Interview With Mozilla's Ryan Merkley: Tracking the Trackers

← Back to Stories (view on slashdot.org)

Interview With Mozilla's Ryan Merkley: Tracking the Trackers

Posted by samzenpus on Thursday June 21, 2012 @09:33PM from the listen-but-don't-track dept.

colinneagle writes "Among the eye-opening statements in his recent TED talk, Mozilla CEO Gary Kovacs said, 'Privacy is not an option, and it shouldn't be the price we accept for just getting on the Internet. Our voices matter and our actions matter even more.' After you download and install Collusion in Firefox, you can 'see who is tracking you across the Web and following you through the digital woods,' Kovacs stated. 'Going forward, all of our voices need to be heard. Because what we don't know can actually hurt us. Because the memory of the Internet is forever. We are being watched. It's now time for us to watch the watchers.' I've been using Collusion for some time now and it is jaw-dropping to watch all the sites that still stalk us across the web even with DNT and privacy add-ons. The Collusion page states: 'The Ford Foundation is supporting Mozilla to develop the Collusion add-on so it will enable users to not only see who is tracking them across the Web, but also to turn that tracking off when they want to.'"

8 of 165 comments (clear)

Min score:

Reason:

Sort:

Download/Demo here by saibot834 · 2012-06-21 21:47 · Score: 5, Informative

Collusion Download/Demo. Looks like a pretty nifty tool. And completely without flash!
1. Re:Download/Demo here by cffrost · 2012-06-22 07:46 · Score: 4, Informative
  
  There was an advert for an Optical Express laser clinic, with a competition for free treatment, so I clicked. It's probably the only time I've ever clicked, and this was at work with no Ad-block installed.
  
  Here, you've admitted to two newbie mistakes that culminate in your tale of woe.
  
  Top of Slashdot today? Adverts for laser eye surgery at Optical Express.
  
  These ads (and the attack/tracking vector they signify) will persist until you properly secure your browser.
  
  In fact, every blinking website I visit at work is trying to show me adverts for Optical Express.
  
  In Firefox, open about:config and set browser.blink_allowed to False . If the blinking continues, return to Optical Express and demand a refund.
  
  I'm sure it must happen to everyone, everywhere.
  
  I assure you, that is not the case.
  
  --
  Thank you, Edward Snowden.
  
  "Arguments from authority are worthless." —Carl Sagan
Neat... by hey_popey · 2012-06-21 22:10 · Score: 2, Informative

This is nice as a tool to increase users' awareness, but Idon't see the point of using this add-on more than a couple of minutes
Then you install ghostery if not already done, and you forget about trackers...
Re:Go Ahead, Track Tor Exit Nodes! by Anonymous Coward · 2012-06-21 22:28 · Score: 2, Informative

Wikipedia bans offensive exit nodes from *editing*, not *viewing* their site.
Oh, and use bridges, always:
https://bridges.torproject.org/
for reasons mentioned in the Tor OPSEC document.
For sites which ban a lot of Tor exit nodes (like godlikeproductions), Startpage's free web proxy evades 99% of these bans, but you can't post with Startpage's proxy, just read.
Using Tor, you can also run through a lot of free web proxies to evade bans on Tor exit node IPs.
Some exit nodes remain for awhile (though your circuit is not the same all of the time) others are up one day and down the next.
PS: two hidden services message boards:
http://tinyurl.com/hackbbonion
http://tinyurl.com/onionforum2
Ghostery? (does the same thing?) by FudRucker · 2012-06-21 23:08 · Score: 4, Informative

http://www.ghostery.com/

--
Politics is Treachery, Religion is Brainwashing
Re:How long until Google notices? by Barefoot+Monkey · 2012-06-22 00:18 · Score: 4, Informative

A nice trick is to set your browser to keep cookies only for the session, clear your cookies and then grab an extension like Cookie Monster or something similar to manage exceptions for the sites where you explicitly want permanent cookies.
Re:How long until Google notices? by Barefoot+Monkey · 2012-06-22 02:12 · Score: 4, Informative

Those sort of extensions just provide a convenient way of interacting with Mozilla's mechanism. You get a statusbar icon which changes depending on if the site you're viewing has no cookies, blocked cookies, persistent cookies or session cookies. You can click on the icon to change the default action for that site or domain. It's so much simpler than opening the options and adding exceptions manually.
Re:How long until Google notices? by swillden · 2012-06-22 02:51 · Score: 4, Informative

As far as I know
Which is only what Google tells you. You don't think they're tracking you by IP address too? You don't think they're using browser fingerprinting? Google's cookie is one tiny part of the problem.
Google logs all IP addresses initially but after nine months zeros the bottom octet to anonymize them. Cookies are kept for 18 months, and many have noted that the cookies can be used to recover the full IP address going back 18 months, assuming you're always connecting from the same IP, but if you've opted out then there are no cookies stored to provide that linkage (I'm not sure if the opt-out cookie is itself anonymous, or if it's stripped before logging, or what, but it's something like that).
I don't know if browser information is anonymized; I'm sure at least enough is kept to identify the browser version.
Although you almost certainly won't believe me (since I work for Google), I'll tell you that Google tries very hard to honor tracking opt outs. If someone discovered a way that Google could recover individualized tracking about a user who had opted out, that would be considered a bug and it would get fixed. If it couldn't be fixed, controls would be put in place to ensure that the data is not used for tracking in any systematic way, and that individual employees can't access it without specific permissions, and the use of those who actually have a demonstrated need to use it would be audited.
The tinfoil hat crowd will simply dismiss this post, but the truth is that Google really doesn't want to track you if you don't want to be tracked. Google wants to convince you that you do want to be tracked, of course, that Google's services (including targeted advertising!) are actually sufficiently valuable to you that you want Google to have the data. But if you don't agree, Google provides the tools to allow you to opt out, and honors your choice.
This isn't to say that bad things will never happen, or that mistakes will never be made. Google is composed of people, and people screw up. Hence things like the Wifi packet capture, and Safari privacy workaround. But violations of the principles of user privacy are treated as errors to be corrected.
From an information-theoretic standpoint, the best way to be sure that Google never screws up with your privacy is to ensure it is impossible for Google to know anything about you, so opt out of tracking and avoid Google services, or even just block Google at your router. IMO, given its track record, trusting Google to behave responsibly isn't at all unreasonable, and I think Google offers good value in trade for your information (assuming that Google behaves responsibly). But it's your choice, and Google wants it to be possible for you to make that choice.

--
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.