill it with cookies you WANT by allowing them through and culling out the ones you don't want until the cache is full of basically whitelisted cookies), install and USE CCleaner after every browsing session (set it to wipe everything but stored passwords because having to type them in every session is a security risk in itself).

If this isn't enough, just shoot your fucking computer or get out of the house and go drink up some Life.

Neat...

[hey_popey]

This is nice as a tool to increase users' awareness, but Idon't see the point of using this add-on more than a couple of minutes
Then you install ghostery if not already done, and you forget about trackers...

Re:Neat...

Truths about ghostery you evidently aren't aware of http://yro.slashdot.org/comments.pl?sid=2931443&cid=40412193 and you may not like it. I didn't. I don't like 1/2 truths, and people pissing down my neck and telling me it's raining either.

Re:Neat...

Interestingly, you have to disable NoScript to use it. I am beginning to think that is the entire point.

shouldn't be the price we accept

[Errol+backfiring]

And therefore Slashdot itself forces two of them upon you.

Who?

[oodaloop]

Title says interview with Ryan Merkly, TFS says Gary Kovaks at TED talk. Maybe I'm just new here, but does anyone read anymore?

Re:Who?

You obviously don't.

The origonal paragraph (extract from an article by Ms Smith) mentions the presentation (done by Gary Kovaks) and there is a video link of this. This is important if you want to get an idea of how Collusion works.

After this video, there is a Interview with Ryan Merkley: He speaks about his experience with Collusion and how it simply shows what is being tracked.

Re:Who?

[dna_(c)(tm)(r)]

Title says interview with Ryan Merkly, TFS says Gary Kovaks at TED talk. Maybe I'm just new here, but does anyone read anymore?

Merkly quotes Kovaks.

Now I can quote oodaloop quoting samzenpus quoting Merkly quoting Kovaks. You can quote me on that.

Re:Who?

[oodaloop]

No, I didn't RTFA. But I should be able to RTFS and understand who is talking. TFS isn't clear at all. The title mentions one person and TFS another, with no reference to the person in the title.

Re:It's all about the waves.

[Teun]

Wow to be subjected to such expensive attacks you must be a prime target!

Just as well that computer of yours is off line.

Who is (really) watching?

[k(wi)r(kipedia)]

Okay we know that Google, Facebook and other companies have a tracking system in place. But who's really watching? Is it possible that Larry Page or Mark Zuckerberg is reading this post right now and will click his iAmWatchingU app to find out who typed these words? Or is some other sentient entity looking over me like the deity of some theistic religion.

Maybe the greater danger isn't that we are being watched, but that algorithms are now in control of our lives, processing, analyzing, bankrupting us in a way where sometimes the only human intervention is someone clicking OK.

Re:Who is (really) watching?

[Zero__Kelvin]

"Maybe the greater danger isn't that we are being watched, but that algorithms are now in control of our lives"

(if) you use a (bunch) if (parenthesis) psudeo-randomly in your subject (and) u(ser)n(ame) you can fool the algorithms((!!!!))

Re:Who is (really) watching?

[FudRucker]

The Machine is Watching

Stop The Machine!

Re:Who is (really) watching?

(is i)t i(mpo(rtant th)at (the(y're a)ll closed)?

Re:Who is (really) watching?

Well, if your number comes up, Mr. Finch and Mr. Reese will keep you safe.

Re:Who is (really) watching?

Quit breaking my Lisp-based browser, you insensitive clod!

Re:Who is (really) watching?

[Zero__Kelvin]

You broke craigs-lisp you insensitive clod !1"

Overstatement alert maximum

[Shazback]

Because the memory of the Internet is forever

...Or not.

Easy Solution To This

Provide a feature in Firefox to not request pages not on the current domain.

All those embeddable scripts are now useless and centralized tracking dies a horrible death. The overheads of doing this server-side would be crippling financially.

The idea is not to fight a losing battle, but to make it expensive and financially nonviable.

Ghostery? (does the same thing?)

[FudRucker]

http://www.ghostery.com/

Re:Ghostery? (does the same thing?)

Truth about ghostery you evidently aren't aware of http://yro.slashdot.org/comments.pl?sid=2931443&cid=40412193 and you may not like it. I didn't. I don't like 1/2 truths, and people pissing down my neck and telling me it's raining either.

Re:Ghostery? (does the same thing?)

[FudRucker]

thanks for the info, i did not know ghostery was owned by advertisers, i will dump it for collusion

Block trackers via custom hosts files

Creators of custom hosts file data (see list below) include servers used for tracking in their block lists. It works... & more efficiently than browser addons running in usermode/ring 3/rpl 3 do, by far (since the hosts file's simply a filter for the IP stack running in PnP ring 0/rpl 0/kernelmode).

* See my 'p.s.' below for MORE detail on exactly what hosts can do for you as the end user of them...

A short summary of what custom hosts files can be extremely useful for:

---

1.) Malware/malscripted sites
2.) Known sites-servers/hosts-domains that are known to serve up malware
3.) Bogus DNS servers malware makers use
4.) Botnet C&C servers
5.) Bogus adbanners that are full of malicious script content
6.) Getting you back speed/bandwidth you paid for
7.) Getting you back CPU cycles
8.) Getting you back RAM
9.) Getting you back other forms of I/O
10.) Added reliability (vs. downed or misdirect/poisoned DNS servers).
11.) Added "anonymity" (to an extent, vs. DNS request logs)
12.) The ability to bypass DNSBL's (DNS block lists you may not agree with).
13.) More screen "real estate"

---

& more...

APK

P.S.=> 21++ ADVANTAGES OF HOSTS FILES

Over AdBlock & DNS Servers ALONE 4 Security, Speed, Reliability, & Anonymity (to an extent vs. DNSBL's + DNS request logs):

1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program). A truly "multi-platform" UNIVERSAL solution for added speed, security, reliability, & even anonymity to an extent (vs. DNS request logs + DNSBL's you feel are unjust hosts get you past/around).

2.) Adblock blocks ads? Well, not anymore & certainly not as well by default, apparently, lol - see below:

Adblock Plus To Offer 'Acceptable Ads' Option

http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option )

AND, in only browsers & their subprogram families (ala email like Thunderbird for FireFox/Mozilla products (use same gecko & xulrunner engines)), but not all, or, all independent email clients, like Outlook, Outlook Express, OR Window "LIVE" mail (for example(s)) - there's many more like EUDORA & others I've used over time that AdBlock just DOES NOT COVER... period.

Disclaimer: Opera now also has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc..

3.) Adblock doesn't protect email programs external to FF (non-mozilla/gecko engine based) family based wares, So AdBlock doesn't protect email programs like Outlook, Outlook Express, Windows "LIVE" mail & others like them (EUDORA etc./et al), Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 5-7 next below, & especially vs. the July 12th 2012 "DNSChanger" trojan purge that's coming soon (those folks won't get to sites if infested - I will, due to hardcodes in my hosts file of my fav. 20 sites + using BETTER filtering DNS servers (see list below))...

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, OR make you reach them faster since you resolve host-domain names LOCALLY w/ hosts out of cached memory, hosts do ALL of those things (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> htt

Re:Block trackers via custom hosts files

[Ash-Fox]

The reason why I would rather use blocking in my DNS server or software over the hosts file is because the hosts file cannot block hostnames on the basis of wildcards.

Also, a question for you, why do so many host file blocking providers use 127.0.0.1 instead of 0.0.0.0 (also can be shortened down to just '0' on many OSes, thereby saving memory) or 255.255.255.255? I find the fact the browser tries to establish a TCP connection is fairly annoying and slows down browsing more so than the addresses I have provided.

Re:Block trackers via custom hosts files

A post on custom hosts files modded down? Custom hosts block trackers. Fact. Facts with verifiable proofs alongside them shouldn't be down moderated.

Re:Block trackers via custom hosts files

[Teun]

Looks like you haven't met this APK before...

He's the Anonymous Coward with most negative karma.

Re:Block trackers via custom hosts files

Teun, you met him before, and ran from him Teun http://yro.slashdot.org/comments.pl?sid=2311948&cid=36711608 where he trashed you and you couldn't defeat the facts he posted in that link and you did a "run forrest, run", lol!

Re:Block trackers via custom hosts files

And anyone who doesn't kiss his ass is a troll. Also, he sockpuppets.

Re:Block trackers via custom hosts files

[Teun]

The fact this AC has a lot of knowledge does not make him less of a troll.

Re:Block trackers via custom hosts files

You're off topic in each post you made. You're the troll.

Re:Block trackers via custom hosts files

Ac posters don't get karma points. Troll elsewhere, you fail.

Re:Block trackers via custom hosts files

[Teun]

Woosh!

Re:Block trackers via custom hosts files

[u64]

The hosts file can be shortened even more by appending blocked IPs, rather than a line for each. Like so,

0 badIP-1 badIP-2 badIP-3

And the localhost line can shortened to,

127.1 localhost

Works in XP and 2003.

The web is broken

The internet is great but the web is broken. Browsers and web technologies suck. Just use apps you trust and stop using the web so much.

Google hasn't canned Mozilla.

So I guess I could say "oh, the cynicism".

Send fake data

It is nice to see things like Collusion and Ghostery (will install when I get home), but I think power users of the internet and those of us that care about privacy and a free internet need to take it a step further. We need to not only stop tracking, but also figure out ways to mass spoof trackers and begin corrupting their data. If, on some mass scale, we can figure out how to report bad data to advertisers, they lose all power.

Mass advertising is the biggest scam of the last 30 years. These people provide no tangible service and their value is nothing more than perception. They degrade the quality and integrity of almost every medium. Let's figure out how to change the perception.

Re:Send fake data

Read truths on ghostery you evidently aren't aware of http://yro.slashdot.org/comments.pl?sid=2931443&cid=40412193 and you may not like it. I didn't. I don't like 1/2 truths, and people pissing down my neck and telling me it's raining either.

Get A Life Man

...computers are not good for you. There are lots of ways to track people, but what you write is simply paranoia bullcrap.

poison with false positives

[PopeRatzo]

Does anyone know what ever happened to that project for salting the tracking data with false positives? I think it was called "Antiphormlite" and it had gotten up to version 1.3 I think.

I see it talked about on teh google but there doesn't seem to be any place it can be downloaded.

I love the idea of fouling tracking data. It's not enough to "track the trackers". I want to make sure they go away unless they reform themselves.

This is one of those areas where the "free market" is not going to come up with a solution. People say, "I want privacy" and the Free Market says, "Fuck you, pay me."

It's going to take vandalism on a massive scale to fix this one.

Re:poison with false positives

[cusco]

On that same idea, when the supermarket asks for your 'loyalty card' just use the phone number (321) 123-4567. Works pretty much everywhere, and if it doesn't get a new card with that number. There are probably a couple hundred of us around the US using that same number.

The other advantage of using that number is the look on the dumber cashiers' faces, since they think that's your real phone number.

Re:poison with false positives

[Kergan]

I'd wager this will happen instead eventually:

People say, "I want privacy" and Government tells Free Market, "Fuck you, stop tracking."

Re:poison with false positives

[PopeRatzo]

I'd wager this will happen instead eventually:

People say, "I want privacy" and Government tells Free Market, "Fuck you, stop tracking."

I wish I had your optimism.

Because I fear what would happen then is the "Free Market" would say, "Fuck you, Government. We own you, thanks to Citizens' United."

And that would be the end of that. There was actually a time, you know, when the air in most major US cities was incredibly foul. The Great Lakes were literally dying and rivers were catching fire. The Government told the "Free Market", "Fuck you, stop polluting." The air in cities like Los Angeles, New York, Chicago, etc is now much better, you can catch coho salmon in the Chicago River and the Great Lakes have recovered.

But now, there is an all-out effort by industry groups and ALEC and the Koch Brothers with their superPACs to roll back every bit of that. There is a candidate for president who actually has made shutting down the Environmental Protection Agency (the group responsible for the improvement) so that incredibly poisonous chemicals can be injected deep into the water table right next to major population centers. The vast coral reefs are collapsing into little pieces thanks to BP, and the CEO of BP, instead of being behind bars in striped pajamas, just got a huge bonus of 8 figures (all to the left of the decimal place).

The "Free Market" is giving us the finger, and this isn't the half of it.

There is no "free market" solution to the protection of privacy, the protection of the environment, the protection of the elderly and disabled, the protection of natural resources, the protection of civil rights, even the protection of the free market itself. See, the "Free Market" does not really want a free market at all. They want to get paid.

The checks and balances that were working for a few decades last century have been completely dismantled, not because consumers or citizens demanded it, but because a very few very very rich people want to get a lot richer. And by "rich", I mean more money than can be spent in 1000 lifetimes.

Other than that, everything's fine.

DNS vs. Hosts (ups & downs)... apk

"The reason why I would rather use blocking in my DNS server or software over the hosts file is because the hosts file cannot block hostnames on the basis of wildcards." - by Ash-Fox (726320) on Friday June 22, @07:45AM (#40409733) Homepage

Here's some "downsides" of using DNS servers (either software on same system, or, another system internal to your home network, OR lastly, even external DNS servers (wait till July 9th 2012 DNSChanger "purging day" for instance... you'll see!)):

(For added "layered-security"/"defense-in-depth", Speed, Reliability, & Anonymity (to an extent vs. DNSBL's + DNS request logs)):

---

1.) If a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 2-4 next below, & especially vs. the July 12th 2012 "DNSChanger" trojan purge that's coming soon (those folks won't get to sites if infested - I will, due to hardcodes in my hosts file of my fav. 20 sites + using BETTER filtering DNS servers (see list below))...

---

2.) Custom hosts files allow 'hardcodes' of your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, OR make you reach them faster since you resolve host-domain names LOCALLY w/ hosts out of cached memory, hosts do ALL of those things (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions (in-addr.arpa) via NSLOOKUP, PINGS (ping -a in Windows - functions for "reverse DNS lookups"), &/or WHOIS though, regularly, so you have the correct IP & it's current)).

* NOW - Some folks MAY think that putting an IP address alone into your browser's address bar will be enough, so why bother with HOSTS, right? WRONG - Putting IP address in your browser won't always work IS WHY. Some IP adresses host several domains & need the site name to give you the right page you're after is why. So for some sites only the HOSTS file option will work!

---

3.) Hosts files don't eat up CPU cycles (or ELECTRICITY) like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs.

( As custom HOSTS file are merely a FILTER for the kernel mode/PnP TCP/IP subsystem, which runs FAR FASTER & MORE EFFICIENTLY than any ring 3/rpl3/usermode app can since hosts files run in MORE EFFICIENT & FASTER Ring 0/RPL 0/Kernelmode operations acting merely as a filter for the IP stack (via the "Plug-N-Play" designed IP stack in Windows) vs. SLOWER & LESS EFFICIENT Ring 3/RPL 3/Usermode operations (which webbrowsers run in + their addons like AdBlock slow down even MORESO due to their parsing operations)).

---

4.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than remote DNS servers can, by FAR (by saving the roundtrip inquiry time to a DNS server, typically 30-100's of ms, vs. 7-10ms HardDisk speed of access/seek + SSD seek in ns, & back to you - hosts resolutions of IP address for host-domain names is FAR faster...). Hosts are only a filter for an already fast & efficient IP stack, no more layered b.s. (remote OR local). Hosts eat less CPU, RAM, I/O in other forms, + electricity than a locally running DNS server easily, and less than a local DNS program on a single PC. Fact. Hosts are easier to setup & maintain too.

---

5.) DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.

---

6.) HOSTS files pro

Re:DNS vs. Hosts (ups & downs)... apk

Regarding point #8 - it sounds like the phone needs to be rooted in order to use the hosts file method. Is there any way you know of to do it without rooting?

Re:DNS vs. Hosts (ups & downs)... apk

[Ash-Fox]

1.) If a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 2-4 next below, & especially vs. the July 12th 2012 "DNSChanger" trojan purge that's coming soon (those folks won't get to sites if infested - I will, due to hardcodes in my hosts file of my fav. 20 sites + using BETTER filtering DNS servers (see list below))...

Only reason why the DNS server would be down on my system is if I shutdown the daemon or turned off the computer - It runs on the same system and makes little difference when it comes to performance since my Linux systems use caching DNS daemons otherwise.

2.) Custom hosts files allow 'hardcodes' of your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, OR make you reach them faster since you resolve host-domain names LOCALLY w/ hosts out of cached memory, hosts do ALL of those things (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions (in-addr.arpa) via NSLOOKUP, PINGS (ping -a in Windows - functions for "reverse DNS lookups"), &/or WHOIS though, regularly, so you have the correct IP & it's current)).

I haven't noticed the difference honestly, it's that insignificant. Maybe if I was still on a 200Mhz system though...

3.) Hosts files don't eat up CPU cycles (or ELECTRICITY) like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs.

The DNS caching daemon most distros use end up being just specialized configurations of DNS servers. Sorry, I don't run my systems without a DNS cache, so I'm unlikely to see any of these benefits. Nor do I even notice any CPU usage being used up from using it?

4.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than remote DNS servers can, by FAR (by saving the roundtrip inquiry time to a DNS server, typically 30-100's of ms, vs. 7-10ms HardDisk speed of access/seek + SSD seek in ns, & back to you - hosts resolutions of IP address for host-domain names is FAR faster...). Hosts are only a filter for an already fast & efficient IP stack, no more layered b.s. (remote OR local). Hosts eat less CPU, RAM, I/O in other forms, + electricity than a locally running DNS server easily, and less than a local DNS program on a single PC. Fact. Hosts are easier to setup & maintain too.

Dig measured 1ms time for a query for www.google.com ?

5.) DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.

What bugs have I experienced again?

6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders

Sorry, I don't understand. If I made my DNS server an authoritative server for a domain to block access to the domain, how does an exploit to do with resolving, which means my DNS server will not even attempt or accept resolution for that domain mean it will get effected by that particular exploit?

7.) With DNS servers, you must prepare for learning more than

Re:DNS vs. Hosts (ups & downs)... apk

Ash-Fox, have you trolled apk before (like Teun was shown doing)?

Ring 3/RPL 3/Usermode vs. Ring 0/RPL 0/Kernelmode

See subject-line above: It's why browser level addons aren't as efficient as this is -> http://yro.slashdot.org/comments.pl?sid=2931443&cid=40409595

* It's also indicative of how far short browser addons are for ubiquity/versatility vs. custom hosts files also... same with DNS servers too to different degrees as well!

APK

P.S.=> Still, a person should use MULTIPLE LAYERS of defense online (inclusive of browser level addons, &/or better "filtering" DNS servers - all of which are noted in that link above, for that very purpose)... apk

Efficiency vs. Inefficiency

http://yro.slashdot.org/comments.pl?sid=2931443&cid=40410139

APK

P.S.=> See subject-line above, & that link... it'll fill the rest in, & in great detail! apk

EPIC FAIL! Privacy not an option? Of course it is!

It's very very simple: A web of trust.
1. Encrypt *everything*.
2. Connect only to destinations you personally trust the amount of X. (And whose keys you have obtained.)
3. Through cascading down the chains of trust, you can get to everyone trustworthy (= above a certain value, after multiplying all the factors of the nodes on the path).
If they are not in your web, they are not trustworthy. You can still connect to them, but it will show you what it will cost you. In full detail and in a summary. Live.

That's the only proper way to do it.

Everything that relies on the logical fallacy of “authority”, let alone a global one, is just "going full retard" and EPIC FAIL. But because they continue to think inside that stupid faulty model, they are mentally unable to even imagine a way that could work.

Are you on topic? No.

Go away troll. Illogical off-topic failing ad hominem attack attempts aren't cutting it for you. He's dusted you before http://yro.slashdot.org/comments.pl?sid=2311948&cid=36711608 and you ran since facts apk listed defeated you there.

ADB (Android Debugging Bridge)... apk

I just used ADB (Android Debugging Bridge) to do so as I stated - It worked.

* I.E.-> I installed ADB on a laptop, hooked it to the ANDROID OS bearing "smartphone" & with the appropriate user rights levels noted in my initial post you responded to, & did the PUSH/PULL commands to 'upload' it to the smartphone.

APK

P.S.=> Very easy, mere minutes of time to implement really - & effective for the purposes I noted, + 100% FREE...

... apk

why all the energy around DNT?

As TFS points out, DNT doesn't work. In fact, it CAN'T work - it can only push tracking offshore to jurisdictions where DNT won't be enforced. It's like asking spammers to pretty please "do not spam". Yeah, right.

The only way to have privacy is to take it on the browser side. With enough privacy extensions and a proxy to surf through, you can in fact have privacy on the internet. But it seems that not many ppls care about this. That's fine, that's their right, but it doesn't mean those of us that do care must act the same.

DNT needs to die - all it does is give the non-tech-literate crowd a false sense of security.

Thanks Teun (I'll take THAT as a compliment)

"The fact this AC has a lot of knowledge does not make him less of a troll." - by Teun (17872) on Friday June 22, @10:06AM (#40410945) Homepage

Who's the TROLL here? After all, here's some facts (which always do you in easily):

---

1.) Trolls go off-topic (like you)

2.) Trolls attempt to use off-topic illogical ad hominem attacks (like you)

3.) Trolls LOSE when confronted by facts (like you)

(OR, doesn't this "ring a bell", troll -> http://yro.slashdot.org/comments.pl?sid=2931443&cid=40410537 where you did a "run forrest - RUN" vs. facts I posted which you could not overcome on a computing technical level!)

---

Hmmm?? Who does those things here, Teun??? You did!

* Absolutely... anyone can easily see who the "run, forrest - run" troll is in the link I posted above, easily... and it's NOT me!

(Trolls such as yourself are EXTREMELY EASY to "blow away" with facts they cannot overcome - truth's like that Teun, accept it!)

APK

P.S.=> Why I even bother responding to him? Couple reasons:

A.) I keep track of the times I dust dolts like Teun, just to throw it back in their faces

&

B.) It's fun, because it is VERY EASY TO DO, everytime (trolls like Teun make it so, & make me LOOK GOOD in the process - "double-bonus")...

... apk

The aggregate is good enough, for now....

It's all about data mining. If you have millions of records then even simple searches make that information priceless. For example, lets say you have a few million lying around and want to invest it. If you could mine Google's list of searches and find out that 3% of the worlds population in the last year searched for keywords that would mean this new business venture had a good chance of filling that need, that is a HUGE leg up, or even being able to tell that a given business is creating a solution to a problem that doesn't exist.... Basically, even being able to correlate a single number from a large set of data can be VERY powerful.

Now apply this to political ideals like values, morals, ethics, and then correlate terms that cause people who disagree with you to question themselves and you now have the ability to redirect people in a direction you want them to go. It can be done subconciously too. Now, if you also control the advertising and linking you can take it one step farther and show people who disagree with you only information to change their minds rather than information to reinforce their own beliefs... I admit this is probably well beyond anything that is happening now, but the fact I can call a friend, ask him/her to do a search and get different results on the same search engine as me is very troubling already :(

Ghostery already knows who is tracking us...

[rocket+rancher]

I use Ghostery, an excellent tracker-phage for Firefox and Chrome. I installed Collusion and was a bit miffed it wasn't working, until I realized why: Ghostery works, period. It seems to me that Ghostery's list of web trackers already provides what Collusion is trying to create, so what is the point?

Teun, justify your bogus downmod of my post

Disprove the facts I posted - You can't!

You know it, I know it, & anyone reading here, knows it.

(IF the "best you've got" is *trying* to "hide" my post, without a justification based on computer technical errors I made (none afaik)? Face it - YOU FAIL!)

* I'd like to know just what it is you FEAR from custom hosts files that I posted here -> http://it.slashdot.org/comments.pl?sid=2931273&cid=40408179

(Ah... I suspect I have already answered THAT much, below!)

Doesn't really matter - your attempts @ hiding my post get nullified in seconds by my reposting beneath it, dragging it right back into view so folks can get the benefits of what I posted... pretty simple -

SO KEEP BLOWING YOUR MODPOINTS, trolls... lol!

APK

P.S.=> Tell us: Which of these "threatened parties" are you, regarding the downmodder of my posting:

---

1.) A malware maker/malicious site scripter
2.) A advertiser online
3.) A webmaster losing profits due to adbanner blocking (which saves a user money he pays out in speed/bandwidth as well as infestation by malscripted adbanners, plus more screen realestate)

---

?

... apk

Bad Information No Information ?

I've always wondered if it would be better to feed the trackers false information as opposed to none at all. The value of their product would approach 0 if the information they have is made up mainly of noise. Just a thought...

You avoid a great deal of what I posted

"Only reason why the DNS server would be down on my system is if I shutdown the daemon or turned off the computer - It runs on the same system and makes little difference when it comes to performance since my Linux systems use caching DNS daemons otherwise." - by Ash-Fox (726320) on Friday June 22, @11:07AM (#40411761) Homepage

You didn't read the list of problems DNS has I listed (numerous ones)... & get ready for July 9th 2012 "DNSChanger purge day" is all I can say ontop of that!

---

"I haven't noticed the difference honestly, it's that insignificant. Maybe if I was still on a 200Mhz system though...." - by Ash-Fox (726320) on Friday June 22, @11:07AM (#40411761) Homepage

It's there though and, it's in favor of hosts files (especially once cached for sites you block in it, and even vs. B-Tree seeks up to 2 million or so records for around 20 of your favorites placed @ the TOP of a custom hosts file - do the math, you'll see).

Caching's wonderful that way, & on Windows?? SuperFetch is EVEN BETTER (because it's NOT as easily "flushed out" as diskcache kernelmode subsystems are).

Additionally?

Especially vs. external to your home LAN (along with more power, cpu cycles, memory, & other forms of I/O usage if you setup your own local DNS server machine, or even local DNS program on your single system) - no questions asked.

---

"The DNS caching daemon most distros use end up being just specialized configurations of DNS servers. Sorry, I don't run my systems without a DNS cache, so I'm unlikely to see any of these benefits. Nor do I even notice any CPU usage being used up from using it?" - by Ash-Fox (726320) on Friday June 22, @11:07AM (#40411761) Homepage

Nothing "rides for free" (especially more "layered on" crap), & a question:

ARE YOU SETUP IN RECURSIVE MODE?

(If so, & ODDS ARE STRONG YOU HAD TO DO THAT? "Houston, we have a problem" (with port 51 "bum rushing" upstream DNS servers with bogus information requests that can last hours until they are corrected & propogate to ALL DNS servers in the dns system).

---

"Dig measured 1ms time for a query for www.google.com ?" - by Ash-Fox (726320) on Friday June 22, @11:07AM (#40411761) Homepage

Answer the question above, & tell us - IS IT POSSIBLE for you & are you in "recursive mode" there for your local DNS server (wasting more electric power, cpu cycles, memory, & other forms of I/O running it locally)?

Again - if so? You're DNS server can EASILY be "dns poisoned" redirected... and, you KNOW it.

(Maybe you don't - I suggest you read a few of those links I posted & be aware of what "DNS poisoning" is!)

---

"This is slashdot, not idiots united." - by Ash-Fox (726320) on Friday June 22, @11:07AM (#40411761) Homepage

I wonder about that - after all the "hassles" DNS servers have, especially set in RECURSIVE MODE, which I listed more than a few of? Please... lol!

---

"I consider modifying DNS server zones relatively easy and can do far more complex configurations than hosts files can do (wildcards for one) in just a few seconds." - by Ash-Fox (726320) on Friday June 22, @11:07AM (#40411761) Homepage

Editing a text file like hosts is FAR easier... and you know it (anyone can use notepad.exe OR other text editors, after all!)

---

"Now, it's true that setting up a new zone for a completely new domain would take me a several seconds compared to the two seconds for adding a line to hosts file - But honestly, that's a non-issue. " - by Ash-Fox (726320) on Friday June 22, @11:07AM (#40411761) Homepage

Aha - YOU ADMIT THE TRUTH... I love it!

---

"If it was really an annoyance to me, I'd write a s

Re:You avoid a great deal of what I posted

[Ash-Fox]

You didn't read the list of problems DNS has I listed (numerous ones)... & get ready for July 9th 2012 "DNSChanger purge day" is all I can say ontop of that!

You came up with things that were not relevant to me. I'm not infected by DNSChanger for example and have not experienced issues caused by it, and I doubt I ever will. Your forgot to mention that there is malware out there, that will also modify your hosts file, as opposed to DNS server settings - Both can be equally exploited this way.

It's there though and, it's in favor of hosts files (especially once cached for sites you block in it, and even vs. B-Tree seeks up to 2 million or so records for around 20 of your favorites placed @ the TOP of a custom hosts file - do the math, you'll see).

To be honest, hosts would likely be slower for what I do in DNS. An example of doing a wildcard in hosts would require me to generate a hosts file that had very single combination of a subdomain and it's subdomains for each domain blacklisted. I'm pretty sure hosts would end up using more memory and be slower with that amount of records. Not to mention notepad would likely lock up for a good long while, considering it stalls loading file that are 1MiB, never mind larger files.

But as for the actual impact of my DNS server. I'm not seeing any time difference on my system while running a compile on one of my large projects when I turn the DNS server on or off with dig running in a bash script while loop performing a look up,

What exactly am I supposed to be crying about? I'm not seeing the impact at all on my system.

ARE YOU SETUP IN RECURSIVE MODE?

No, it's mixed mode. Any zones that are setup authoritative for blocking in the name server are not recursive, just like with a hosts file, it won't go out and attempt to resolve it and it's superior in the way that it won't even resolve an IP address, so the browser won't even try connecting to the address because it was told there was no records available for that type of query.

For anything that isn't blocked, the DNS server uses forwarding mode, using TCP instead of UDP with Google DNS.

Answer the question above, & tell us - IS IT POSSIBLE for you & are you in "recursive mode" there for your local DNS server (wasting more electric power, cpu cycles, memory, & other forms of I/O running it locally)?

By default the dns caching daemons in various Linux distros are actual DNS servers that are setup in forwarding, cache mode. I've only modified my setup to act as an authority DNS server for domains I want to block too.

Again - if so? You're DNS server can EASILY be "dns poisoned" redirected... and, you KNOW it.

Even if I switched to recursive mode, it wouldn't be vulnerable, since I have the server set to use TCP instead of UDP for queries.

Editing a text file like hosts is FAR easier... and you know it (anyone can use notepad.exe OR other text editors, after all!)

My zone files are plain text and can be edited by any sane text editor?

Aha - YOU ADMIT THE TRUTH... I love it!

The truth that I need to type out an SOA line at the top of a zone file? Oh nos.

Above all else - Ash-Fox is TRYING TO TELL US "DNS HAS NO ISSUES"?

No, I told you I don't have issues. I even explained to you in my initial post why I don't use hosts file, which was to do with the fact you couldn't have a wildcard entry.

(For the curious: I initially started using TCP because of packet loss issues on my home Internet, then later saw no need to change it as it didn't effect my DNS resolution enough to be an annoyance.)

Ghostery's true background

Seems like a lot of people are praising Ghostery, which leads me to believe that you haven't heard the backstory.

Evidon, which makes Ghostery, is an advertising company. They were originally named Better Advertising, Inc., but changed their name for obvious PR reasons. Despite the name change, let's be clear on one thing: their goal still is building better advertising, not protecting consumer privacy. Evidon bought Ghostery, an independent privacy tool that had a good reputation. They took a tool that was originally for watching the trackers online, something people saw as a legitimate privacy tool, and users were understandably concerned. The company said they were just using Ghostery for research. Turns out they had relationships with a bunch of ad companies and were compiling data from which sites you visited when you were using Ghostery, what trackers were on those sites, what ads they were, etc., and building a database to monetize.

When confronted about it, they made their tracking opt-in and called it GhostRank, which is how it exists today. They took an open-source type tool, bought it, turned it from something that’s actually protecting people from the ad industry, to something where the users are actually providing data to the advertisers to make it easier to track them. This is a fundamental conflict of interest.

To sum up: Ghostery makes its money from selling supposedly de-indentified user data about sites visited and ads encountered to marketers and advertisers. You get less privacy, they get more money. That's an inverse relationship. Better Advertising/Evidon continually plays up the story that people should just download Ghostery to help them hide from advertisers. Their motivation to promote it, however, isn't for better privacy; it's because they hope that you'll opt in to GhostRank and send you a bunch of information. They named their company Better Advertising for a reason: their incentive is better advertising, not better privacy.

Re:Ghostery's true background

That explains why this guy was downmodded then http://yro.slashdot.org/comments.pl?sid=2931443&cid=40409595 since everyone knows marketers use forums boards plants/shills.

Re:Ghostery's true background

Hi Coward, thanks for your misinformation. Get a clue and learn how to read source code and company descriptions. Once done, please read what Evidon does. Thanks.

Re:Ghostery's true background

learn how to read source code

Ghostery is closed source.

Re:Ghostery's true background

[PopeRatzo]

That explains why this guy was downmodded then

No, he was downmodded because his post was cut and paste spam.

Even if it was worthwhile information, you don't post a comment of that length. Get your own goddamn blog if you want to write 5000 words.

Re:Ghostery's true background

It is, but that doesnt mean you cannot look at their source code. All extensions are just zip files with original sources in them.

Multifox+good cookie manager

[nbsr]

I'm disappointed with Mozilla's approach to privacy (or lack of it). Currently the biggest danger for privacy is not tracking (your bank also tracks your transactions) but collecting all the available threads of information to build a fairly complete profile of the user. Yet Mozilla is pretty much ignoring the problem to the point it is difficult to differentiate Firefox from Google Chrome (a browser specifically designed for collecting information).

The only thing I ask for is a good identity manager (Multifox v.1.x is pretty good) and a convenient cookie manager (for lack of better alternatives I use CookieCuller). Things I *don't* want are "do not track" efforts, which change nothing, except for giving Mozilla an undeserved label "we care".

Your TODO list:

Make the damn identities and cookies first class components of the browser and let the users control them as easily as they control URLs or tabs. In my current setup, I have several Firefox windows open, each with a different user being logged into Google/FB/you_name_it, and with different sets of cookies allowed. This works pretty well but currently this setup takes too much fiddling to work.

Identity management should be integrated. Period. Not as a clumsy session management dialog box, which only shows up at start-up (if you ask for it). Identity name should be displayed in the url/title bar, and integrated with the context menu ("Open as ...", or "New Window with Identity ..."), bookmarks, URL bar etc.

Cookies are still waiting for a good manager, with some sort of user contributed black/white lists (like Adblock did for URLs). Filtering cookies should be as easy as "block cookies from this provider when browsing as ..." (note that identity shows up here too).

Re:It's all about the waves.

[cusco]

Kat Sung, is that you?

Common Service != Collusion

[lenzm]

Just because two websites use the same service doesn't not mean that data is shared between those two customers, eg. Google Analytics,

I had plenty relevant (including proof you troll)

For starters, you avoided a question that was asked of you http://yro.slashdot.org/comments.pl?sid=2931443&cid=40412291 and as to that? I have the answer:

YES, you have (completely off-topic because you're unable to disprove my points on hosts files) -> http://tech.slashdot.org/comments.pl?sid=2024512&cid=35403488

(Go away troll - You, trying to take ME on? It's like an ant attacking a mastodon, lol! It's impossible to do, and you're TOO small/undereducated to do so... and you KNOW it!)

That "all said & aside"? Well - time to "trash you" (with ease) again, once more, & point-by-quoted-so-called-'point' from you:

---

"You came up with things that were not relevant to me." - by Ash-Fox (726320) on Friday June 22, @01:05PM (#40413497) Homepage

LOL, oh, really? Ok - answer these questions then:

1.) Does another layer of crap ontop of the IP stack create more overheads in electricity usage, cpu usage, memory usage, & other forms of I/O usage??

2.) Does DNS have KNOWN ISSUES, big ones???

(Just answer those...)

---

"To be honest, hosts would likely be slower for what I do in DNS." - by Ash-Fox (726320) on Friday June 22, @01:05PM (#40413497) Homepage

LOL - oh man... so, you're telling us that layering on things you don't REALLY need vs. a custom hosts file is "faster" & "more efficient"? Does it use less electricity as well??

(Answer the questions).

---

"Not to mention notepad would likely lock up for a good long while, considering it stalls loading file that are 1MiB, never mind larger files." - by Ash-Fox (726320) on Friday June 22, @01:05PM (#40413497) Homepage

LMAO... oh, so reading up lists for local DNS servers doesn't take time either? Tell us another one, ok?? Man, you are MAKING ME LAUGH!

(Again - answer the question)

Funniest part is, I can load a 1.8 million record bearing custom hosts file here in less than 9 seconds flat on Windows 7 64 bit (read up off a TRUE SSD, based on DDR2 RAM in a 4gb Gigabyte IRAM)... that's just for edits though (and I don't DO that anymore, & haven't in oh, nearly a decade since I automated the entire process into a program I wrote to do it).

---

"By default the dns caching daemons in various Linux distros are actual DNS servers that are setup in forwarding, cache mode." - by Ash-Fox (726320) on Friday June 22, @01:05PM (#40413497) Homepage

LOL - by default, the kernelmode diskcaching subsystem in the Operating System caches my hosts file (rather than the faulty DNS clientside cache service which fails on larger hosts files), or, the SuperFetch system does (even better).

I do that, & without "layering on" more crap I don't really need that's more difficult to maintain (you even conceded that vs. notepad.exe edits), and full of FAULTS (known faults, truckloads of them).

---

"Even if I switched to recursive mode, it wouldn't be vulnerable, since I have the server set to use TCP instead of UDP for queries." - by Ash-Fox (726320) on Friday June 22, @01:05PM (#40413497) Homepage

You INTRODUCED OVERHEADS then, since TCP has to perform "callbacks", & UDP doesn't...

(When will you learn that trying to "get the better of me" in computing tech is nigh impossible?)

---

"My zone files are plain text and can be edited by any sane text editor?" - by Ash-Fox (726320) on Friday June 22, @01:05PM (#40413497) Homepage

And, they're harder to understand & more complex than hosts files entries (no doubt about it, as I have edited them myself more than a few times over decades).

---

Re:I had plenty relevant (including proof you trol

[Ash-Fox]

For starters, you avoided a question that was asked of you http://yro.slashdot.org/comments.pl?sid=2931443&cid=40412291 and as to that? I have the answer:

YES, you have (completely off-topic because you're unable to disprove my points on hosts files) -> http://tech.slashdot.org/comments.pl?sid=2024512&cid=35403488

If it makes you feel any better, I didn't remember you. But wow, u really mad, bro.

LOL, oh, really? Ok - answer these questions then:

1.) Does another layer of crap ontop of the IP stack create more overheads in electricity usage, cpu usage, memory usage, & other forms of I/O usage??

Electricity wise, not enough to make any noticeable difference on my wattage meter when I turned the DNS server off. CPU usage, not enough to even be noticed as clarified before with my compilation test. Memory usage, I'm sceptical that a wildcard in a DNS server for a specific domain is going to use more memory than inserting every single possible combination of addresses for a specific hostname in a hosts file and I cannot be assed to write a generator to test it out. I/O wise, having a really huge list because of previous reason, yeah...

Let's not forget that without this DNS server, I wouldn't have DNS caching on my system, so by removing the DNS server, I lose DNS caching too.

2.) Does DNS have KNOWN ISSUES, big ones???

Yes. However those issues do not effect me.

LMAO... oh, so reading up lists for local DNS servers doesn't take time either? Tell us another one, ok?? Man, you are MAKING ME LAUGH!

All my zones are split into separate files, although if you wanted it all in one file, I guess that works too.

And, they're harder to understand & more complex than hosts files entries (no doubt about it, as I have edited them myself more than a few times over decades).

You can do far more than a hosts file with it, so of course it's going to have more functionality. As for understanding, for me it's simple.

Your skill level in computing appears to be little better than a script kiddie/end user - after all, did YOU write your DNS server program?

Hey guys, if you don't write your own DNS server, you're a script kiddy.

Time to tear you apart completely... apk

"Electricity wise, not enough to make any noticeable difference on my wattage meter when I turned the DNS server off." - by Ash-Fox (726320) on Friday June 22, @02:32PM (#40414665) Homepage

Ah, but you DO CONCEDE IT USES MORE POWER... period (good enough for me, you fail here & in the same stroke, prove my point for me).

I do NOT see how you can say that, when you're running a SEPARATE SYSTEM THERE for DNS purposes... that's a DEFINITE "dent" in power in a bad way!

---

"CPU usage, not enough to even be noticed as clarified before with my compilation test." - by Ash-Fox (726320) on Friday June 22, @02:32PM (#40414665) Homepage

Ah, again - Yet, You DO CONCEDE IT USES MORE CPU CYCLES... you have to:

Since running a local DNS server machine especially wastes more of EVERYTHING, & even when its a service or daemon running locally it uses more!

Face it - Running a DNS server locally? Hell - it's an unecessary ADDED LAYER OF COMPLEXITY ABOVE THE IP STACK (which the hosts is not, it's just a filter & makes less work in fact, especially when using 0 or 0.0.0.0 DENY/blackholes as blocking "ip addresses")... period (good enough for me, you fail here).

---

"Memory usage, I'm sceptical that a wildcard in a DNS server for a specific domain is going to use more memory than inserting every single possible combination of addresses for a specific hostname in a hosts file and I cannot be assed to write a generator to test it out.." - by Ash-Fox (726320) on Friday June 22, @02:32PM (#40414665) Homepage

First - WTF? How do you figure I need to do MORE than block a domain-hostname (major parent one) or a subdomain??

(I get them every 15 minutes here from 15 sources in total, each is reliable & QUITE reputable!)

SECONDLY/IMPORTANT:

Ah, YET again - You DO CONCEDE IT USES MORE MEMORY... you have to:

Since running a local DNS server machine especially wastes more of EVERYTHING, & even when its a service or daemon running locally it uses more and then its data + user interfaces do even more...!

---

"I/O wise, having a really huge list because of previous reason, yeah..." - by Ash-Fox (726320) on Friday June 22, @02:32PM (#40414665) Homepage

This you seem to FREELY concede this... good!

(Since YET AGAIN, for the reasons noted above? You have to, and you KNOW it!)

---

"Let's not forget that without this DNS server, I wouldn't have DNS caching on my system, so by removing the DNS server, I lose DNS caching too." - by Ash-Fox (726320) on Friday June 22, @02:32PM (#40414665) Homepage

Ah... but, I don't lose caching of the hosts file though, ever, since:

1.) The system's diskcaching kernelmode subsystem caches it for me since its merely file data used by the IP stack as a filter, lessening the workload it does in fact!

(& I turn off the local faulty with largish hosts files DNS clientside cache service here too, saving all RAM, CPU, & other I/O associated with it - BONUS, & offsetting what memory I use for hosts in RAM once cached).

2.) Then, SuperFetch in Windows does caching too & BETTER than the diskcaching kernelmode subsystem (better aging algorithms vs. flush due to force of memory pressure).

"DOUBLE-BONUS!"

---

"Yes. However those issues do not effect me." - by Ash-Fox (726320) on Friday June 22, @02:32PM (#40414665) Homepage

Beg to differ - you seem to COMPLETELY AVOID THE FACT THAT BY RUNNING "MIXED MODE" & using TCPYOU INTRODUCED "callback" overheads TCP uses (whereas UDP does not).

* You fail badly here... very badly. Perhaps in a way, worst of them all of your numerous concessions to myself & points I made on efficiency vs. DNS servers already above.

-

Re:Time to tear you apart completely... apk

You're a fucking nutter mate. It ain't healthy to care that much.

Re:Time to tear you apart completely... apk

[Ash-Fox]

Listen mad Guy, I don't know why. But for some reason you think I'm advocating some solution for you, I am going to clarify, I am not. I have never made any of my posts here to imply these are solutions for you. I am highlighting why hosts is not a viable solution for me.

Ah, but you DO CONCEDE IT USES MORE POWER... period (good enough for me, you fail here & in the same stroke, prove my point for me).

Actually, I pointed out there was no notable difference. You should really be taking from that that, that if it does have an impact, it's so small, it doesn't matter. Your point really means nothing for my uses in practice and that is what I am getting at.

Ah, again - Yet, You DO CONCEDE IT USES MORE CPU CYCLES... you have to:

It uses so many more CPU cycles that I can't even get it to slow down any sorts of intensive processes on my system by any notable differences when it's on or off in practice? This is why not a single fuck is given.

First - WTF? How do you figure I need to do MORE than block a domain-hostname (major parent one) or a subdomain??

I am not talking about you.

Beg to differ - you seem to COMPLETELY AVOID THE FACT THAT BY RUNNING "MIXED MODE" & using TCPYOU INTRODUCED "callback" overheads TCP uses (whereas UDP does not).

I don't know, the overhead of packet loss and numerous rerequesting might be far worse, since a lot of that won't be done on the kernel, router level? Notable overhead that is adversely effecting everything? Not seen it either.

Such as what? Tell you what - You PROVE to me you can do more for less than a custom hosts file does & ESPECIALLY FOR LESS?? You'll have made a point!

Blocking an entire domain:

$ORIGIN example.com.
$TTL 1h
example.com. IN SOA (0 1d 1d 1d 1d)

Do the same with a hosts file and you have to come up with every possible combination to block every subdomain too.

Facts, are facts... that I write my own wares, & doubtless BEFORE YOU WERE BORN I'd possibly wager & did pretty damned well @ it... proof?

What I take from this is that you're saying is, you're really mad because an 'end-user' or 'script kiddy' as you put it can grasp how to configure a DNS server with little effort and cannot see your arguments being of any note in practice and you need to try to push 'authority' on the subject by posting your CV / resume.

You fail, off-topic trolling as usual, Teun (lol)

Especially vs. myself, since You're a KNOWN troll -> http://yro.slashdot.org/comments.pl?sid=2931443&cid=40410651

(One I completely "knocked-the-chocolate" out of, with you pulling a "Run, Forrest, RUN" (lol), here -> http://yro.slashdot.org/comments.pl?sid=2311948&cid=36711608 in the past when you tried to "troll me"... & failed).

Why?

Well - simple: Your trolling myself always resulted in you being unable to disprove my points in favor of hosts files & them gaining users more:

---

1.) "Layered-Security"/"Defense-in-Depth"
2.) Their monies worth paid for internet connections in speed/bandwidth they pay for (via blocking adbanners, known bad sites/servers-hosts/domains, & hardcoding users favs into the hosts file itself resolving them locally & FAR FASTER than remote DNS servers do)
3.) Giving folks the above, + for less CPU cycles, RAM, & other forms of I/O + electricity usage than running a DNS server machine locally (OR even as a service or daemon on the same single system users have).
4.) Better "anonymity" vs. DNS request logs
5.) The ability to bypass unjust DNSBL's (DNS block lists)

---

(& FAR More...)

* "Nuff said", as the saying goes...

APK

P.S.=> Teun, before you *try* to "take me on", completely off-topic trolling as per your usual? Suggestion - get a CSC degree... you'll need it! apk

Internet Is NOT Forever

You Idiots

Re:You fail, off-topic trolling as usual, Teun (lo

[Teun]

Look here APK, it's not your undeniable knowledge that makes you a troll, it's the way you present it.

I'm the last to suggest I know more than you about some of the subjects you rant about.

Iron + ORIGINAL UCF AddOn + OpenDNS = Happy Day

The only F*****G combination you will ever need!

Make sure to get the ORIGINAL ultimate chrome flag, not the new one that has all of the crapware along with it.
Original UCF can be found on the usual torrent sites. Iron is made by SRWare and is 100% open source.

Mozilla is ignorant and late as usual

[Luckyo]

The more I listen to various mozilla reps, the more I am convinced that they are extremely distanced from reality, and firefox's reduction in market share is direct consequence of this ignorance.

The problems he's talking about has been long solved by "there is an add-on for that" in firefox. Use ghostery. It has a good list of pretty much all meaningful tracking services and offers to block them for you on per-site basis or globally, along with a nice list of all trackers currently tracking you and if they're blocked or not.

And now, mozilla is essentially sponsoring a more gimp version of ghostery? Colour me unimpressed.

Upset are we? Especially after my last post??

Of course (& yes, I know it's you Ash-Fox posting as ac now) -> http://yro.slashdot.org/comments.pl?sid=2931443&cid=40415267 - it's NOT my fault you blew it on every "so-called 'point'" you *TRIED* (& failed on) to make... lol!

* Now, with YOU tossing names in an off-topic illogical failing ad hominem attack attempt, calling me a "nutter" etc.? Please...

You're only proving my point more, & that YOU GOT PWNED, badly, So - I suppose I ought to THANK YOU for that, & why? Makes ME, look GOOD!

APK

P.S.=> This? Well... you just KNOW I've just GOTTA say it, as-is-per-my-inimitable style & trolls:

This?? This was just "too, Too, TOO EASY - just '2EZ'", & it always is, vs. the "wannabe computer gurus" @ /. (most of whom are nothing more than "script kiddies" playing computer expert, using tools others write for them to merely USE, but never create)... apk

Re:Upset are we? Especially after my last post??

The above was NOT me... apk

Not angry @ all (why should I be?)

You conceded ALL OF MY POINTS that disproved yours -> http://yro.slashdot.org/comments.pl?sid=2931443&cid=40415267 - it's NOT my fault you blew it on every "so-called 'point'" you *TRIED* (& failed on) to make... lol!

So, what's with the "mad guy" stuff next below?

---

"Listen mad Guy, I don't know why. But for some reason you think I'm advocating some solution for you, I am going to clarify, I am not. I have never made any of my posts here to imply these are solutions for you. I am highlighting why hosts is not a viable solution for me." - by Ash-Fox (726320) on Friday June 22, @04:32PM (#40416235) Homepage

You ought to well consider it, especially after your concessions to me in the link just above (my last reply to your "so-called 'points'", point-by-point, & you CONCEDED THEM, point by point.

---

"Actually, I pointed out there was no notable difference." - by Ash-Fox (726320) on Friday June 22, @04:32PM (#40416235) Homepage

There is though, & YOU DON'T DENY IT (in terms of CPU cycles used, RAM used, Other forms of I/O occurring, unnecessary layering of things onto the IP stack, & also electrical power usage & thus, HIGHER BILLS, by running your own LOCAL DNS SERVER (especially a separate machine)).

---

"You should really be taking from that that, that if it does have an impact, it's so small, it doesn't matter." - by Ash-Fox (726320) on Friday June 22, @04:32PM (#40416235) Homepage

Tell that to your utility company, above ALL else, from what I enumerated above (which you have already conceded I am correct on)...

---

"Your point really means nothing for my uses in practice and that is what I am getting at." - by Ash-Fox (726320) on Friday June 22, @04:32PM (#40416235) Homepage

Several points in the url link above tend to show otherwise, as well as your conceding said points noted again above.

---

"It uses so many more CPU cycles that I can't even get it to slow down any sorts of intensive processes on my system by any notable differences when it's on or off in practice? This is why not a single fuck is given" - by Ash-Fox (726320) on Friday June 22, @04:32PM (#40416235) Homepage

You must be EXTREMELY WEALTHY then, to be able to cavalierly blow off saving power, let alone performance dragging unnecessary & truly UNNEEDED apps like a local DNS server (& especially on another system entirely rather than just as a local service on a single machine).

---

Do the same with a hosts file and you have to come up with every possible combination to block every subdomain too." - by Ash-Fox (726320) on Friday June 22, @04:32PM (#40416235) Homepage

I don't need to do any more than just get my feeds from my reputable, reliable & respected sources (15) for that data... that's all. for blocking purposes - the rest I depend on filtering DNS servers vs. threats online in Norton DNS, OpenDNS, & ScrubIT DNS (in my IP stacks' DNS settings in Windows, AND, in my firewalling hardware router).

As far as hardcodes of my favs which resolves FASTER than calling out to remote DNS servers, even safer ones like I use? That's purely up to me!

I keep it below the mark where an indexed B-Tree seek would make a difference by putting 20 @ the top of an approximately 2 million entry HOSTS file!

(The bulk/majority of which is blocked off KNOWN BAD botnet C&C servers, bogus DNS servers they use, sites-servers/hosts-domains known to serve up malware or malicious script, adbanners, & tracking servers (doesn't even HAVE to be fast here, it's going to be BLOCKED no matter what)).

---

"What I take from this is that you're saying is, you're really

Re:Not angry @ all (why should I be?)

[Ash-Fox]

There is though, & YOU DON'T DENY IT (in terms of CPU cycles used, RAM used, Other forms of I/O occurring, unnecessary layering of things onto the IP stack, & also electrical power usage & thus, HIGHER BILLS, by running your own LOCAL DNS SERVER (especially a separate machine)).

For some reason you don't understand, "Electricity wise, not enough to make any noticeable difference on my wattage meter when I turned the DNS server off." - In other words, it's highly unlikely I would see any difference in my electrical power usage. Wattage is a way to express power usage. No notable difference would mean that the numbers being returned is not showing any variance that seems any different from before.

Tell that to your utility company, above ALL else, from what I enumerated above (which you have already conceded I am correct on)...

They also use wattage measurements.

You must be EXTREMELY WEALTHY then, to be able to cavalierly blow off saving power, let alone performance dragging unnecessary & truly UNNEEDED apps like a local DNS server (& especially on another system entirely rather than just as a local service on a single machine).

According to the data I have here, there is no difference in cost for me.

I don't need to do any more

Again, I am addressing my uses, not yours.

As far as hardcodes of my favs which resolves FASTER than calling out to remote DNS servers, even safer ones like I use? That's purely up to me!

I told you I am using forwarding, not recursion with Google DNS, which means it asks Google's DNS servers for queries that aren't filtered through an authoritative zone.

I've done that MANY times on DNS servers (had to, part of the job as a network admin, but I moved onto tougher jobs, coding, about the 5th yr. of my professional career in the art & science of computing).

Cool story, bro.

Ash-Fox, come on - IMPERSONATING ME now?

"The above was NOT me... apk" - by Anonymous Coward on Friday June 22, @05:45PM (#40416925)

See subject-line above, it was BAD ENOUGH you stooped to doing ac posts, but attempting to impersonate me now too?

(LOL, come on...)

APK

P.S.=> After all, & ABOVE ALL ELSE HERE?

Hey - It's not MY fault you "blew it", point-by-so-called 'point'" of yours here, conceding each point to me -> http://yro.slashdot.org/comments.pl?sid=2931443&cid=40415267 ...

However - You trolling me in the past on /. before -> http://tech.slashdot.org/comments.pl?sid=2024512&cid=35403488

?

That was your undoing as far as your reasons for attempting to debate me as far as I am concerned here as it also undermines your overall credibility too (shot now, see link above), but now impersonating me too, or trying to?

Come on... lol! Makes it even WORSE for your credibility, as you're a known troller!

I thought you were BETTER THAN THAT... guess not, & only err I made here was that much I suppose!

... apk

"Rinse, Lather, & REPEAT"

See subject-line above & my last post to you here http://yro.slashdot.org/comments.pl?sid=2931443&cid=40415401

(Says it all).

"Look here APK, it's not your undeniable knowledge" - by Teun (17872) on Friday June 22, @04:10PM (#40415999) Homepage

Listen - I am NOT that "good"... I can "get the job done" & that's my estimation of myself... nothing more, nothing less.

---

"that makes you a troll, it's the way you present it." - by Teun (17872) on Friday June 22, @04:10PM (#40415999) Homepage

See my p.s. below, & you are NOT one to talk man - you've trolled me before, I've shown & proved that much, and you came in here off-topic trolling again!

(After the above & evidences you've trolled me before? Hey - you truly are, THE POT CALLING THE KETTLE BLACK!)

---

"I'm the last to suggest I know more than you about some of the subjects you rant about." - by Teun (17872) on Friday June 22, @04:10PM (#40415999) Homepage

See above - again, you're overestimating me.

APK

P.S.=> I don't know what is wrong with HOW I present things here... I use great detail, because 1 thing /.'s taught me is simple: Miss a point or detail? You get attacked by nitpicking trolls, so... I endeavor to use detail because of that... apk

It's supposed to be a dot-ORG

The Mozilla Foundation reportedly receives ~$300 million annually from Google.

Google is certainly an interested party when it comes to tracking user behavior.

Is this really a good move for Mozilla strategically?

The Mozilla Foundation is supposedly a non-profit organization. Allowing decisions to be influenced by Google (or Google's money, or fear of losing Google's money) would be a huge conflict of interest. If a non-profit starts chasing money, it risks losing its non-profit, tax-exempt status.

APK = LIMITLESS

"I see every scenario. I see 50 scenarios. That's what it does Carl. It puts me 50 moves ahead of you" and what's apk's secret? Medication. http://www.youtube.com/watch?v=THE_hhk1Gzc&feature=player_detailpage

WoW... that actually looks GOOD! apk

Sorry, no "medication" necessary here (as I'm more a product of education in multiple degrees, & hard work professionally), just "drive"...

Per my subject-line though, Teun? I'll go off-topic though for once, because you've been thus from the start here... but, that flick looks REALLY good!

(Thus? Well...I've GOT to see it - I'm not living that much differently of a lifestyle than Eddie Morra in that preview trailer (not QUITE as opulent, but, getting there slowly but surely)).

APK

P.S.=> Again, you're overestimating me, as I stated to you here vs. your other off-topic trolling as per your usual reply response -> http://yro.slashdot.org/comments.pl?sid=2931443&cid=40417129 , however, on this flick?? Again, it DOES look good, so... thanks for the "tip"!

... apk

More machines = more power usage (fact)

Nobody's going to tell me that running more than 1 machine isn't going to eat more power, & by your running a separate DNS server there? You are.

APK

P.S.=> This part had me curious though:

"I told you I am using forwarding, not recursion with Google DNS, which means it asks Google's DNS servers for queries that aren't filtered through an authoritative zone." - by Ash-Fox (726320) on Friday June 22, @06:37PM (#40417283) Homepage

What on EARTH does THAT have to do with my hardcoded favorites in my hosts file that I keep 20 of over nearly 2 million hosts file record entries?

... apk

Re:More machines = more power usage (fact)

[Ash-Fox]

Nobody's going to tell me that running more than 1 machine isn't going to eat more power, & by your running a separate DNS server there? You are.

Uhm, I said:

Only reason why the DNS server would be down on my system is if I shutdown the daemon or turned off the computer - It runs on the same system and makes little difference when it comes to performance since my Linux systems use caching DNS daemons otherwise.

In other words, no, I don't run a separate machine for DNS, my workstation has it's own DNS server setup - Which is by the way is installed and setup by default setup by the OS under the forward+caching configuration - I only changed it's configuration slightly to support read zone files for blocking domains. Turning off the daemon showed no real difference in power consumption.

Running any program eats power, CPU, RAM & mor

That setup still consumes more power than NOT running a program, as well as CPU cycles + RAM & other forms of I/O (diskbound operations for example).

* Nothing rides for free... fact - you know it, I know it, ANYONE READING, knows it.

APK

P.S.=> There's no escaping that fact, or the laws of physics - @ this point, you've conceded a LOAD of things to me anyhow -> http://yro.slashdot.org/comments.pl?sid=2931443&cid=40415267 so, there you go - no real need for me to continue this, seeing as you've conceded all of my points to me anyhow... apk

Interesting (here's how I do it by comparison)

I got an MS VP of the "Windows Client Performance Division" to concede that on /. as well - he had to (since tinier files read/write faster than big ones) -> http://slashdot.org/comments.pl?sid=1467692&cid=30384918

Sort of the SAME IDEA you're propounding - though I've never seen it done like you're stating!

(So, assuming you're being "straight" on this here? Well - "live & learn", & just when I thought I "knew it all" on hosts files - I'd have to try what you're stating to find out if it's true, but for now @ least, I'll take your word on it).

So, why are 0, &/or 0.0.0.0 faster & better on disk and reads than 127.0.0.1? Common-Sense, first of all!

E.G.-> Well, the first octet(s) IS/ARE 2-7 bytes (16 bits) smaller each entry used is why: COMMON-SENSE!

I.E.-> Thus, over a large amount of entries this makes for FASTER loadtime from disk into your local Cache and since 0 is smaller than both 0.0.0.0 &/or 127.0.0.1 for blocking entries!

(That also doesn't perform a "loopback operation" either, bonus!)

0 (and 0.0.0.0) are essentially analogs to a DROP request vs. 127.0.0.1 doing essentially a DENY request (as in firewalls) and a loopback operation directing back to itself, you have more efficient operations doing 0 or 0.0.0.0 vs. 127.0.0.1, the "loopback adapter" and its address (yes, even on Windows where there is a loopback adapter one may bind to a protocol (which is only a dummy driver for systems that have no NIC in them, see here in that regard) -> http://www.windowsitpro.com/article/john-savills-windows-faqs/what-is-the-microsoft-loopback-adapter-and-why-do-i-need-it-for-sql-server-.aspx )

APK

P.S.=> The shame of it changing in VISTA onwards (&, it has) is simple:

Before 12/09/2008 "MS Patch Tuesday", VISTA could use 0 as a leading blocking "ip address" (vs. 0.0.0.0 or worst case, 127.0.0.1) - it no longer can, & neither can Server 2008 or Windows7!

That UNQUESTIONABLY leads to bloating inefficiency, & especially over LARGE AMOUNTS OF HOSTS FILE ENTRIES, especially @ initial loads time.

Funniest part is, before SP#2 (iirc) on Windows 2000, you couldn't use 0 either, but post-SP#2 for Win2k, you could (& this continued right into Windows XP &/or Server 2003 also, which STILL CAN USE 0 as a valid shorter/faster/more efficient blocking "ip address" in hosts files)... apk

Re:Running any program eats power, CPU, RAM &

[Ash-Fox]

That setup still consumes more power than NOT running a program, as well as CPU cycles + RAM & other forms of I/O (diskbound operations for example).

Sure, it will have an impact, but not enough to mean anything at all on my system. As noted before, it's usage didn't effect power consumption. I noted doing the equivalent configurations I do with a hosts file instead would likely increase I/O, CPU and memory due to it's lack of support for things like wildcards, thus requiring a list of every possible combination of a domain if I wanted to block it. Not to mention the fact that when I block an address, the browser gets told there is no suitable response for it's DNS query means that it doesn't even attempt to try to do a connection over TCP, and wasting browser resources.

I'm not buying your arguments have any realistic meaning on modern day computers such as mine.

Downmodding posts to try hide them? No, no

There's more about Ghostery you evidently aren't aware of http://yro.slashdot.org/comments.pl?sid=2931443&cid=40412193 and you may not like it. I didn't. I don't like 1/2 truths, and people pissing down my neck and telling me it's raining! Modding down my other post to try to hide it here http://yro.slashdot.org/comments.pl?sid=2931443&cid=40413427 ? Well, I won't allow that either, so I am posting it once more, and you can keep blowing your mod points to try hide the truth of things regarding ghostery.

You contradict yourself (thanks)... apk

"Sure, it will have an impact, but not enough to mean anything at all on my system." - by Ash-Fox (726320) on Saturday June 23, @08:16AM (#40420189) Homepage

You're contradicting yourself right there, & "right-off-the-bat", thus, handing the "win" to me with it... thank-you.

---

"As noted before, it's usage didn't effect power consumption.." - by Ash-Fox (726320) on Saturday June 23, @08:16AM (#40420189) Homepage

First through this exchange, I asked if you RAN A SEPARATE MACHINE for DNS - you didn't say you didn't, but suddenly the last couple posts you do now? Please...

It wouldn't matter either way - you STILL EAT MORE POWER either way! No questions asked, because "NOTHING RIDES FOR FREE" on a computer system... nothing!

(Either as a separate DNS machine, OR, even running the daemon or services + more like user interfaces for it & the data charging memory too)...

Plus, there is your concession of that above too!

(Come on... lol!)

---

"I noted doing the equivalent configurations I do with a hosts file instead would likely increase I/O, CPU and memory due to it's lack of support for things like wildcards, thus requiring a list of every possible combination of a domain if I wanted to block it.." - by Ash-Fox (726320) on Saturday June 23, @08:16AM (#40420189) Homepage

WTF? You simply put the host-domain name in hardcoded, as needed, nothing more & YOUR LAYERING IN YET ANOTHER LAYER OF PROGRAMS/DATA THAT ISN'T NECESSARY LOCALLY ON A SYSTEM ISN'T MAKING IT MORE EFFICIENT, period... you're adding on things, that doesn't make for more efficiency - it adds complexity as well as decreasing efficiency (by layering on more to run & process - period).

YOU ALSO RUN "MIXED MODE" USING BOTH TCP & UDP - NEWSFLASH: YOU INTRODUCED OVERHEADS OF TCP "CALLBACKS" DOING SO: MAKING IT LESS EFFICIENT! (protecting yourself from a KNOWN DNS ISSUE in "recursive" DNS being vulnerable to port 51 dns poisoning attacks).

You win some, but you also LOSE some doing it, no questions asked (especially in efficiency).

Custom hosts files, by way of comparison, are "doing more with less", since they're only a filter for the IP stack, not another layer ontop/alongside it.

---

"Not to mention the fact that when I block an address, the browser gets told there is no suitable response for it's DNS query means that it doesn't even attempt to try to do a connection over TCP, and wasting browser resources.." - by Ash-Fox (726320) on Saturday June 23, @08:16AM (#40420189) Homepage

LOL, that IS THE POINT OF BLOCKING known BAD hosts-domains that serve up malware, malicious script, &/or exploits in general... to protect yourself vs. them!

---

"I'm not buying your arguments have any realistic meaning on modern day computers such as mine.." - by Ash-Fox (726320) on Saturday June 23, @08:16AM (#40420189) Homepage

Oh, really? See the 1st thing I quote from you above, and of course, your conceding ALL OF MY POINTS here already (and I don't see you denying that DNS has "issues", big ones that are WIDELY KNOWN also) -> http://yro.slashdot.org/comments.pl?sid=2931443&cid=40415267

APK

P.S.=> Lastly, for your reference in regards to "modern machines"? I run this setup:

CPU = Intel Core I7 920 CPU
DISKS = 4 WD "Velociraptor" 10k rpm 16mb buffered SATA II HDD's (with a Promise Ex-8350 128mb ECC RAM caching RAID controller)
VIDEO = NVidia GeForce 470 GTX

Pretty modern, very fast - & even on that setup? What you run, matters, & EVERYTHING you run, consumes CPU, Memory, & has I/O going on (diskbound being the worst since moving mechanical parts on HDD's is a power consumer bigtime (& most fol

Re:You contradict yourself (thanks)... apk

[Ash-Fox]

You have very selective reading. I've clearly stated numerous times now that in practice, it essentially doesn't matter. There is no notable difference taking any effect here. You choose to ignore it, repeatedly.

3 simple questions - answer them... apk

1.) Does DNS have numerous issues?

2.) Can custom hosts files overcome some of those issues??

3.) Does running programs of ANY KIND consume CPU, Memory, &/or Other Forms of I/O???

---

* Just answer those 3 questions...

APK

P.S.=> This apparently needs to be done, even though you have:

A.) Never denied #1 above

B.) Not admitted that #2 can solve parts of #1

C.) You have already ADMITTED that running a DNS server machine (separate from a client workstation) eats more power, as well as the fact that running programs of ANY KIND do the same (albeit, to a lesser degree than running another system to do so, instead electing to run a DNS service/daemon on said client workstation instead locally)...

... apk

Re:3 simple questions - answer them... apk

[Ash-Fox]

Wow bro, your selective reading is pretty bad.

I'll speak for Ash-Fox...

Simply by letting him speak for himself-> http://tech.slashdot.org/comments.pl?sid=2024512&cid=35403488 where he not only trolled me, but he also could NOT DENY or DISPROVE MY POINTS ON CUSTOM HOSTS FILES value to end-users of them in better:

---

1.) "layered-security"/"defense-in-depth"
2.) Speed/bandwidth for the monies they pay to be online
3.) Better "anonymity" to an extent (vs. DNS request logs & even DNSBL's a user wishes to get past)

---

AND, more...

APK

P.S.=> Anyone can read the above link, & my statements there before it (as well as my short synopsis of it here) & judge for themselves... apk

Downmods to hide facts? "No, no senor"

See my subject-line, & this (you all judge) -> http://yro.slashdot.org/comments.pl?sid=2931443&cid=40410985

APK

P.S.=> It's pretty pitiful seeing you *TRYING* to hide facts Teun... I won't allow it (that "last resort" of defeated trolls with registered 'luser' accounts IS the "effete retaliation" of the downmod of a post that blew them away - every time!)...

... apk

I call BS...

Google provides the tools to allow you to opt out, and honors your choice.

BS - you have to be logged in to a Google account to be able to opt out.

Re:I call BS...

[swillden]

Google provides the tools to allow you to opt out, and honors your choice.

BS - you have to be logged in to a Google account to be able to opt out.

No, you don't. If you opt out through the Google privacy pages, it installs a cookie which tells Google servers not to track you. There are two different opt-outs, one for ads and one for analytics. If you want to make sure that cookies don't get lost, Google provides plugins/extensions for IE, Firefox and Chrome which will reinstall them if they get deleted.

If you are logged in, there are some other options, many of which are off by default (i.e. opt-in). I think those are orthogonal to the ads and analytics cookies.

"Run, Forrest - RUN!", lol... apk

Running away from 3 simple questions, are we? Yes -> http://yro.slashdot.org/comments.pl?sid=2931443&cid=40420635

* Yes, "somehow" (not), lol, I just KNEW you would...

(Gosh "I wonder why")

APK

P.S.=> It'd be 1 thing if the 3 question test was like the interview I had back circa 2003 with Microsoft, but the questions I asked in the link above are NOWHERE NEAR that level of difficulty... apk

Re:"Run, Forrest - RUN!", lol... apk

[Ash-Fox]

They've already been answered, your selective reading is preventing you from seeing them, bro.

"Rinse, Lather, & Repeat"

No, no - your "std. troll evasions" aren't allowed: Answer these 3 simple questions here -> http://yro.slashdot.org/comments.pl?sid=2931443&cid=40420635 in reponse reply to this post...

* Are you afraid to? Yes, obviously!

"They've already been answered" - by Ash-Fox (726320) on Sunday June 24, @04:45AM (#40427417) Homepage

Well - IF that's true? Heck - then you shouldn't have this problem you're having in answering them, right?

WRONG, lol...

Additionally - No, you did not answer those questions, you're evading 'em!

(However - I answered them, there in the link above - but, I'd like you see YOU answer, in YOUR OWN WORDS... So, "Gee - I wonder why you're avoiding them" (not), but I am wondering EXACTLY WHICH ONE IN PARTICULAR you are actually avoiding!)

APK

P.S.-> You're usually pretty verbose - what's the problem now? "Cat got your tongue"?? apk -

Many others TEND TO DISAGREE, troll

"Look here APK, it's not your undeniable knowledge that makes you a troll, it's the way you present it." - by Teun (17872) on Friday June 22, @04:10PM (#40415999) Homepage

Oh, really? See subject-line, & these posts of mine that've been "modded up" then (seems many other /.'ers disagree with your bullshit, troll - and yes, I've shown you trolling me before here already, and you RAN "forrest" ("Run, Forrest - RUN!", lol)).

Roughly 200++ of them & I post as AC (hard to get even +1, as /. hides our posts & we "AC"'s start @ ZERO/0 points, unlike registered "lusers", lol!):

+5 'modded up' posts by "yours truly" (6):

HOSTS & BGP:2010 -> http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450
FIREFOX IN DANGER: 2011 -> http://news.slashdot.org/comments.pl?sid=2559120&cid=38268580
TESLA:2010 -> http://science.slashdot.org/comments.pl?sid=1872982&cid=34264190
TESLA:2010 -> http://tech.slashdot.org/comments.pl?sid=1806946&cid=33777976
NVIDIA 2d:2006 -> http://hardware.slashdot.org/comments.pl?sid=175774&cid=14610147
COMPUTER ASSOCIATES BUSTED FOR ACCOUNTING FRAUD:2010 -> http://news.slashdot.org/comments.pl?sid=1884922&cid=34350102

----

+4 'modded up' posts by "yours truly" (4):

APK SECURITY GUIDE:2005 -> http://developers.slashdot.org/comments.pl?sid=167071&cid=13931198
INFO. SYSTEMS WORK:2005 -> http://slashdot.org/comments.pl?sid=161862&cid=13531817
WINDOWS @ NASDAQ 7++ YRS. NOW:2009 -> http://tech.slashdot.org/comments.pl?sid=1290967&cid=28571315
CARMACK'S ARMADILLO AEROSPACE:2005 -> http://science.slashdot.org/comments.pl?sid=158310&cid=13263898

----

+3 'modded up' posts by "yours truly" (6):

APK MICROSOFT INTERVIEW:2005 -> http://developers.slashdot.org/comments.pl?sid=155172&cid=13007974
APK MS SYMBOLIC DIRECTORY LINKS:2005 -> http://it.slashdot.org/comments.pl?sid=166850&cid=13914137
APK FOOLS IE7 INSTALL IN BETA HOW TO:2006 -> http://slashdot.org/comments.pl?sid=175857&cid=14615222
PROOFS ON OPERA SPEED & SECURITY:2007 -> http://slashdot.org/comments.pl?sid=273931&cid=20291847
HBGary POST in Fake Names On Social Networks, a Fake Problem:2011 -> http://tech.slashdot.org/comments.pl?sid=2375110&cid=37056304
APK RC STOP ROOKIT TECHNIQUES:2008 -> http://it.slashdot.org/comments.pl?sid=1021873&cid=25681261

----

+2 'modded up' posts by "yours truly" (18):

CODING FOR DEFCON (my compressed/packed exe + sizecheck @ startup technique): 2005 -> htt

Teun, answer this question

What does it TASTE LIKE, in you having to "eat your words" flavored w/ your foot in your mouth + spiced with the "bitter taste of SELF-defeat" -> http://slashdot.org/comments.pl?sid=2931443&cid=40430025

* Hmmm?? I don't care what evasive BULLSHIT you state here either - face me directly over there, that is, IF YOU HAVE *ANY* BALLS!

You surely trolled me there, and in other places (I proved that much there), so, let's see how "brave" you are, & see you disprove my points on custom hosts files and what they do benefitting end users of them... ok, troll?

Of course, you'll evade that too, as per your TROLLING weak usual!

(Now, I am going to do to YOU, what you *TRIED* to do to me, and you failed in it, numerous times, not just there... no, I am putting the shoe on the other foot, yours, and you put that foot into your mouth, lol!)

APK

P.S.=> You've trolled me in the past, & RUN from disproving points I made on custom hosts files, which I proved in that exchange also (as well as the fact you can't back up your b.s. technically either in computing), so "turnabout is fair play" & I am loving humiliating you for it!

Perhaps it will teach you a lesson to RESPECT YOUR ELDERS & BETTERS & do the next person dealing with you trolling them a favor, getting you to consider that not everyone "blows off trolls & ignores them"...

(Not I - I, rather, systematically DESTROY wise-ass worms like you, with your OWN FAULTS/MISTAKES, & especially since you seem to "get off" on trolling others... how's it FEEL when the shoe's on the other foot, AND IN YOUR MOUTH, and you've been made to look a fool for it?)...

... apk

Google has pioneered these techniques...

[lpq]

Because some people either haven't read or don't understand chapters 13, 14, 15 and 20 in one of Google's founder's books, "Artificial Intelligence: A Modern Approach". (13:Uncertainty, 14:Probabilistic Reasoning, 15:Probabilistic Reasoning over Time, 20:Statistical Learning Methods).